Nguva pfupi yadarika, Check Point yakaratidza nyowani scalable chikuva . Takatobudisa nyaya yose pamusoro . Muchidimbu, zvinokutendera kuti uwedzere mutsara kuita kwegedhi rekuchengetedza nekubatanidza michina yakawanda uye kuyera mutoro pakati pawo. Zvinotoshamisa ndezvokuti kuchine ngano yekuti iyi scalable platform inokodzera nzvimbo huru dze data kana giant network. Ichi hachisi chokwadi zvachose.
Check Point Maestro yakagadziridzwa kune akati wandei evashandisi kamwechete (isu tichavatarisa gare gare), kusanganisira mabhizinesi epakati. Mune ino pfupi pfupi yezvinyorwa ndichaedza kufungisisa tekinoroji uye zvehupfumi zvakanakira Check Point Maestro kumasangano epakati (kubva pa500 vashandisi) uye nei iyi sarudzo ingave iri nani pane yekare cluster..
Tarisa Point Maestro chinangwa chevateereri
Kutanga, ngatitarisei zvikamu zvevashandisi izvo Check Point Maestro yakagadzirirwa. Kune 4 chete dzadzo:
1. Makambani akange asina chassis kugona. Tarisa Point Maestro haisi Check Point yekutanga scalable chikuva. Takatonyora kuti kare kwaiva nemhando dzakadai se64000 uye 44000. Kunyange zvazvo vaine GREAT performance, pakanga pachine makambani ayo izvi zvakanga zvisina KUKWANA. Maestro inobvisa iyi drawback, nekuti... inokubvumira kuti uunganidze kusvika kumidziyo makumi matatu neimwe mune imwe yepamusoro-inoshanda cluster. Panguva imwecheteyo, iwe unogona kuunganidza sumbu kubva kumusoro-yekupedzisira zvishandiso (31, 23900), nekudaro uchiwana yakakura kwazvo.
Muchokwadi, mumunda wemasuwo ekuchengetedza, Check Point parizvino ndiyo yega inoshandisa kugona kwakadaro.
2. Makambani anoda kukwanisa kusarudza hardware yavo. Chimwe chezvakaipira zvemapuratifomu ekare anotapukira iko kudiwa kwekushandisa zvakanyatsotsanangurwa "blade modules" (Tarisa Point SGM). Iyo itsva Check Point Maestro chikuva inobvumidza iwe kushandisa hombe nhamba yemidziyo yakasiyana. Unogona kusarudza ese mamodheru kubva pachikamu chepakati (5600, 5800, 5900, 6500, 6800) uye kubva kuHigh End segment (15000 series, 23000 series, 26000 series). Uyezve, iwe unogona kuzvibatanidza, zvichienderana nemabasa.
Izvi zviri nyore kwazvo kubva pakuona kwekushandisa kwakaringana zviwanikwa. Iwe unogona kutenga chete kuita kwaunoda nekusarudza iyo chaiyo modhi.
3. Makambani ayo chassis yakawandisa, asi scalability ichiri kudikanwa. Imwe "yakaipa" yemapuratifomu ekare akaremerwa (64000, 44000) yaive yepamusoro yekupinda chikumbaridzo (kubva pakuona kwehupfumi). Kwenguva yakareba, mapuratifomu anotyisa aingowanikwa kune mabhizinesi makuru ane "akanaka" mabhajeti eIT. Nekuuya kweCheck Point Maestro, zvese zvachinja. Mutengo weiyo shoma bundle (orchestrator + maviri magedhi) inofananidzwa (uye dzimwe nguva yakaderera) ine classic inoshanda / yekumira sumbu. Avo. chikumbaridzo chekupinda chakaderera zvakanyanya. Paunenge uchisarudza mhinduro, kambani inogona pakarepo kuisa pasi scalable architecture, pasina kubhadhara zvakanyanya kune inozotevera kuwedzera kwezvinodiwa. Kune vamwe vashandisi pagore mushure mekuita Tarisa Point Maestro? Iwe unongowedzera gedhi rimwe kana maviri, pasina kutsiva aripo. Iwe haufanirwe kushandura iyo topology. Ingobatanidza magedhi matsva kune orchestrator uye isa zvigadziriso kwavari nekungodzvanya kakati.
4. Makambani anoda kushandisa zvakakwana zvigadzirwa zviripo. Ini ndinofunga vanhu vazhinji vanoziva iyo Trade-In maitiro. Kana kuita kwemidziyo iripo kusisina kukwana uye hardware inoda kuvandudzwa kuti isangane nezvido zvazvino. Nzira inodhura chaizvo. Uyezve, kazhinji pane mamiriro ezvinhu apo mutengi ane akati wandei Check Point masumbu emabasa akasiyana. Semuyenzaniso, sumbu rekudzivirira perimeter, sumbu rekusvika kure (RA VPN), sumbu reVSX, nezvimwe. Uyezve, rimwe sumbu rinogona kunge risina zviwanikwa zvakakwana, nepo rimwe riine zvakawanda. Tarisa Maestro mukana wakanaka wekugadzirisa kushandiswa kwezviwanikwa izvi nekugovera zvine simba mutoro pakati pavo.
Avo. iwe unowana zvinotevera zvinobatsira:
- Iko hakuna chikonzero cheku "kurasa" hardware iripo. Unogona kutenga rimwe kana maviri ekuwedzera gedhi, kana...
- Gadzirisa dynamic load balancing pakati pemamwe magedhi aripo kuti anyatso shandisa zviwanikwa. Kana mutoro uri pamusuwo wegedhi unowedzera zvakanyanya, ipapo orchestrator ichakwanisa kushandisa "bored" zviwanikwa zvemagedhi ekusvika kure uye zvinopesana. Izvi zvinobatsira kupfavisa mwaka (kana wenguva pfupi) mitoro yepamusoro.
Sezvaungangonzwisisa, zvikamu zviviri zvekupedzisira zvine chekuita nemabhizinesi epakati nepakati, ayo anogona zvakare kukwanisa kushandisa scalable kuchengetedza mapuratifomu. Zvisinei, mubvunzo une musoro ungamuka: βNei Check Point Maestro iri nani pane yenguva dzose cluster?βTichaedza kupindura mubvunzo uyu.
Classic cluster vs Tarisa Point Maestro
Kana tikataura nezve yemhando yepamusoro Check Point cluster, ipapo maviri ekushandisa modes anotsigirwa: High Availability (kureva Active/Standby) uye Load Kugovera (i.e. Active/Active). Tichatsanangura muchidimbu zvinoreva basa, pamwe chete nezvakanakira nezvazvakaipira.
Kuwanikwa Kwepamusoro (Kunoshanda/Kumira)
Sezvinoratidzwa nezita racho, mune iyi nzira yekushanda, imwe node inopfuura motokari yose mukati mayo pachayo, uye yechipiri iri mumamiriro ekumira uye inotora motokari kana node inoshanda inotanga kusangana nematambudziko.
Pros:
- Iyo yakanyanya kugadzikana maitiro;
- Iyo proprietary SecureXL michina inotsigirwa kuti ikurumidze kugadzirisa traffic;
- Kana iyo node inoshanda ikakundikana, yechipiri inovimbiswa kukwanisa "kugaya" yese traffic (nokuti yakafanana chaizvo).
Cons:
Muchokwadi, pane imwe chete minus - imwe node haina basa zvachose. Nekudaro, nekuda kweizvi, isu tinomanikidzwa kutenga yakanyanya simba hardware kuitira kuti igone kubata traffic yega.
Ehe, HA modhi inovimbika kupfuura Rokugovanisa, asi zviwanikwa optimization inosiya zvakawanda kudiwa.
Kugovera Mitoro (Inoshanda/Inoshanda)
Mune iyi modhi, ese ma node mu cluster process traffic. Iwe unogona kusanganisa anosvika 8 zvishandiso kuita sumbu rakadaro (kupfuura 4 ).
Pros:
- Iwe unogona kugovera mutoro pakati pemanodhi, izvo zvinoda zvishoma zvine simba zvishandiso;
- Kugona kwekuyera kuyera (kuwedzera kusvika ku8 nodes kune sumbu).
Cons:
- Oddly zvakakwana, izvo zvakanakira zvinoshanduka kuita zvakashata. Ivo vanofarira kushandisa Load Kugovera modhi kunyangwe iyo kambani iine mbiri nodes chete. Vachida kuchengetedza mari, vanotenga michina, imwe neimwe inotakurwa pa40-50%. Uye zvese zvinoita kunge zvakanaka. Asi kana imwe node ikakundikana, tinowana mamiriro ezvinhu apo mutoro wose unotamirwa kune imwe yakasara, iyo isingakwanise kurarama. Nekuda kweizvozvo, hapana kukanganisa kushivirira kwakadai muchirongwa chakadaro.
- Wedzera kune iyi boka rezvirambidzo zvekugovana () Uye iyo inonyanya kukosha muganho ndeyekuti SecureXL haina kutsigirwa, iyo nzira inokurumidza kukurumidza kugadzirisa traffic;
- Kana zviri zvekuyera nekuwedzera node nyowani kuboka, zvinosuruvarisa kuti Kugovera Kutakura kuri kure nekunaka pano. Kana zvinopfuura 4 zvishandiso zvakawedzerwa kune cluster, ipapo kushanda kunotanga .
Tichifunga nezvezvinhu zviviri zvekutanga zvisingabatsiri, kuitira kuti tishandise kukanganisa kushivirira patinenge tichishandisa node mbiri, tinomanikidzwawo kutenga hardware inobereka yakawanda kuitira kuti inogona "kugaya" motokari mumamiriro ezvinhu akaoma. Somugumisiro, isu hatina chero rubatsiro rwehupfumi, asi tinowana mari yakawanda . Uyezve, zvakakosha kucherechedza kuti kutanga kubva kuR80.20 shanduro, Rodha yekugovera modhi haitsigirwe. Izvi zvinoganhurira vashandisi kubva pane zvinodiwa zvigadziriso. Izvo hazvisati zvazivikanwa kana Load Kugovera ichatsigirwa mune zvitsva zvinoburitswa.
Tarisa Point Maestro seimwe nzira
Kubva pane imwe nzvimbo yekuona, Tarisa Point Maestro yakatora mabhenefiti makuru eKuwanikwa Kwepamusoro uye Kugovera Rodha modhi:
- Magedhi akabatana kune orchestrator anogona kushandisa SecureXL, iyo inova nechokwadi chepamusoro traffic yekugadzirisa kumhanya. Iko hakuna zvimwe zvirambidzo zviripo muKugova Mutoro;
- Traffic inogoverwa pakati pemasuwo mune imwe Chengetedzo Boka (gedhi rine musoro rinosanganisira akati wandei emuviri). Nekuda kweizvi, isu tinokwanisa kuisa zvigadziriso zvishoma, nekuti isu hatisisina magedhi asina basa, senge mune Yepamusoro Kuwanikwa mode. Panguva imwecheteyo, simba rinogona kuwedzerwa rinenge rakatsetseka, pasina kurasikirwa kwakakomba senge muMutoro Wekugovera modhi (zvimwe zvakawanda gare gare).
Izvi zvese zvakanaka, asi ngatitarisei mienzaniso miviri chaiyo.
Semuenzaniso # 1
Rega kambani X ifunge kuisa sumbu remagedhi pane network perimeter. Ivo vakatoziva nezvese zvirambidzo zveMutoro Kugovera (izvo zvisingagamuchirwe kwavari) uye vari kufunga nezve High Availability mode chete. Mushure mekuita saizi, zvinoitika kuti gedhi 6800 rakavakodzera, iro risingafanirwe kutakurwa neanopfuura makumi mashanu muzana (kuitira kuti ive neimwe chengetedzo yekuita). Sezvo ichi chichava sumbu, unoda kutenga chigadzirwa chechipiri, chinongo "kusvuta" mhepo mumamiriro ekumira. Imba inodhura chaizvo.
Asi pane imwe nzira. Tora bundle kubva kune orchestrator uye matatu magedhi 6500. Muchiitiko ichi, traffic ichagoverwa pakati pezvitatu zvese. Kana iwe ukatarisa kune iyo specs yemhando mbiri, uchaona kuti matatu 6500 magedhi ane simba kupfuura imwe 6800.
Saka, pakusarudza Check Point Maestro, kambani X inogamuchira zvinotevera zvakanaka:
- Iyo kambani pakarepo inoisa pasi scalable chikuva. Kuwedzera kunotevera kwekuita kuchauya pakungowedzera chimwe chidimbu chehardware 6500. Chii chingave chiri nyore?
- Mhinduro yacho ichiri kushivirira kukanganisa, nokuti Kana imwe node ikakundikana, maviri asara achakwanisa kubata nemutoro.
- Iyo yakakosha uye inokatyamadza mukana wakaenzana ndeyekuti yakachipa! Nehurombo, ini handikwanise kutumira mitengo pachena, asi kana uchifarira, unogona
Semuenzaniso # 2
Rega kambani Y yatove ine HA cluster yemhando 6500. Iyo inoshanda node inotakurwa pa85%, iyo panguva yepamusoro mitoro inotungamirira kukurasikirwa mumigwagwa inobereka. Mhinduro ine musoro kune dambudziko inoita kunge iri kuvandudza Hardware. Iyo inotevera modhi ndeye 6800. Ndiko. kambani ichada kudzorera magedhi kuburikidza neTrade-In purogiramu uye kutenga michina miviri mitsva (inodhura).
Asi pane imwe sarudzo. Tenga orchestrator uye imwe chaiyo yakafanana node (6500). Unganidza boka rezvishandiso zvitatu uye "paradzira" iyi 85% yemutoro pamasuwo matatu. Nekuda kweizvozvo, iwe unowana yakakura kuita margin (michina mitatu inotakurwa chete 30% paavhareji). Kunyangwe imwe yemanodhi matatu ikafa, maviri asara acharamba achitarisana netraffic neavhareji mutoro we45%. Uyezve, kune mitoro yepamusoro, sumbu remasuwo matatu anoshanda 6500 magedhi achave ane simba kupfuura rimwe 6800 gedhi, iro riri muHA cluster (kureva inoshanda/yakamira). Mukuwedzera, kana mugore kana maviri zvinodiwa zvekambani Y zvichiwedzera zvakare, zvino zvose zvavachada kuita ndezvekuwedzera imwe kana maviri mamwe node 6500. Ndinofunga kuti hupfumi hwehupfumi pano huri pachena.
mhedziso
Ehe, Tarisa Point Maestro haisi mhinduro yeSMB. Asi kunyange bhizinesi repakati-kati rinogona kutofunga nezvepuratifomu iyi uye edza kuverenga kugona kwehupfumi. Iwe unozoshamisika kuona kuti scalable mapuratifomu anogona kuita purofiti kupfuura yeklass cluster. Panguva imwecheteyo, kune zvikomborero kwete chete zvehupfumi, asiwo unyanzvi. Nekudaro, isu tichataura nezvavo muchinyorwa chinotevera, apo, mukuwedzera kune matekinoroji, ini ndichaedza kuratidza akati wandei akajairwa kesi (topology, scenarios).
Iwe unogona zvakare kunyorera kumapeji edu eruzhinji (, , , ), kwaunogona kutevera kubuda kwezvinhu zvitsva paCheck Point uye zvimwe zvigadzirwa zvekuchengetedza.
Source: www.habr.com