Chii chichasara muimba ye server?

Masangano mazhinji anoshandisa Cloud masevhisi kana kutamisa michina kuenda
Data center. Chii chinonzwisisika kusiya mukamuri server uye ndeipi nzira yakanakisa yekuronga kuchengetedzwa kwehofisi network perimeter mumamiriro ezvinhu akadaro?

Pane imwe nguva zvinhu zvese zvaive paserver

Pakutanga kwekuvandudzwa kweRunet, makambani mazhinji akagadzirisa nyaya yeIT yezvivakwa maererano neyakafanana chirongwa: vakagovera kamuri mavakaisa air conditioning uye iyo inenge yese network uye server midziyo yakaiswa.

Mutariri wehurongwa akamisa sevha imwe kana kupfuura paFreeBSD, Linux, kana OpenSolaris, nezvimwewo. Uye ipapo pane iyi "muenzi" akatanga masevhisi anodiwa: kubva pawebhu server, mail yekambani, kusvika kune faira yekubata sevhisi.

Kana kambani inokura uye ichikura, inotarisana nemamiriro ezvinhu apo sevha yekamuri isingachazadzisa zvinodiwa. Kana iwe uine mari, unogona kuvaka yako wega data data. Zvingave zvine pundutso kuhaya racks kubva kunzvimbo dzekutengesa data. Magetsi emhando yepamusoro akavakirwa paDRUPS, indasitiri yemhepo yekufemesa mhepo, vashandi vakazara venyanzvi dzakanyanya hunyanzvi - zvinhu izvi hazviwanikwi mune imwe nzvimbo yehofisi server room.

Kutevera bhizinesi guru, mupfungwa dzehutungamiri hwemakambani epakati nediki pane zvishoma nezvishoma kuchinja kubva kupfungwa ye "Ndinotakura zvose zvandinazvo neni" uye "imba yangu ndiyo nhare yangu" kuti "ipa kune mumwe munhu uye kwete." kutambura.”

Kune mabhizinesi madiki, vanopa gore vakave "outsourced" sarudzo yakadaro. Kana kare kune kambani yevanhu vane 40 vane mail server yavo yaiva chimwe chinhu chinozviratidza, nhasi sevhisi kubva kuGoogle imwechete iri kuhwina kudivi rayo vese avo vaimbotadza kufungidzira kushanda vasina yavo Sendmail kana Postfix.

Virtual masisitimu akapa rubatsiro rwakakura mu "kutamiswa" kwakadaro. Kana vasati vaonekwa zvaive zvakafanira kutakura yese yemuviri sevha, kana kugadzirisa zvinhu zvose pane hardware itsva, ikozvino zvakakwana kuendesa mufananidzo wemashini chaiwo.

Chii chichasara mukamuri diki iroro rine mhepo inofefetera?

Chokutanga pane zvose, iyi ndiyo network network. Zvose zvinoshanda uye zvisingaite. Kazhinji, kuseri kwezita guru rekuti "server" ivo vanonzwisisa muchinjiko-wekubatanidzwa nemasara emidziyo yetiweki. Uye nokuda kwezviitiko zvakadaro, imba inokosha ine simba rekugadzirisa mhepo, magetsi, nezvimwe zvakadaro hazvidiwi.

Boka rechipiri remidziyo ichiri kunetsa kubvisa kubva mukamuri yevhavha ndiyo magedhi
chengetedzo.

Asi masuwo aya ndeapi? Sezvambotaurwa pamusoro apa, kana munguva pfupi yapfuura maneja wehurongwa anga aine sevha imwe kana akati wandei kwaaigona kuendesa chero zvaidiwa nemoyo wake, ikozvino humbozha hwakadaro hunogona kunge husipo.

Asi kudiwa kwekudzivirira kubva kune kutyisidzira kwekunze hakuna kupera. Iwe unogona, hongu, kuendesa masevhisi ese nemidziyo inodiwa zvachose kunzvimbo yedata uye kutyaira traffic kubva kune rakadaro gedhi kuenda kuhofisi kuyambuka-yekubatanidza kuburikidza nechiteshi chakachengeteka, semuenzaniso, kuburikidza neVPN.
Ichi chirongwa chinotaridzika chinokwezva pakutanga, kana chisiri chekuwedzera mutoro pamatanho aripo. Kana iwe usingade kubhadhara kune gobvu chiteshi, izvi hazvisi izvo chaizvo zvaunoda.

Imwe sarudzo ndeyekutenga yakasarudzika mudziyo wekudzivirira traffic, iyo dhizaini, nekuda kweiyo nhete yekutarisa, inobvumidza iwe kuti uite pasina simba-yakawanda-yakawanda-yakawanda uye kupisa-kupisa zvikamu.

Hazvidiwi nzvimbo inochengeterwa mhuka

Mukushaikwa kwekamuri rekare sevhavha, zviri nani kuwana masevhisi akati wandei "mubhokisi rimwe" kamwechete pane kugadzira "zoo" mukamuri diki, kana kunyange mukati mediki-pamusoro kabati. Panguva imwecheteyo, mhinduro yacho inofanira kunge isingadhuri, yakaratidza uye ine yakajairika rutsigiro muRussia.

Cherechedza. Tave kutaura nezvemahofisi madiki, ari pakati nepakati uye makuru. Isu hatisati tichifunga nezvemakambani makuru anovaka yavo nzvimbo dzedata - mune chimwe chinyorwa "hazvigoneke kubata hukuru."

Uye kune yese nyaya, Zyxel yatove nemhinduro, mukati meiyo mutsara wechigadzirwa. Muchidimbu, hauzodi "zoo".

ZyWALL ATP Security Gateways

Takambotaura pamusoro pemitemo yekushanda kwemichina yakadaro tichishandisa muenzaniso ZyWALL ATP200Chinhu chavo chikuru ndechekubatanidzwa kwe firewall neZyxel Cloud kuchengetedza sevhisi. Nekuda kwekugovewa kwemabasa, ZyWALL ATP inogadzirisa zvakati wandei zvakasiyana-siyana zvedziviriro nyaya pasina kuda zvimwe zviwanikwa zvehardware.

Rondedzero yemabasa ekudzivirira yakapfuma kwazvo (ona Tafura 1), kusanganisira SecuReporter analytics maturusi uye Sandboxing - "sandbox" yekutanga kuongororwa kwezvinhu zvakadhawunirwa.

Zvakakodzera kusimbisa zvakare kuti mune iyi kesi tiri kungotamisa masevhisi kubva kuhofisi yenzvimbo kuenda kune gore. Zyxel Cloud inotiitira zvimwe zvese nenzira isingazivikanwe. Pamusoro pekureruka, nzira iyi inopa dziviriro inoshanda kubva kutyisidzira-zero-zuva kuburikidza nekudzidza kwemichina uye kuchinjana ruzivo pakati pemasuwo eATP pasi rese. Yese neural network yakavakirwa kudzivirira.

Quote: "Kana faira risingazivikanwe raonekwa, Cloud Query nekukurumidza (mukati memasekonzi mashoma) inotarisa kodhi yayo yehashi padhatabhesi regore uye kuona kuti ine ngozi here kana kuti kwete. Iyi sevhisi inoda hushoma hwetiweki zviwanikwa kuti ishande, uye saka haideredze kushanda kwechigadzirwa. Iko kushanda kwekuchengetedzwa kwekutyisidzira kunosimbiswa nekushandiswa kweiyo inogara yakagadziridzwa yegore dhatabhesi ine data pamabhiriyoni ekutyisidzira. Cloud Query zvakare inomhanyisa hungwaru hweZyxel Security Cloud iri kubuda yekuona kutyisidzira kugona, inosimudzira kudzivirira kwemalware kwese ATP firewall. "

Tafura 1. Hunhu hwehunyanzvi hweZyWALL ATP mutsara.

Notes:

(1) Kuita chaiko kunoenderana zvakanyanya netiweki mamiriro uye inoshanda maapplication.

(2) Maximum throughput inobva paRFC 2544 (1,518-byte UDP packets).

(3) Yakayerwa VPN throughput yakavakirwa paRFC 2544 (1,424-byte UDP mapaketi).

(4) AV uye IDP throughput metrics inoshandisa indasitiri chiyero cheHTTP performance test (1,460-byte HTTP mapaketi). Kuedzwa kwakaitwa mu-multi-threaded mode.

(5) Pakuyera huwandu hwepamusoro hunogoneka hwezvikamu, maturusi akajairwa eindasitiri akashandiswa - IXIA IxLoad yekuyedza chishandiso.

(6) 1Gbps WAN yekumhanyisa bvunzo mhinduro yakaitwa pasi pemamiriro epasirese uye inogona kusiyanisa zvishoma zvichienderana nemhando yekubatanidza.

(7): Mushure mekunge Gold Pack yapera, 2 chete APs ichatsigirwa.

(8): Unogona kugonesa kana kuwedzera mashandiro nekutenga mamwe marezinesi eZyxel masevhisi.

Teerera kune yakatsigirwa seti yeVPN masevhisi. Zvinenge zvese zvinodiwa pakukurukurirana nemahofisi makuru kana hofisi yekumba zvatova "mubhodhoro rimwe," saka isu tinogona kurumbidza zvakachengeteka mudziyo uyu seyokupedzisira yekutaurirana node yebazi uye kutsigira kure kure kwevashandi.

Mhinduro dzemahofisi madiki

Mahofisi madiki anogona kukamurwa kuita mapoka maviri: mabhizinesi akazvimirira uye matavi emakambani makuru.

Anozvimiririra mabhizinesi achangozvarwa uye ayo anotemerwa kuramba ari madiki. Semuenzaniso, dhizaini madhizaini, ekuvaka masitudiyo, edhita mahofisi ediki media, zvichingodaro. Aya mabhizinesi mayuniti anowanzo shandisa cloud services, kanenge mail uye faira kugovera.

Mapazi emasangano makuru - chinhu chikuru kwavari ndechekuva nehukama hwakagadzikana nehofisi yepakati. Zvimwe zvese zviri mu "Center".

Kazhinji "vacheche" vakadaro vanoda chimiro chakareruka chekutonga. Mutariri wetiweki kubva kudzimbahwe kazhinji haawane mukana wekukurumidza kumhanyira kunyika dziri kure kuti agadzirise dambudziko mubazi idzva. Makambani madiki emuno haana mukana uyu zvachose. Tinofanira kutendeukira kumasevhisi e“kuuya
admin." Muzviitiko zvakadaro, zvinodikanwa kudzora maererano nemusimboti "zvakareruka, zvakanyanya kuvimbika."

Kune mahofisi madiki, zvine musoro kushandisa ZyWALL ATP100 uye ZyWALL ATP200 modhi.

Network gateway ATP100 yakaonekwa munguva pfupi yapfuura, asi yakatopinda kutengesa.

Musiyano mukuru kubva kumukoma wake mukuru (ATP200) - kuti yakagadzirirwa mutoro mudiki, uye haina makomo e19-inch rack. Inokurudzirwa kumahofisi edzimba, makambani madiki, matavi uye zvichingodaro.

Mufananidzo 1. ZyWALL ATP100.

Dhizaini maficha: ATP100 uye ATP200 mhando dzisina fan. Sei izvi zvakanaka: kutanga, hapana ruzha, uye chechipiri, hapana chikonzero chekuchinja fan. Mune mamiriro ane "inouya admin", ichi chiratidzo chakakosha.

Mufananidzo 2. ZyWALL ATP200.

Iyo ATP200 modhi inotsigira maviri WAN ports uye inogona kubatana kune maviri akazvimirira mitsetse, semuenzaniso, kubva kune vakasiyana vanopa.

Sezvambotaurwa pamusoro apa, kune hofisi duku, chinhu chinonyanya kukosha mushure mekugadzirisa kwakagadzikana kwemagetsi ndiko kugadzikana kwakagadzikana. Zvinosuruvarisa, vatapi vemunharaunda havagoni kugara vachivimbisa kuti hapazovi netsaona. Tinofanira kutsvaga sarudzo dzekuchengetedza.

CHINOKOSHA! Pamusoro pezviteshi zveWAN zvakatsaurirwa, mhando dzeATP dzine USB ports dzaunogona kubatanidza USB modem uye wodzishandisa seWAN. Iyi ficha inowanikwa kune ese maATP.

Kana chigadzirwa chacho chine SFP port, izvi zvinogonawo kushandiswa seWAN. Iyi ficha inowanikwa kune ese maATP.

Heino hack yehupenyu kubva kuZyxel.

Makambani epakati

Kune makambani epakati nepakati, Zyxel ine yayo yakanaka hardware - ZyWALL ATP500

Iyo igedhi rechizvarwa chinotevera rine dziviriro yepamusoro kubva mukutyisidzira kuri kubuda.

Pakati pezvinhu zvinonakidza:

7 zviteshi zvinogadziriswa zvinobvumira kuchinjika kuchinjika, semuenzaniso, 2 WAN, 2 DMZ uye 3 LAN ports apo ichibatanidza 3 akasiyana maVLAN ekushandisa mukati. Kune zvakare 1 SFP port.

Mufananidzo 3. ZyWALL ATP500.

Zvinogoneka kushanda muChidimbu HA Pro yakakwirira kuwanikwa cluster mode kubva maviri ZyWALL ATP500. Kana imwe isingashande, yechipiri icharamba ichipa kutaurirana.

Uchishandisa iyo ATP500 mabasa zvizere, unogona kushanduka,
yakavimbika, yakachengeteka kutaurirana nenyika yekunze kana imwe node yakaparadzana, semuenzaniso,
muzinda.

Mahofisi makuru

Kwavari, iyo yakanyanya simba vhezheni yemutsara uyu inokurudzirwa - ATP800.

Iyi modhi ine nhamba yakanaka yezviteshi: 12 RJ-45 uye 2 SFP, ese anogona kugadzirwa muWAN, LAN kana DNZ modhi, iyo inobvumidza iwe kushandisa akati wandei maWLAN, kuronga akati wandei maDMZ uye uchine mukana wekubatanidza kune. network yekunze yezvivakwa zvemukati zvakaoma. Inokodzera mahofisi makuru akakura ane network yakagadziridzwa uye yakakwira zvinodiwa zvekuchengetedza uye kutonga kwekuwana.

Mufananidzo 4. ZyWALL ATP800.

Izvo zvakakoshawo kuziva kuti iyi modhi inokurudzirwa kutengwa ine tsika ye "kukura." Kana ukaronga kukura kambani yako, semuenzaniso, gadzira cheni yezvitoro zvemuno, saka zvine musoro kuti utenge nekukurumidza modhi ine simba kuitira kuti usashandise mari kaviri.

Sezvaunogona kuona, kunyange pasi pemamiriro akawanda espartan zvinokwanisika kupa hutano hwakanaka hwekudzivirira, kukanganisa kushivirira uye kushanduka mukushanda.

Tsigiro yehunyanzvi, zano, nhaurirano, nhau, kukwidziridzwa uye zviziviso - Join taura nesu paTeregiramu!

Useful links

1. Colocation: sei, sei uye nei

2. Idya kudya kwemangwanani iwe pachako, igovera basa rako ne "gore"

3. ZyWALL ATP100 Chengetedzo Gedhi Peji

4. ZyWALL ATP200 Chengetedzo Gedhi Peji

5. ZyWALL ATP500 Chengetedzo Gedhi Peji

6. ZyWALL ATP800 Chengetedzo Gedhi Peji

7. Sevhisi yedu ine ngozi uye yakaoma, kana Zyxel ATP500

Source: www.habr.com