Kulo nyaka, iinkampani ezininzi zitshintshe ngokukhawuleza emsebenzini okude. Kwabanye abathengi thina ququzelela imisebenzi engaphezulu kwekhulu ekude ngeveki. Kwakubalulekile ukwenza oku kungekuphela nje ngokukhawuleza, kodwa nangokukhuselekileyo. I-teknoloji ye-VDI iye yahlangula: ngoncedo lwayo, kulungele ukusasaza imigaqo-nkqubo yokhuseleko kuzo zonke iindawo zokusebenza kunye nokukhusela ukuvuza kwedatha.
Kweli nqaku ndiza kukuxelela indlela inkonzo yethu yedesktop esebenzayo esekwe kwiCitrix VDI isebenza kwindawo yokhuseleko lolwazi. Ndiza kukubonisa into esiyenzayo ukukhusela ii-desktops zabathengi kwizoyikiso zangaphandle ezifana ne-ransomware okanye uhlaselo ekujoliswe kulo.
Ziziphi iingxaki zokhuseleko esizicombululayo?
Sichonge ezoyikiso ezininzi zokhuseleko kwinkonzo. Kwelinye icala, idesktop ebonakalayo ibeka umngcipheko wokosuleleka kwikhompyuter yomsebenzisi. Kwelinye icala, kukho ingozi yokuphuma kwi-desktop ebonakalayo ukuya kwindawo evulekileyo ye-Intanethi kwaye ukhuphele ifayile eyosulelekileyo. Nokuba oku kuyenzeka, akufuneki kuchaphazele iziseko zophuhliso. Ke ngoko, xa sisenza inkonzo, sazisombulula iingxaki ezininzi:
- Ikhusela yonke i-VDI stand kwizoyikiso zangaphandle.
- Ukwahlukaniswa kwabathengi omnye komnye.
- Ukukhusela idesktop ezinenyani ngokwazo.
- Qhagamshela ngokukhuselekileyo abasebenzisi kuso nasiphi na isixhobo.
Undoqo wokhuseleko yayiyiFortiGate, isizukulwana esitsha somlilo esivela eFortinet. Ibeka iliso kwi-VDI booth traffic, ibonelela ngesiseko esizimeleyo kumxhasi ngamnye, kwaye ikhusela ngokuchasene nobuthathaka kwicala labasebenzisi. Izakhono zayo zanele ukusombulula uninzi lwemiba yokhuseleko lolwazi.
Kodwa ukuba inkampani ineemfuno ezikhethekileyo zokhuseleko, sinikezela ngeendlela ezongezelelweyo:
- Siququzelela uqhagamshelo olukhuselekileyo lokusebenza kwiikhompyuter zasekhaya.
- Sinikezela ngokufikelela kuhlalutyo oluzimeleyo lweelogi zokhuseleko.
- Sinikezela ngolawulo lokhuseleko lwe-antivirus kwiidesktops.
- Sikhusela kubuthathaka bosuku lweqanda.
- Siqwalasela ukuqinisekiswa kwezinto ezininzi zokhuseleko olongezelelweyo kunxibelelwano olungagunyaziswanga.
Ndiza kukuxelela ngokweenkcukacha ngakumbi ukuba sizisombulule njani iingxaki.
Indlela yokukhusela ukuma kunye nokuqinisekisa ukhuseleko lwenethiwekhi
Makhe sahlule inxalenye yenethiwekhi. Kwindawo yokuma sigxininisa icandelo lolawulo elivaliweyo lokulawula zonke izixhobo. Icandelo lolawulo alifumaneki ngaphandle: xa kwenzeka ukuhlaselwa komxhasi, abahlaseli abayi kukwazi ukufikelela apho.
I-FortiGate inoxanduva lokukhusela. Idibanisa imisebenzi ye-antivirus, i-firewall, kunye nenkqubo yokuthintela ukungena (IPS).
Kumxhasi ngamnye senza icandelo lothungelwano elizimeleyo kwiidesktop ezinenyani. Ngenxa yale njongo, i-FortiGate ine-teknoloji ye-domain ebonakalayo, okanye i-VDOM. Ikuvumela ukuba wahlule i-firewall ibe ngamaqumrhu amaninzi kwaye yabele umxhasi ngamnye i-VDOM yayo, eziphatha njengefirewall eyahlukileyo. Kwakhona sidala i-VDOM eyahlukileyo yecandelo lolawulo.
Oku kuvela kube ngulo mzobo ulandelayo:
Akukho nxibelelwano lomnatha phakathi kwabaxhasi: ngamnye uhlala kwi-VDOM yakhe kwaye ayichaphazeli enye. Ngaphandle kobu buchwepheshe, kuya kufuneka sahlule abathengi ngemithetho ye-firewall, enobungozi ngenxa yempazamo yomntu. Unokuyithelekisa loo mithetho nocango olufanele luvalwe rhoqo. Kwimeko ye-VDOM, asishiyi "iingcango" kuzo zonke.
Kwi-VDOM eyahlukileyo, umxhasi unedilesi yakhe kunye nendlela. Ke ngoko, ukunqumla amanqanaba akubi yingxaki kwinkampani. Umxhasi unokwabela iidilesi eziyimfuneko ze-IP kwiidesktop ezinenyani. Oku kulungele iinkampani ezinkulu ezinezicwangciso zazo ze-IP.
Sisombulula imiba yonxibelelwano kunye nenethiwekhi yenkampani yomthengi. Umsebenzi owahlukileyo kukudibanisa i-VDI kunye nesiseko somthengi. Ukuba inkampani igcina iinkqubo zenkampani kwiziko lethu ledatha, sinokuqhuba ngokulula intambo yenethiwekhi ukusuka kwisixhobo sayo ukuya kwi-firewall. Kodwa kaninzi sijongana nesiza esikude - elinye iziko ledatha okanye iofisi yomxhasi. Kule meko, sicinga ngokutshintshiselana okukhuselekileyo kunye nesayithi kunye nokwakha i-site2site VPN usebenzisa i-IPsec VPN.
Iinkqubo zinokwahluka ngokuxhomekeke kubunzima beziseko ezingundoqo. Kwezinye iindawo kwanele ukudibanisa inethiwekhi yeofisi enye kwi-VDI - umzila we-static kwanele apho. Iinkampani ezinkulu zinenethiwekhi ezininzi ezihlala zitshintsha; apha umxhasi ufuna indlela eguqukayo. Sisebenzisa iiprothokholi ezahlukeneyo: sele kukho iimeko kunye ne-OSPF (i-Open Shortest Path First), iitonela ze-GRE (i-Generic Routing Encapsulation) kunye ne-BGP (i-Border Gateway Protocol). I-FortiGate ixhasa iiprothokholi zenethiwekhi kwii-VDOM ezahlukileyo, ngaphandle kokuchaphazela abanye abathengi.
Unokwakha kwakhona i-GOST-VPN - i-encryption esekelwe ekukhuselweni kwe-cryptographic kuthetha iqinisekiswe yi-FSB ye-Russian Federation. Umzekelo, ukusebenzisa izisombululo zeklasi ye-KS1 kwindawo ebonakalayo "i-S-Terra Virtual Gateway" okanye i-PAK ViPNet, i-APKSH "ilizwekazi", "i-S-Terra".
Ukuseka imigaqo-nkqubo yeQela. Siyavumelana nomxhasi ngemigaqo-nkqubo yeqela esetyenziswa kwi-VDI. Apha imigaqo yokumisela ayifani nokumisela imigaqo-nkqubo kwiofisi. Siseta udibaniso kunye ne-Active Directory kunye nolawulo logunyaziso lweminye imigaqo-nkqubo yeqela kubathengi. Abalawuli abaqeshiweyo banokusebenzisa imigaqo-nkqubo kwizinto zeKhompyutha, balawule iyunithi yombutho kwi-Active Directory, kwaye benze abasebenzisi.
Kwi-FortiGate, kumxhasi ngamnye we-VDOM sibhala umgaqo-nkqubo wokhuseleko womnatha, ubeke izithintelo zokufikelela kwaye uqwalasele ukuhlolwa kwezithuthi. Sisebenzisa iimodyuli ezininzi zeFortiGate:
- Imodyuli ye-IPS ihlola i-traffic ye-malware kwaye inqande ukungena;
- i-antivirus ikhusela iidesktops ngokwazo kwi-malware kunye ne-spyware;
- ukuhluza iwebhu kuthintela ukufikelela kwimithombo engathembekanga kunye neesayithi ezinomxholo okhohlakeleyo okanye ongafanelekanga;
- Useto lweFirewall lunokuvumela abasebenzisi ukuba bafikelele kwi-Intanethi kwiindawo ezithile kuphela.
Ngamanye amaxesha umxhasi ufuna ukulawula ngokuzimeleyo ukufikelela kwabasebenzi kwiiwebhusayithi. Amaxesha amaninzi, iibhanki ziza nesi sicelo: iinkonzo zokhuseleko zifuna ukuba ulawulo lokufikelela luhlale kwicala lenkampani. Iinkampani ezinjalo ngokwazo zibeka iliso kwi-traffic kwaye rhoqo zenza utshintsho kwimigaqo-nkqubo. Kule meko, sijika zonke iitrafikhi ukusuka kwi-FortiGate ukuya kumxhasi. Ukwenza oku, sisebenzisa ujongano olucwangcisiweyo kunye neziseko zenkampani. Emva koko, umxhasi ngokwakhe uqulunqa imigaqo yokufikelela kwinethiwekhi yenkampani kunye ne-Intanethi.
Sibukela imicimbi kwindawo yokuma. Kunye neFortiGate sisebenzisa iFortiAnalyzer, umqokeleli welog evela eFortinet. Ngoncedo lwayo, sijonga kuzo zonke iilog zeminyhadala kwi-VDI kwindawo enye, sifumana iintshukumo ezikrokrisayo kwaye silandelele unxibelelwano.
Omnye wabathengi bethu usebenzisa iimveliso zeFortinet kwiofisi yabo. Kuyo, siqwalasele ukulayishwa kwelogi - ngoko umxhasi wakwazi ukuhlalutya zonke iziganeko zokhuseleko koomatshini beofisi kunye needesktops ezibonakalayo.
Uzikhusela njani iidesktop ezinenyani
Kwizoyikiso ezaziwayo. Ukuba umxhasi ufuna ukulawula ngokuzimeleyo ukukhuselwa kwe-anti-virus, sifaka ukhuseleko lweKaspersky kwindawo ebonakalayo.
Esi sisombululo sisebenza kakuhle kwilifu. Sonke sijwayele ukuba i-antivirus ye-Kaspersky yakudala iyisisombululo "esinzima". Ngokwahlukileyo, uKhuseleko lweKaspersky lweVirtualization alulayishi oomatshini bokwenene. Zonke ii-database zentsholongwane zibekwe kumncedisi, okhupha izigwebo zabo bonke oomatshini benyani be-node. Kuphela i-arhente yokukhanya efakwe kwidesktop enenyani. Ithumela iifayile kumncedisi ukuze ziqinisekiswe.
Olu lwakhiwo ngaxeshanye lubonelela ngokhuseleko lwefayile, ukhuseleko lwe-Intanethi, kunye nokhuselo lohlaselo ngaphandle kokubeka esichengeni ukusebenza koomatshini ababonakalayo. Kule meko, umxhasi unokwazisa ngokuzimeleyo ngaphandle kokukhuselwa kwefayile. Sinceda ngokuseta isiseko sesisombululo. Siza kuthetha ngeempawu zayo kwinqaku elahlukileyo.
Kwizoyikiso ezingaziwayo. Ukwenza oku, sidibanisa i-FortiSandbox - "ibhokisi yesanti" evela kwi-Fortinet. Siyisebenzisa njengesihluzi xa i-antivirus iphosa isoyikiso sosuku lwe-zero. Emva kokukhuphela ifayile, siqala siyiskena nge-antivirus kwaye siyithumele kwibhokisi yesanti. I-FortiSandbox ilinganisa umatshini wenyani, iqhuba ifayile kwaye ijonge ukuziphatha kwayo: zeziphi izinto ezikwirejista ezifunyenweyo, nokuba zithumela izicelo zangaphandle, njalo njalo. Ukuba ifayile iziphatha ngendlela ekrokrisayo, umatshini wesanti onebhokisi yesanti uyacinywa kwaye ifayile enobungozi ayipheli kumsebenzisi weVDI.
Uluseta njani uqhagamshelwano olukhuselekileyo kwiVDI
Sijonga ukuthotyelwa kwesixhobo kunye neemfuno zokhuseleko lolwazi. Ukususela ekuqaleni komsebenzi okude, abathengi baye basondela kuthi ngezicelo: ukuqinisekisa ukusebenza ngokukhuselekileyo kwabasebenzisi kwiikhomputha zabo. Nayiphi na ingcali yokhuseleko lolwazi iyazi ukuba ukukhusela izixhobo zasekhaya kunzima: awukwazi ukufaka i-antivirus efunekayo okanye usebenzise imigaqo-nkqubo yeqela, kuba oku akusiyo izixhobo zeofisi.
Ngokungagqibekanga, i-VDI iba βluluhluβ olukhuselekileyo phakathi kwesixhobo sobuqu kunye nenethiwekhi yeshishini. Ukukhusela i-VDI kuhlaselo olusuka kumatshini womsebenzisi, sikhubaza ibhodi eqhotyoshwayo kwaye siyakwalela ukuthunyelwa kwe-USB. Kodwa oku akusenzi isixhobo somsebenzisi ngokwaso sikhuseleke.
Sixazulula ingxaki ngokusebenzisa i-FortiClient. Esi sixhobo sokukhusela isiphelo. Abasebenzisi benkampani bafaka iFortiClient kwiikhompyuter zabo kwaye bayisebenzise ukuqhagamshela kwidesktop ebonakalayo. I-FortiClient isombulula iingxaki ezi-3 ngaxeshanye:
- iba "yifestile enye" ββyokufikelela kumsebenzisi;
- ijonga ukuba ikhompyuter yakho ine-antivirus kunye nohlaziyo lwamva nje lwe-OS;
- yakha itonela yeVPN yokufikelela ngokukhuselekileyo.
Umqeshwa ufumana ukufikelela kuphela ukuba baphumelele isiqinisekiso. Kwangaxeshanye, iidesktop ezibonakalayo ngokwazo azifumaneki kwi-Intanethi, okuthetha ukuba zikhuselwe ngcono ekuhlaselweni.
Ukuba inkampani ifuna ukulawula ukhuseleko lwe-endpoint ngokwayo, sinika i-FortiClient EMS (i-Endpoint Management Server). Umxhasi unokuqwalasela ukuskena kwedesktop kunye nothintelo lokungena, kwaye enze uluhlu olumhlophe lweedilesi.
Ukongeza izinto zokuqinisekisa. Ngokungagqibekanga, abasebenzisi baqinisekisiwe ngeCitrix nescaler. Apha, kwakhona, sinokuphucula ukhuseleko sisebenzisa isiqinisekiso sezinto ezininzi ezisekwe kwiimveliso zeSafeNet. Esi sihloko sifanelwe ingqalelo ekhethekileyo; siza kuthetha ngale nto kwinqaku elahlukileyo.
Siye saqokelela amava anjalo ekusebenzeni nezisombululo ezahlukeneyo kulo nyaka uphelileyo womsebenzi. Inkonzo ye-VDI iqwalaselwe ngokwahlukeneyo kumxhasi ngamnye, ngoko ke sikhethe ezona zixhobo ziguquguqukayo. Mhlawumbi kwixesha elizayo elingekude siza kongeza enye into kwaye sabelane ngamava ethu.
Nge-7 ka-Okthobha nge-17.00 oogxa bam baya kuthetha ngee-desktops ezibonakalayo kwi-webinar "Ngaba i-VDI iyimfuneko, okanye uququzelela njani umsebenzi okude?"
, ukuba ufuna ukuxoxa xa iteknoloji yeVDI ifanelekile kwinkampani kwaye xa kungcono ukusebenzisa ezinye iindlela.
umthombo: www.habr.com