Ukwakha isiseko senethiwekhi esekelwe kwiNebula. Icandelo 1 - iingxaki kunye nezisombululo

Eli nqaku liza kuxubusha iingxaki zokulungelelanisa iziseko zenethiwekhi ngendlela yendabuko kunye neendlela zokusombulula imiba efanayo ngokusebenzisa iteknoloji yefu.

Ukubhekisela. I-Nebula yindawo yelifu ye-SaaS yokugcina iziseko zenethiwekhi zikude. Zonke izixhobo ezenziwe ngeNebula zilawulwa ukusuka efini ngoqhagamshelwano olukhuselekileyo. Unokulawula isiseko esikhulu sothungelwano esasasazwa kwiziko elinye ngaphandle kokuchitha umzamo wokuyidala.

Kutheni ufuna enye inkonzo yelifu?

Ingxaki ephambili xa usebenza kunye neziseko zenethiwekhi akuyiyo inethiwekhi kunye nokuthenga izixhobo, okanye ukuyifaka kwi-rack, kodwa yonke enye into eya kufuneka yenziwe kunye nale nethiwekhi kwixesha elizayo.

Inethiwekhi entsha - amaxhala amadala

Xa ubeka i-node entsha yenethiwekhi emva kokufaka kunye nokudibanisa izixhobo, ulungelelwaniso lokuqala luqala. Ukusuka kwindawo yokujonga "abaphathi abakhulu" - akukho nto inzima: "Sithatha amaxwebhu okusebenza kwiprojekthi kwaye siqale ukuseta ..." Oku kuthethwa kakuhle xa zonke izinto zenethiwekhi zikwindawo enye yedatha. Ukuba zithe saa kumasebe, intloko ebuhlungu yokubonelela ngokufikelela kude iqala. Yisangqa esikhohlakeleyo: ukufumana ukufikelela kude kwinethiwekhi, kufuneka uqwalasele izixhobo zenethiwekhi, kwaye oku kufuneka ufike kwinethiwekhi ...

Kufuneka size namacebo ahlukeneyo okuphuma kulo mbhodamo uchazwe ngasentla. Umzekelo, ilaptop enokufikelela kwi-Intanethi ngemodem ye-USB 4G iqhagamshelwe ngentambo yesiqwenga kwinethiwekhi yesiko. Umxhasi we-VPN ufakwe kule laptop, kwaye ngayo umlawuli wenethiwekhi ovela kwikomkhulu uzama ukufikelela kwinethiwekhi yesebe. Iskimu ayisona nto ibonakalayo - nokuba uzisa ilaptop kunye neVPN esele iqwalaselwe kwindawo ekude kwaye ucele ukuyivula, kukude kwinto yokuba yonke into iya kusebenza okokuqala. Ngokukodwa ukuba sithetha ngommandla owahlukileyo kunye nomboneleli owahlukileyo.

Kuvela ukuba eyona ndlela inokwethenjelwa kukuba ube neengcali ezilungileyo "kwelinye icala lomgca" onokumisela inxalenye yakhe ngokweprojekthi. Ukuba akukho nto injalo kubasebenzi besebe, ukhetho luhlala: mhlawumbi ukukhutshwa okanye ukuhamba ngezoshishino.

Sikwafuna inkqubo yokubeka iliso. Kufuneka ifakwe, iqwalaselwe, igcinwe (ubuncinci ukubeka iliso kwisithuba sediski kwaye wenze ii-backups eziqhelekileyo). Kwaye engazi nto malunga nezixhobo zethu de siyixelele. Ukwenza oku, kufuneka ubhalise izicwangciso kuzo zonke izixhobo zezixhobo kwaye ubeke iliso rhoqo ukufaneleka kweerekhodi.

Kuhle xa abasebenzi benayo "i-orchestra yomntu omnye", leyo, ngaphezu kolwazi oluthile lomlawuli wenethiwekhi, uyazi indlela yokusebenza kunye neZabbix okanye enye inkqubo efanayo. Ngaphandle koko, siqesha omnye umntu kubasebenzi okanye sikhuphele ngaphandle.

Qaphela: Ezona mpazamo zibuhlungu ziqala ngala magama: “Yintoni ekhoyo yokumisela le Zabbix (Nagios, OpenView, njl.)? Ndiza kuyithatha ngokukhawuleza kwaye ilungile! "

Ukususela ekuphunyezweni ukuya ekusebenzeni

Makhe sijonge umzekelo othile.

Kufunyenwe umyalezo we-alam obonisa ukuba indawo yokufikelela kwi-WiFi kwenye indawo ayiphenduli.

Iphi?

Ngokuqinisekileyo, umlawuli wenethiwekhi olungileyo unoluhlu lwakhe lomntu apho yonke into ibhalwe phantsi. Imibuzo iqala xa olu lwazi lufuna ukwabelwana ngalo. Ngokomzekelo, ngokukhawuleza kufuneka uthumele umthunywa ukuba ulungise izinto ngokukhawuleza, kwaye ngenxa yoko kufuneka ukhuphe into efana nale: "Indawo yokufikelela kwindawo yoshishino kwiSitrato saseStroiteley, isakhiwo 1, kumgangatho we-3, igumbi No. 301 ecaleni komnyango wangaphambili phantsi kwesilingi."

Masithi sinethamsanqa kwaye indawo yokufikelela inikwe amandla nge-PoE, kwaye iswitshi ivumela ukuba iqaliswe ukude. Awudingi ukuhamba, kodwa udinga ukufikelela ukude kwiswitshi. Konke okuseleyo kukuqwalasela ukuthunyelwa kwezibuko nge-PAT kwi-router, bonisa i-VLAN yokudibanisa ngaphandle, njalo njalo. Kulungile ukuba yonke into ilungiselelwe kwangaphambili. Umsebenzi usenokungabi nzima, kodwa kufuneka wenziwe.

Ngoko ke, indawo yokutya yaqalwa ngokutsha. Ngaba akuncedi?

Masithi kukho into engalunganga kwihardware. Ngoku sijonge ulwazi malunga newaranti, ukuqala kunye nezinye iinkcukacha ezinomdla.

Ukuthetha nge-WiFi. Ukusebenzisa inguqu yasekhaya ye-WPA2-PSK, enesitshixo esinye kuzo zonke izixhobo, ayikhuthazwa kwindawo yenkampani. Okokuqala, isitshixo esinye kumntu wonke asikhuselekanga, kwaye okwesibini, xa umsebenzi omnye ehamba, kufuneka utshintshe esi sitshixo esiqhelekileyo kwaye uphinde wenze izicwangciso kuzo zonke izixhobo zabo bonke abasebenzisi. Ukunqanda iingxaki ezinjalo, kukho i-WPA2-Enterprise enobungqina bomntu ngamnye kumsebenzisi ngamnye. Kodwa kule nto ufuna iseva ye-RADIUS - enye iyunithi yeziseko ezingundoqo ekufuneka ijongwe, i-backups yenziwe, njalo njalo.

Nceda uqaphele ukuba kwinqanaba ngalinye, nokuba kukuphunyezwa okanye ukusebenza, sasebenzisa iinkqubo zenkxaso. Oku kuquka ilaptop enoqhagamshelo lwe-Intanethi “lomntu wesithathu,” inkqubo yokubeka iliso, uvimba weenkcukacha wesixhobo, kunye neRADIUS njengenkqubo yokuqinisekisa. Ukongeza kwizixhobo zenethiwekhi, kufuneka ugcine iinkonzo zomntu wesithathu.

Kwiimeko ezinjalo, unokuva isiluleko: "Yinike ilifu kwaye ungabandezeleki." Ngokuqinisekileyo kukho i-Zabbix yefu, mhlawumbi kukho i-RADIUS yefu kwenye indawo, kunye ne-database yefu yokugcina uluhlu lwezixhobo. Ingxaki kukuba oku akufuneki ngokwahlukileyo, kodwa "kwibhotile enye." Kwaye kunjalo, kuphakama imibuzo malunga nolungiselelo lofikelelo, ukuseta isixhobo sokuqala, ukhuseleko, nokunye okuninzi.

Ijongeka njani xa usebenzisa iNebula?

Ngokuqinisekileyo, ekuqaleni "ilifu" alazi nto malunga nezicwangciso zethu okanye izixhobo ezithengiweyo.

Okokuqala, iprofayili yombutho yenziwa. Oko kukuthi, yonke isiseko: ikomkhulu kunye namasebe abhaliswe kuqala kwilifu. Iinkcukacha zichaziwe kwaye ii-akhawunti zenziwa ukulungiselela ukunikezelwa kwamagunya.

Ungabhalisa izixhobo zakho efini ngeendlela ezimbini: indlela yakudala - ngokufaka nje inombolo yesiriyali xa ugcwalisa ifom yewebhu okanye ngokuskena ikhowudi ye-QR usebenzisa ifowuni ephathwayo. Into oyifunayo kwindlela yesibini yi-smartphone enekhamera kunye nokufikelela kwi-Intanethi, kubandakanya nomboneleli weselula.

Ngokuqinisekileyo, iziseko eziyimfuneko zokugcina ulwazi, zombini i-accounting kunye nezicwangciso, zinikezelwa yiZyxel Nebula.

Umzobo 1. Ingxelo yokhuseleko yeZiko loLawulo lweNebula.

Kuthekani ngokumisela ufikelelo? Ukuvula amazibuko, ukuhambisa i-traffic kwisango elingenayo, bonke abalawuli bezokhuseleko babiza ngothando "imigodi yokukha"? Ngethamsanqa, awudingi ukwenza konke oku. Izixhobo ezisebenzisa iNebula ziseka uqhagamshelwano oluphumayo. Kwaye umlawuli udibanisa kungekhona kwisixhobo esahlukileyo, kodwa kwilifu ukuze kuqwalaselwe. INebula ilamla phakathi koqhagamshelwano olubini: kwisixhobo nakwikhompyutha yomlawuli wothungelwano. Oku kuthetha ukuba isigaba sokubiza umlawuli ongenayo sinokuncitshiswa okanye sigqitywe ngokupheleleyo. Kwaye akukho "mingxuma" eyongezelelweyo kwi-firewall.

Kuthekani nge-RADUIS iseva? Ngapha koko, uhlobo oluthile loqinisekiso olusembindini luyafuneka!

Kwaye le misebenzi ikwathathwa yiNebula. Ukuqinisekiswa kwee-akhawunti zokufikelela kwisixhobo kwenzeka ngokusebenzisa i-database ekhuselekileyo. Oku kwenza lula kakhulu ukugunyaziswa okanye ukurhoxiswa kwamalungelo okulawula inkqubo. Kufuneka sidlulisele amalungelo - sidale umsebenzisi kwaye sinike indima. Kufuneka sithathe amalungelo - senza amanyathelo abuyela umva.

Ngokwahlukileyo, kufanelekile ukukhankanya i-WPA2-Enterprise, efuna inkonzo eyahlukileyo yokuqinisekisa. I-Zyxel Nebula ine-analogue yayo - DPPSK, evumela ukuba usebenzise i-WPA2-PSK kunye nesitshixo somntu ngamnye kumsebenzisi ngamnye.

Imibuzo "engalunganga".

Ngezantsi siza kuzama ukunika iimpendulo zeyona mibuzo inzima esoloko ibuzwa xa ufaka inkonzo yelifu

Ngaba ikhuselekile ngokwenene?

Kulo naluphi na ugunyaziso lolawulo kunye nolawulo lokuqinisekisa ukhuseleko, izinto ezimbini zidlala indima ebalulekileyo: ukungaziwa kunye nokufihlwa.

Ukusebenzisa i-encryption ukukhusela i-traffic kwi-prying eyes yinto abafundi abaqhelana nayo.

Ukungaziwa kufihla ulwazi malunga nomnini kunye nomthombo kubasebenzi ababonelela ngelifu. Ulwazi lomntu siqu luyasuswa kwaye iirekhodi zinikwe isazisi "esingenabuso". Akukho nokuba umphuhlisi wesoftware yelifu okanye umlawuli ogcina inkqubo yelifu unokwazi umnini wezicelo. "Ivela phi le nto? Ngubani onokuba nomdla kule nto?” - imibuzo enjalo iya kuhlala ingaphendulwa. Ukunqongophala kolwazi malunga nomnini kunye nomthombo kwenza umntu ongaphakathi abe yinkcitho engenanjongo yexesha.

Ukuba sithelekisa le ndlela kunye nomkhuba wendabuko wokukhupha okanye ukuqesha umlawuli ongenayo, kuyacaca ukuba ubugcisa belifu bukhuselekile. Ingcaphephe ye-IT engenayo inolwazi oluninzi malunga nombutho wayo, kwaye inokuthi, ngokuthandabuza, ibangele umonakalo omkhulu ngokwemiqathango yokhuseleko. Umba wokugxothwa okanye ukupheliswa kwekhontrakthi usafuna ukusonjululwa. Ngamanye amaxesha, ukongeza ekuvaleni okanye ekucimeni iakhawunti, oku kubandakanya utshintsho lwehlabathi jikelele lwamagama ayimfihlo okufikelela kwiinkonzo, kunye nophicotho lwazo zonke izixhobo zokungena “ezilibele” kunye “neebhukhimakhi” ezinokwenzeka.

Ibiza kakhulu okanye itshiphu kangakanani iNebula kunomlawuli ongenayo?

Yonke into inxulumene. Iimpawu ezisisiseko zeNebula ziyafumaneka simahla. Eneneni, yintoni enokuba nexabiso eliphantsi?

Ngokuqinisekileyo, akunakwenzeka ukwenza ngokupheleleyo ngaphandle komlawuli wenethiwekhi okanye umntu othatha indawo yakhe. Umbuzo linani labantu, ubuchule babo kunye nokusabalalisa kwiindawo zonke.

Ngokubhekiselele kwinkonzo eyandisiweyo ehlawulweyo, ukubuza umbuzo othe ngqo: kubiza kakhulu okanye kuncinci - indlela enjalo iya kuhlala ingachanekanga kwaye isecaleni elinye. Kuya kuba kuchanekile ngakumbi ukuthelekisa izinto ezininzi, ukusuka kwimali ukuhlawula umsebenzi weengcali ezithile kunye nokuphelisa ngeendleko zokuqinisekisa ukusebenzisana kwabo kunye nekontraka okanye umntu ngamnye: ukulawula umgangatho, ukuzoba amaxwebhu, ukugcina umgangatho wokhuseleko, kunye njalo njalo.

Ukuba sithetha ngesihloko sokuba ngaba kunenzuzo okanye akukho nzuzo ukuthenga iphakheji yeenkonzo ezihlawulwayo (i-Pro-Pack), ngoko impendulo eqikelelweyo inokuvakala ngolu hlobo: ukuba umbutho uncinci, unokufumana ngokusisiseko. inguqulo, ukuba umbutho uyakhula, ngoko kuyavakala ukucinga ngePro-Pack. Umahluko phakathi kweenguqulelo zeZyxel Nebula unokubonwa kwiThebhile 1.

Itheyibhile 1. Umahluko phakathi kwesiseko kunye neeseti ze-Pro-Pack zeNebula.

Oku kubandakanya ingxelo ephucukileyo, uphicotho lomsebenzisi, uqwalaselo lwekloni, kunye nokunye okuninzi.

Kuthekani ngokhuseleko lwendlela?

INebula isebenzisa umthetho olandelwayo I-NETCONF ukuqinisekisa ukusebenza ngokukhuselekileyo kwezixhobo zenethiwekhi.

I-NETCONF inokuqhuba ngaphezulu kweendlela ezininzi zezothutho:

• SSH (RFC 4742);
• isepha (RFC 4743);
• IBHokhwe (RFC 4744);
• TLS (RFC 5539).

Ukuba sithelekisa i-NETCONF kunye nezinye iindlela, umzekelo, ulawulo nge-SNMP, kufuneka kuqatshelwe ukuba I-NETCONF ixhasa uqhagamshelo lwe-TCP ephumayo ukoyisa umqobo we-NAT kwaye ithathwa njengethembeke ngakumbi.

Kuthekani ngenkxaso yehardware?

Ngokuqinisekileyo, akufanele ujike igumbi lomncedisi kwi-zoo kunye nabameli beentlobo ezinqabileyo kunye nengozi yezixhobo. Kunqweneleka kakhulu ukuba izixhobo ezidityaniswe bubuchwephesha bolawulo zigubungele zonke izikhokelo: ukusuka kwiswitshi ephakathi ukuya kwiindawo zofikelelo. Iinjineli zeZyxel zithathele ingqalelo oku kunokwenzeka. INebula isebenzisa izixhobo ezininzi:

• I-10G yokutshintsha okuphakathi;
• ukutshintshwa kwinqanaba lokufikelela;
• utshintsho ngePoE;
• iindawo zokungena;
• amasango enethiwekhi.

Ukusebenzisa uluhlu olubanzi lwezixhobo ezixhaswayo, unokwakha uthungelwano lweentlobo ezahlukeneyo zemisebenzi. Oku kuyinyani ngakumbi kwiinkampani ezingakhuliyo phezulu, kodwa ngaphandle, zihlala zihlola iindawo ezintsha zokwenza ishishini.

Uphuhliso lwarhoqo

Izixhobo zenethiwekhi ezinendlela yokulawula yendabuko zinendlela enye yokuphucula - ukutshintsha isixhobo ngokwaso, nokuba yi-firmware entsha okanye iimodyuli ezongezelelweyo. Kwimeko yeZyxel Nebula, kukho indlela eyongezelelweyo yokuphucula - ngokuphucula isiseko selifu. Ngokomzekelo, emva kokuhlaziya i-Nebula Control Centre (NCC) kwinguqulo ye-10.1. (NgoSeptemba 21, 2020) izinto ezintsha ziyafumaneka kubasebenzisi, nazi ezinye zazo:

• Umnini wombutho ngoku unokudlulisela onke amalungelo obunini komnye umlawuli kumbutho omnye;
• indima entsha ebizwa ngokuba nguMmeli woMnini, onamalungelo afanayo nomnini wombutho;
• inqaku elitsha lohlaziyo lwe-firmware ebanzi (isici sePro-Pack);
• iinketho ezimbini ezintsha zongezwe kwi-topology: ukuqalisa kwakhona isixhobo kunye nokuvula nokucima amandla e-PoE port (umsebenzi wePro-Pack);
• inkxaso yeemodeli zeendawo ezintsha zokufikelela: WAC500, WAC500H, WAC5302D-Sv2 kunye ne-NWA1123ACv3;
• inkxaso yoqinisekiso lwevawutsha ngoshicilelo lwekhowudi yeQR (umsebenzi wePro-Pack).

amakhonkco aluncedo

1. Incoko yeTelegram yeZyxel
2. IForam yeZixhobo zeZyxel
3. Uninzi lweevidiyo eziluncedo kwitshaneli yeYouTube
4. I-Zyxel Nebula - ukukhululeka kolawulo njengesiseko sokulondoloza
5. Umahluko phakathi kweenguqulelo zeZyxel Nebula
6. I-Zyxel Nebula kunye nokukhula kwenkampani
7. Ilifu le-Zyxel Nebula supernova - indlela eneendleko zokhuseleko?
8. I-Zyxel Nebula-Iinketho kwiShishini lakho

umthombo: www.habr.com