I-Check Point iqale u-2019 ngokushesha ngokwenza izimemezelo ezimbalwa ngesikhathi esisodwa. Akunakwenzeka ukukhuluma ngakho konke esihlokweni esisodwa, ngakho-ke ake siqale ngento ebaluleke kakhulu - . I-Maestro iyinkundla entsha enwebekayo ekuvumela ukuthi ukhuphule "amandla" wesango lokuvikeleka ezinambeni "ezingcolile" futhi cishe ngokulandelana. Lokhu kufinyelelwa ngokwemvelo ngokulinganisa umthwalo phakathi kwamasango angawodwana asebenza kuqoqo njengebhizinisi elilodwa. Omunye angase athi - "Kwakunjalo! Sekuvele kunezinkundla ze-blade ezingama-44000/64000". Nokho, i-Maestro iyindaba ehluke ngokuphelele. Kulesi sihloko, ngizozama kafushane ukuchaza ukuthi kuyini, ukuthi kusebenza kanjani nokuthi lobu buchwepheshe buzosiza kanjani londoloza ekuvikelweni kwe-perimeter yenethiwekhi.
Was - Ube
Indlela elula yokuqonda ukuthi iplatifomu entsha ye-scalable ihluke kanjani ku-44000 endala/64000 buka isithombe esingezansi:
Umehluko usobala.
I-Legacy Check Point 44000 yesikhulumi/64000
Njengoba kubonakala esithombeni esingenhla, inketho yokuqala isiteji esinqunyiwe (chassis), lapho kungafakwa khona inani elilinganiselwe "amamojula we-blade" akhethekile (Bheka i-SGM yephoyinti). Konke lokhu kuxhunywe ku Imojuli yokushintsha kokuphepha (SSM), elinganisa ithrafikhi phakathi kwamasango. Isithombe esingezansi sibonisa izingxenye zale nkundla ngokuningiliziwe:
Lena inkundla enhle kakhulu uma wazi kahle ukuthi ikuphi ukusebenza okudingayo manje nokuthi ingakhula kangakanani. Kodwa-ke, ngenxa yesici esinqunyiwe sefomu (ama-blades angu-12 noma angu-6), ukhawulelwe ekukhuleni okwengeziwe. Ngaphezu kwalokho, uphoqeleka ukuthi usebenzise ama-SGM kuphela ama-blade, ngaphandle kokukwazi ukuxhuma imigqa evamile, enohlu olubanzi kakhulu lwamamodeli. Ngokufika I-Maestro Hyperscale Network Security isimo sishintsha kakhulu.
I-Check Point Maestro Hyperscale Network Security Platform entsha
I-Check Point Maestro yethulwa okokuqala ngoJanuwari 22 engqungqutheleni ye-CPX e-Bangkok. Izici eziyinhloko zingabonakala esithombeni esingezansi:
Njengoba ubona, inzuzo enkulu ye-Check Point Maestro yikhono lokusebenzisa amasango avamile (imishini) yokulinganisa. Labo. Asisagcini nje kuma-SGM blades. Ungakwazi ukusabalalisa umthwalo phakathi kwanoma yimaphi amadivayisi kusukela kumodeli engu-5600 (amamodeli e-SMB ne-Chassis 44000/64000 awasekelwe). Isithombe esingenhla sibonisa izinkomba ezinkulu ezingafinyelelwa uma usebenzisa inkundla entsha. Singahlanganisa sibe yinsiza eyodwa yekhompyutha kuze 31! isango. Manje i-firewall yakho ingase ibukeke kanje:
I-Maestro Hyperscale Orchestrator
Ngiyaqiniseka ukuthi abantu abaningi sebevele babuza: βHlobo luni lwe-Orchestrator lolu?βHhayi-ke, ngihlangabeze. I-Maestro Hyperscale Orchestrator - Yile nto ebhekene nokulinganisa ukulayisha. Uhlelo lokusebenza olufakwe kule divayisi I-Gaia R80.20 SP. Njengamanje kunezinhlobo ezimbili zama-Orchestrators - I-MHO-140 ΠΈ I-MHO-170. Izici esithombeni esingezansi:
Uma uthi nhlΓ‘ kungase kubonakale sengathi lena iswishi evamile. Eqinisweni, "i-switch + balancer + system management management." Konke ebhokisini elilodwa.
Amasango axhunywe kulawa ma-Orchestrators. Uma ama-balancers ebekezelela amaphutha, isango ngalinye lixhunywe ku-orchestrator ngayinye. Ukuze uxhumeke, i-βopticsβ (sfp+/qsfp+/qsfp28+) noma ikhebula le-DAC (Direct Attach Copper) ingasetshenziswa. Kulokhu, ngokwemvelo kufanele kube khona isixhumanisi sokuvumelanisa phakathi kwama-orchestrators:
Esithombeni esingezansi ungabona ukuthi amachweba alawa ma-orchestrator asatshalaliswa kanjani:
Amaqembu Wokuphepha
Ukuze umthwalo usatshalaliswe phakathi kwamasango, lawa masango kufanele abe seQembu Lezokuphepha elifanayo. Iqembu Lezokuphepha iyiqembu elinengqondo lamadivayisi asebenza njengeqoqo elisebenzayo/elisebenzayo. Leli qembu lisebenza ngokuzimela kwamanye Amaqembu Okuvikela. Ngokombono weseva yokuphatha, Iqembu Lokuvikela libukeka njengedivayisi eyodwa enekheli le-IP elilodwa.
Uma kudingekile, singahambisa isango elilodwa noma amaningi kuQembu Lokuphepha elihlukile futhi sisebenzise leli qembu ngezinye izinjongo, njengodonga oluhlukile lokuvikela endaweni yokubuka yokuphatha. Isibonelo sokusebenzisa sikhonjiswe esithombeni esingezansi:
Umkhawulo Obalulekile, amasango afanayo kuphela (imodeli) angasetshenziswa Eqenjini Lokuvikela elilodwa. Labo. uma ufuna ukukhulisa ngomugqa umthamo wesango lakho lokuvikeleka (okuyiqoqo lamadivayisi amaningana), kuzomele wengeze amasango afanayo ncamashi. Lo mkhawulo kufanele unyamalale ekukhishweni kwesofthiwe okulandelayo.
Kuvidiyo engezansi ungabona inqubo yokudala Iqembu Lokuvikela. Inqubo inembile.
Futhi, uma uqhathanisa izingxenye ze-Maestro nesiteji se-chassis, uthola okuthile okufana nesithombe esilandelayo:
Yiziphi izinzuzo zenkundla entsha?
Empeleni kunezinzuzo eziningi, kokubili ngokombono wezobuchwepheshe nezomnotho. Ngizochaza kafushane ezibaluleke kakhulu:
- Asinamkhawulo ekukaleni. Kufika kumasango angu-31 ngaphakathi kweQembu Lokuvikela elilodwa.
- Singangeza amasango njengoba kudingeka. Isethi encane yokuthenga i-orchestrator eyodwa + amasango amabili. Asikho isidingo sokubeka phansi amamodeli "ukukhula".
- Okunye ukuhlanganisa kulandela kusukela kuphuzu langaphambilini. Akusadingeki ukuthi sishintshe amasango angakwazi ukumelana nomthwalo. Ngaphambilini, le nkinga yaxazululwa kusetshenziswa inqubo yokuhweba - banikeze i-hardware endala futhi bathola ezintsha ngesaphulelo. Ngohlelo olunjalo, "ukulahlekelwa" kwezezimali akunakugwenywa. Inqubo entsha yokukala iqeda lesi sici. Awudingi ukunikeza noma yini, ungaqhubeka nje ukwandisa umkhiqizo ngosizo lwezingxenyekazi zekhompiyutha ezengeziwe.
- Ikhono lokuhlanganisa izinsiza ezikhona ukusabalalisa umthwalo. Isibonelo, ungakwazi "ukuhudula" wonke amaqoqo akho kuplathifomu ye-Maestro futhi uhlanganise Amaqembu Ezokuphepha amaningana, kuye ngomthwalo.
I-Maestro Hyperscale Network Security bundles
Njengamanje, kunezinketho ezimbalwa zokuthenga lokho okubizwa ngokuthi izinyanda nge-platform ye-Maestro. Isixazululo esisekelwe kumasango 23800, 6800 kanye no-6500:
Kulokhu, ungakhetha ezinhlotsheni ezimbili ezijwayelekile zemishini:
- I-okhestra eyodwa namasango amabili;
- I-orchestrator eyodwa namasango amathathu.
ungabona amanani alinganiselwe. Ngokwemvelo, ungakwazi ukwengeza enye i-orchestrator kanye namasango amaningi ngendlela othanda ngayo. Ulwazi olwengeziwe mayelana nokucaciswa lungacelwa .
Amadivayisi 6500 ΠΈ 6800 Lezi yizinhlobo zakamuva nazo ezethulwe ekuqaleni kwalo nyaka. Kodwa sizoxoxa ngazo kabanzi esihlokweni esilandelayo.
Ngingayithenga nini?
Ayikho impendulo ecacile lapha. Okwamanje, asikho isaziso sokungeniswa kwalezi zixazululo ezweni lethu. Ngokushesha nje lapho ulwazi mayelana nesikhathi selutholakala, sizokwenza isimemezelo ngokushesha emakhasini ethu omphakathi (, , ). Ngaphezu kwalokho, i-webinar enikezelwe kusixazululo se-Check Point Maestro ihlelwa esikhathini esizayo esiseduze, lapho kuzoxoxwa ngakho zonke izici zobuchwepheshe. Futhi-ke ungabuza imibuzo. Hlala ubukele!
isiphetho
Nakanjani inkundla entsha iyisengezo esihle kakhulu kuzixazululo zehadiwe ye-Check Point. Eqinisweni, lo mkhiqizo uvula ingxenye entsha, okungebona bonke abathengisi bezokuphepha bolwazi abanesixazululo esifanayo. Ngaphezu kwalokho, namuhla i-Check Point Maestro ayinazo ezinye izindlela uma kuziwa ekunikezeni "amandla okuphepha" angakaze abonwe ngaphambili. Kodwa-ke, i-Maestro Hyperscale Network Security izoba nesithakazelo hhayi kuphela kubanikazi besikhungo sedatha, kodwa nasezinkampanini ezijwayelekile. Labo abangabanikazi noma abahlela ukuthenga amadivaysi aqala ngemodeli ye-5600 bangakwazi kakade ukubhekisisa i-Maestro Kwezinye izimo, ukusebenzisa i-Maestro Hyperscale Network Security kungaba yisixazululo esinenzuzo kakhulu, kokubili ngokombono wezomnotho kanye nobuchwepheshe.
PS Lesi sihloko silungiselelwe ngokuhlanganyela kwe Anatoly Masover - Isazi sePlatform Esihle, Hlola I-Software Technologies.
Source: www.habr.com