Muva nje, i-Check Point yethule inkundla entsha engakala . Sesivele sishicilele yonke indatshana mayelana . Ngamafuphi, ikuvumela ukuthi ucishe ukhulise ukusebenza kwesango lokuvikela ngokuhlanganisa amadivaysi amaningi futhi ulinganise umthwalo phakathi kwawo. Ngokumangalisayo, kusenenganekwane yokuthi lesi sigcawu esihlasimulisayo sifaneleka kuphela izikhungo ezinkulu zedatha noma amanethiwekhi amakhulu. Lokhu akulona neze iqiniso.
I-Check Point Maestro yenzelwe izigaba ezimbalwa zabasebenzisi ngesikhathi esisodwa (sizozibheka kamuva), okuhlanganisa namabhizinisi aphakathi nendawo. Kulolu chungechunge olufushane lwezihloko ngizozama ukuzindla izinzuzo zezobuchwepheshe nezomnotho ze-Check Point Maestro zezinhlangano ezinosayizi omaphakathi (kusuka kubasebenzisi abangu-500) nokuthi kungani le nketho ingaba ngcono kuneqoqo lakudala.
Bheka izethameli eziqondiswe ku-Point Maestro
Okokuqala, ake sibheke amasegimenti abasebenzisi i-Check Point Maestro eyenzelwe yona. Kunezi-4 kuphela zazo:
1. Izinkampani ezazingenawo amandla ka-chassis. I-Check Point Maestro akuyona iplathifomu yokuqala ye-Check Point. Sesike sabhala ukuthi phambilini bezikhona izinhlobo ezinjengo-64000 kanye no-44000. Yize bezisebenza KAKHULU kodwa bekusekhona izinkampani obekunganele kuzona. I-Maestro iqeda le nkinga, ngoba ... ikuvumela ukuthi uhlanganise amadivayisi afika kwangu-31 ube yiqoqo elilodwa elisebenza kahle kakhulu. Ngesikhathi esifanayo, ungakwazi ukuhlanganisa iqoqo kusuka kumadivayisi aphezulu (23900, 26000), ngaleyo ndlela uzuze umphumela omkhulu.
Eqinisweni, emkhakheni wamasango okuphepha, i-Check Point okwamanje iyona kuphela esebenzisa ikhono elinjalo.
2. Izinkampani ezifuna ukukwazi ukukhetha ihadiwe yazo. Okunye okungalungile kwamapulatifomu amadala angakala isidingo sokusebenzisa βamamojula e-bladeβ achazwe ngokuqinile (Hlola Iphoyinti Le-SGM). Inkundla entsha ye-Check Point Maestro ikuvumela ukuthi usebenzise inombolo enkulu yamadivayisi ahlukene. Ungakhetha womabili amamodeli engxenyeni ephakathi (5600, 5800, 5900, 6500, 6800) kanye nengxenye ye-High End (15000 series, 23000 series, 26000 series). Ngaphezu kwalokho, ungawahlanganisa, kuye ngemisebenzi.
Lokhu kulula kakhulu ngokombono wokusetshenziswa kahle kwezinsiza. Ungathenga kuphela ukusebenza okudingayo ngokukhetha imodeli efanele.
3. Izinkampani lapho i-chassis inkulu kakhulu, kepha ukuqina kusadingeka. Okunye "okubi" kwamapulatifomu amadala ahlanjululwayo (64000, 44000) kwakuyi-threshold ephezulu yokungena (kusuka endaweni yokubuka yezomnotho). Isikhathi eside, izinkundla ezihlasimulisayo bezitholakala kuphela kumabhizinisi amakhulu anezabelomali βezinhleβ ze-IT. Ngokufika kwe-Check Point Maestro, konke kushintshile. Izindleko zenqwaba encane (i-orchestrator + amasango amabili) ziyaqhathaniswa (futhi ngezinye izikhathi ziphansi) neqoqo lakudala elisebenzayo/elibekwe eceleni. Labo. umkhawulo wokungena wehle kakhulu. Lapho ukhetha isixazululo, inkampani ingabeka ngokushesha i-architecture ehlanjululwayo, ngaphandle kokukhokha ngokweqile ukwanda okungenzeka okulandelayo kwezidingo. Ingabe kukhona abasebenzisi abaningi ngonyaka ngemva kokwethulwa kwe-Check Point Maestro? Uvele wengeze isango elilodwa noma amabili, ngaphandle kokushintshwa kwalawo akhona. Awudingi ngisho nokushintsha i-topology. Vele uxhume amasango amasha ku-orchestrator futhi usebenzise izilungiselelo kuwo ngokuchofoza okumbalwa nje.
4. Izinkampani ezifuna ukusebenzisa ngokugcwele amadivaysi akhona. Ngicabanga ukuthi abantu abaningi bayayazi inqubo ye-Trade-In. Lapho ukusebenza kwamadivayisi akhona kungasaneli futhi ihadiwe idinga ukubuyekezwa ukuze ihlangabezane nezidingo zamanje. Inqubo ebiza kakhulu. Futhi, ngokuvamile kuba nesimo lapho ikhasimende linamaqoqo amaningana Amaphoyinti Wokuhlola ukuze enze imisebenzi eyahlukene. Isibonelo, iqoqo lokuvikela i-perimeter, iqoqo lokufinyelela kude (i-RA VPN), iqoqo le-VSX, njll. Ngaphezu kwalokho, iqoqo elilodwa lingase lingabi nezinsiza ezanele, kuyilapho elinye linensada yazo. Hlola i-Maestro iyithuba elihle kakhulu lokuthuthukisa ukusetshenziswa kwalezi zinsiza ngokusabalalisa umthwalo phakathi kwazo.
Labo. uthola izinzuzo ezilandelayo:
- Asikho isidingo "sokulahla" ihadiwe ekhona. Ungathenga isango elilodwa noma amabili angeziwe, noma...
- Lungiselela ukulinganisa komthwalo okuguquguqukayo phakathi kwamanye amasango akhona ukuze kusetshenziswe izinsiza ngokulunge kakhulu. Uma umthwalo wesango le-perimeter ukhula kakhulu, khona-ke i-orchestrator izokwazi ukusebenzisa izinsiza "ezinesithukuthezi" zamasango okufinyelela kude futhi ngokuphambene nalokho. Lokhu kusiza ukushelela ukukhuphuka komthwalo wesizini (noma wesikhashana).
Njengoba kungenzeka uqonde, izingxenye ezimbili zokugcina zihlobene ngokuqondile namabhizinisi aphakathi nendawo, manje angakwazi futhi ukusebenzisa izinkundla zokuphepha ezingalawuleki. Nokho, kungase kuphakame umbuzo onengqondo: βKungani i-Check Point Maestro ingcono kuneqoqo elivamile?βSizozama ukuphendula lo mbuzo.
Iqoqo lakudala vs Check Point Maestro
Uma sikhuluma ngeqoqo le-Check Point yakudala, khona-ke izindlela ezimbili zokusebenza ziyasekelwa: Ukutholakala Okuphezulu (okungukuthi Kuyasebenza/Okulindile) kanye Nokwabelana Ngomthwalo (okungukuthi. Kuyasebenza/Kuyasebenza). Sizochaza kafushane incazelo yabo yomsebenzi, kanye nobuhle nobubi bazo.
Ukutholakala Okuphezulu (Kuyasebenza/Ilindile)
Njengoba igama liphakamisa, kule modi yokusebenza, i-node eyodwa idlula yonke i-traffic ngokwayo, kanti eyesibili ikwimodi yokulinda futhi ithatha ithrafikhi uma i-node esebenzayo iqala ukubhekana nanoma yiziphi izinkinga.
Izinzuzo:
- Imodi ezinzile kakhulu;
- Indlela ye-SecureXL yokuphathelene isekelwa ukusheshisa ukucutshungulwa kwethrafikhi;
- Uma i-node esebenzayo ihluleka, eyesibili iqinisekisiwe ukuthi ingakwazi "ukugaya" yonke ithrafikhi (ngoba ifana ncamashi).
Umthengi:
Eqinisweni, kukhona ukukhishwa okukodwa kuphela - inodi eyodwa ayisebenzi ngokuphelele. Ngokulandelayo, ngenxa yalokhu, siphoqeleka ukuthi sithenge i-hardware enamandla kakhulu ukuze ikwazi ukuphatha ithrafikhi iyodwa.
Vele, imodi ye-HA ithembeke kakhulu kunokwabelana ngomthwalo, kodwa ukwenziwa ngcono kwezinsiza kushiya okuningi okufanele ukwenze.
Ukwabelana Ngomthwalo (Kuyasebenza/Kuyasebenza)
Kule modi, wonke ama-node kuthrafikhi yenqubo yeqoqo. Ungakwazi ukuhlanganisa amadivaysi angafika kwangu-8 kuqoqo elinjalo (ngaphezu kuka-4 ).
Izinzuzo:
- Ungakwazi ukusabalalisa umthwalo phakathi kwama-node, okudinga amadivayisi anamandla amancane;
- Amathuba okukala okushelelayo (ukwengeza amanodi angama-8 kuqoqo).
Umthengi:
- Ngokudabukisayo, izinzuzo ziphenduka ngokushesha zibe yi-cons. Bathanda ukusebenzisa imodi yokwabelana ngomthwalo ngisho nalapho inkampani inamanodi amabili kuphela. Befuna ukonga imali, bathenga amadivaysi, ngalinye elilayishwe ku-40-50%. Futhi konke kubonakala kuhamba kahle. Kodwa uma i-node eyodwa ihluleka, sithola isimo lapho wonke umthwalo udluliselwa kwelinye elisele, elingenakukwazi ukubhekana nalo. Ngenxa yalokho, akukho ukubekezelelana kwephutha njengalokhu ohlelweni olunjalo.
- Engeza kulokhu inqwaba yemikhawulo yokwabelana ngomthwalo (). Futhi umkhawulo obaluleke kakhulu ukuthi i-SecureXL ayisekelwe, indlela esheshisa kakhulu ukucutshungulwa kwethrafikhi;
- Mayelana nokukala ngokungeza amanodi amasha kuqoqo, ngeshwa Ukwabelana Ngomthwalo akusafaneleki lapha. Uma amadivayisi angaphezu kwama-4 engeziwe kuqoqo, khona-ke ukusebenza kuyaqala .
Uma sicabangela ukungalungi kokuqala okubili, ukuze kusetshenziswe ukubekezelelana kwamaphutha lapho sisebenzisa ama-node amabili, siphoqeleka ukuthi sithenge i-hardware ekhiqizayo kakhulu ukuze "igaye" ithrafikhi esimweni esibucayi. Ngenxa yalokho, asinayo inzuzo yezomnotho, kodwa sithola inani elikhulu . Ngaphezu kwalokho, kufanelekile ukuqaphela ukuthi kusukela kunguqulo engu-R80.20, imodi yokwabelana ngomthwalo ayisekelwe. Lokhu kukhawulela abasebenzisi kuzibuyekezo ezidingekayo. Okwamanje akwaziwa ukuthi ukwabelana Ngomthwalo kuzosekelwa yini ekukhishweni okusha.
Hlola i-Point Maestro njengenye indlela
Ngokubuka kweqoqo, i-Check Point Maestro ithathe izinzuzo eziyinhloko zokutholakala Okuphezulu kanye nezindlela Zokwabelana Ngomthwalo:
- Amasango axhunywe ku-orchestrator angasebenzisa i-SecureXL, eqinisekisa isivinini esiphezulu sokucubungula ithrafikhi. Ayikho eminye imikhawulo ekhona Ekwabelaneni Ngomthwalo;
- Ithrafikhi isatshalaliswa phakathi kwamasango EQembu Lokuphepha elilodwa (isango elinengqondo elihlanganisa amaningana abonakalayo). Ngenxa yalokhu, singakwazi ukufaka amadivayisi akhiqiza kancane, ngoba asisenawo amasango angasebenzi, njengakumodi Yokutholakala Okuphezulu. Ngesikhathi esifanayo, amandla angakhushulwa cishe ngokulandelana, ngaphandle kokulahlekelwa okukhulu njengakumodi yokwabelana ngokulayisha (imininingwane eyengeziwe kamuva).
Konke lokhu kuhle, kodwa ake sibheke izibonelo ezimbili eziqondile.
Isibonelo No.1
Vumela inkampani X ihlose ukufaka iqoqo lamasango kumjikelezo wenethiwekhi. Sebevele sebejwayelene nayo yonke imikhawulo yokwabelana ngomthwalo (okungamukeleki kubo) futhi bacabangela imodi yokutholakala Okuphezulu ngokukhethekile. Ngemuva kokulinganisa, kuvela ukuthi isango le-6800 libafanele, okungafanele lilayishwe ngaphezu kwama-50% (ukuze okungenani kube nokubeka okuthile kokusebenza). Njengoba lokhu kuzoba yiqoqo, udinga ukuthenga idivayisi yesibili, ezomane "ibheme" umoya kumodi yokulinda. Yindlu yokubhema ebiza kakhulu.
Kodwa kukhona okunye. Thatha inqwaba ku-orchestrator kanye namasango amathathu angu-6500. Kulokhu, ithrafikhi izosatshalaliswa phakathi kwawo womathathu amadivayisi. Uma ubheka ama-specs alezi zinhlobo ezimbili, uzobona ukuthi amasango amathathu angu-6500 anamandla kuneyodwa engu-6800.
Ngakho-ke, lapho ukhetha i-Check Point Maestro, inkampani X ithola izinzuzo ezilandelayo:
- Inkampani ngokushesha ibeka iplatifomu engakala. Ukwenyuka okulandelayo kokusebenza kuzokwehla ekungezeni enye ingxenye yehadiwe engu-6500. Yini engaba lula?
- Isixazululo sisabekezelela amaphutha, ngoba Uma i-node eyodwa ihluleka, ababili abasele bazokwazi ukubhekana nomthwalo.
- Inzuzo ebaluleke ngokulinganayo futhi emangalisayo ukuthi ishibhile! Ngeshwa, angikwazi ukuthumela izintengo esidlangalaleni, kodwa uma uthanda, ungakwazi
Isibonelo No.2
Vumela inkampani Y isivele ibe neqoqo le-HA lamamodeli we-6500. I-node esebenzayo ilayishwe ku-85%, okuthi phakathi nemithwalo ephakeme kakhulu iholele ekulahlekelweni kwethrafikhi ekhiqizayo. Isixazululo esinengqondo senkinga sibonakala sibuyekeza ihadiwe. Imodeli elandelayo yi-6800. Yilokho. inkampani izodinga ukubuyisela amasango ngohlelo lwe-Trade-In futhi ithenge amadivaysi amabili amasha (abiza kakhulu).
Kodwa kukhona enye inketho. Thenga i-orchestrator nenye indawo efanayo ncamashi (6500). Hlanganisa iqoqo lamadivayisi amathathu futhi "usakaze" lo 85% womthwalo emasangweni amathathu. Ngenxa yalokho, uzothola imajini yokusebenza enkulu (amadivayisi amathathu azolayishwa kuphela ku-30% ngokwesilinganiso). Noma ngabe kushona enye yama-node amathathu, amabili asele asazobhekana nethrafikhi enomthwalo ophakathi kwama-45%. Ngaphezu kwalokho, emithwalweni ephezulu, iqoqo lamasango amathathu asebenzayo angu-6500 lizoba namandla kakhulu kunesango elilodwa le-6800, elitholakala kuqoqo le-HA (okungukuthi liyasebenza/elibekwe eceleni). Ukwengeza, uma ngonyaka noma ezimbili izidingo zenkampani ye-Y ziphinde zanda, khona-ke konke okuzodingeka bakwenze ukufaka ama-node eyodwa noma amabili ngaphezulu kwe-6500. Ngicabanga ukuthi inzuzo yezomnotho lapha isobala.
isiphetho
Yebo, i-Check Point Maestro ayisona isixazululo se-SMB. Kodwa ngisho nebhizinisi eliphakathi lingakwazi kakade ukucabanga ngalesi sikhulumi futhi okungenani lizame ukubala ukusebenza kahle kwezomnotho. Uzomangala ukuthola ukuthi izinkundla ezingakala zingaba nenzuzo enkulu kuneqoqo lakudala. Ngesikhathi esifanayo, kunezinzuzo hhayi kuphela kwezomnotho, kodwa futhi nobuchwepheshe. Kodwa-ke, sizokhuluma ngabo esihlokweni esilandelayo, lapho, ngaphezu kwamaqhinga ezobuchwepheshe, ngizozama ukukhombisa amacala amaningana ajwayelekile (i-topology, izimo).
Ungakwazi futhi ukubhalisela amakhasi ethu omphakathi (, , , ), lapho ungalandela khona ukuvela kwezinto ezintsha ku-Check Point neminye imikhiqizo yezokuphepha.
Source: www.habr.com