Kulo nyaka, izinkampani eziningi zishintshele ngokushesha emsebenzini okude. Kwamanye amaklayenti thina hlela imisebenzi ekude engaphezu kwekhulu ngesonto. Kwakubalulekile ukwenza lokhu hhayi nje ngokushesha, kodwa futhi ngokuphepha. Ubuchwepheshe be-VDI buye basiza: ngosizo lwayo, kulula ukusabalalisa izinqubomgomo zokuphepha kuzo zonke izindawo zokusebenza nokuvikela ekuputshuzweni kwedatha.
Kulesi sihloko, ngizokutshela ukuthi isevisi yethu yedeskithophu esekwe ku-Citrix VDI isebenza kanjani ngokwezokuphepha kolwazi. Ngizokukhombisa esikwenzayo ukuvikela amadeskithophu eklayenti ezinsongweni zangaphandle ezifana ne-ransomware noma ukuhlaselwa okuqondiwe.
Yiziphi izinkinga zokuphepha esizixazululayo
Sihlonze izinsongo ezimbalwa ezinkulu zokuphepha kule sevisi. Ngakolunye uhlangothi, ideskithophu ebonakalayo inengozi yokutheleleka ngekhompyutha yomsebenzisi. Ngakolunye uhlangothi, kunengozi yokuphuma kudeskithophu ebonakalayo endaweni evulekile ye-inthanethi bese ulanda ifayela elinegciwane. Noma lokhu kwenzeka, akumele kuphazamise ingqalasizinda yonke. Ngakho-ke, lapho sidala isevisi, saxazulula izinkinga eziningana:
- Ukuvikelwa kwayo yonke i-VDI ukuma ezinsongweni zangaphandle.
- Ukuhlukaniswa kwamaklayenti komunye nomunye.
- Ukuvikela amadeskithophu abonakalayo ngokwawo.
- Vikela ukuxhumeka komsebenzisi kunoma iyiphi idivayisi.
I-FortiGate, i-firewall yesizukulwane esisha evela e-Fortinet, yaba umnyombo wokuvikela. Ilawula ithrafikhi yesitendi se-VDI, ihlinzeka ngengqalasizinda engayodwa yeklayenti ngalinye, futhi ivikela ebuthakathakeni bohlangothi lomsebenzisi. Amandla ayo anele ukuvala iningi lezindaba ze-IS.
Kodwa uma inkampani inezidingo ezikhethekile zokuphepha, sinikeza izinketho ezengeziwe:
- Sihlela ukuxhumana okuphephile ukuze sisebenze kumakhompyutha asekhaya.
- Sinikeza ukufinyelela ekuzihlaziyeni ngokwakho kwamalogi okuvikela.
- Sihlinzeka ngokuphathwa kokuvikela amagciwane kumadeskithophu.
- Sivikela ezingozini zosuku oluyiziro.
- Setha ukuqinisekiswa kwezinto eziningi ukuze uthole ukuvikelwa okwengeziwe ekuxhumekeni okungagunyaziwe.
Ngizokutshela kabanzi mayelana nokuthi imisebenzi yaxazululwa kanjani.
Sivikela kanjani idokodo futhi siqinisekise ukuphepha kwenethiwekhi
Sihlukanisa ingxenye yenethiwekhi. Edokodweni, sabela ingxenye yokuphatha evaliwe yokuphatha zonke izinsiza. Ingxenye yabaphathi ayifinyeleleki ngaphandle: uma kwenzeka kuhlaselwa iklayenti, abahlaseli ngeke bakwazi ukufika lapho.
I-FortiGate inesibopho sokuvikela. Ihlanganisa imisebenzi ye-antivirus, i-firewall, uhlelo lokuvimbela ukungena (IPS).
Kuklayenti ngalinye, sakha ingxenye yenethiwekhi eyodwa yamadeskithophu abonakalayo. Ukwenza lokhu, i-FortiGate inobuchwepheshe besizinda esibonakalayo, noma i-VDOM. Ikuvumela ukuthi uhlukanise i-firewall ibe izinhlangano ezimbalwa ezibonakalayo futhi unikeze i-VDOM yayo kuklayenti ngalinye, elisebenza njenge-firewall ehlukile. Futhi sidala i-VDOM ehlukile yengxenye yabaphathi.
Kuvela lolu hlelo:
Alukho uxhumano lwenethiwekhi phakathi kwamaklayenti: ngalinye lihlala ku-VDOM yalo futhi alithinti elinye. Ngaphandle kwalobu buchwepheshe, bekuzodingeka sihlukanise amaklayenti ngemithetho ye-firewall, futhi lokhu kuyingozi ngenxa yesici somuntu. Ungayiqhathanisa imithetho enjalo nomnyango okumelwe uvalwe njalo. Endabeni ye-VDOM, asishiyi "iminyango" nhlobo.
Kwi-VDOM ehlukile, iklayenti linekheli layo nendlela yalo. Ngakho-ke, ukuphambana kobubanzi akubi inkinga enkampanini. Iklayenti linganikeza amakheli e-IP afunekayo kumadeskithophu abonakalayo. Lokhu kulungele izinkampani ezinkulu ezinezinhlelo zazo ze-IP.
Sixazulula izinkinga zokuxhuma ngenethiwekhi yebhizinisi yeklayenti. Umsebenzi ohlukile wukumiswa kwe-VDI nengqalasizinda yamakhasimende. Uma inkampani igcina amasistimu ezinkampani esikhungweni sethu sedatha, ungavele usebenzise ikhebula lenethiwekhi ukusuka ezintweni zayo ukuya ku-firewall. Kodwa kaningi sisebenzelana nesayithi elikude - esinye isikhungo sedatha noma ihhovisi leklayenti. Kulesi simo, sicabanga ngokushintshana okuphephile nesayithi futhi sakhe i-site2site VPN usebenzisa i-IPsec VPN.
Amasu angahluka, kuye ngobunkimbinkimbi bengqalasizinda. Endaweni ethile kwanele ukuxhuma inethiwekhi yehhovisi elilodwa ku-VDI - kunomzila okwanele omile. Izinkampani ezinkulu zinamanethiwekhi amaningi ahlala eshintsha; lapha iklayenti lidinga umzila oguquguqukayo. Sisebenzisa amaphrothokholi ahlukene: sekuvele kunezimo ze-OSPF (Indlela Efushane Kakhulu Evulekile Yokuqala), imigudu ye-GRE (I-Generic Routing Encapsulation) kanye ne-BGP (i-Border Gateway Protocol). I-FortiGate isekela amaphrothokholi enethiwekhi kuma-VDOM ahlukene ngaphandle kokuthinta amanye amaklayenti.
Ungakwazi futhi ukwakha i-GOST-VPN - ukubethela okusekelwe kumathuluzi okuvikela i-crypto aqinisekiswe yi-FSB ye-Russian Federation. Isibonelo, kusetshenziswa izixazululo zekilasi le-KS1 endaweni ebonakalayo "isango elibonakalayo le-S-Terra" noma i-HSS ViPNet, i-APKSh "Izwekazi", "S-Terra".
Setha Izinqubomgomo Zeqembu. Sisebenzisana nezinqubomgomo zeqembu lamaklayenti ezisetshenziswa ku-VDI. Lapha, imigomo yokubeka ayihlukile ekubekeni imigomo ehhovisi. Sihlela ukuhlanganiswa ne-Active Directory futhi sidlulisela ukulawula kwezinqubomgomo zeqembu kumakhasimende. Abaphathi babaqashi bangasebenzisa izinqubomgomo entweni Yekhompyutha, baphathe iyunithi yenhlangano ku-Active Directory, futhi bakhe abasebenzisi.
Ku-FortiGate, kuklayenti ngalinye le-VDOM, sibhala inqubomgomo yokuphepha yenethiwekhi, sibeka imikhawulo yokufinyelela, futhi simise ukuhlolwa kwethrafikhi. Sisebenzisa amamojula amaningana e-FortiGate:
- Imojula ye-IPS ihlola ithrafikhi ye-malware futhi ivimbele ukungena;
- i-antivirus ivikela amadeskithophu ngokwawo ku-malware ne-spyware;
- ukuhlunga iwebhu kuvimbela ukufinyelela ezinsizeni ezingathembekile namasayithi anokuqukethwe okunonya noma okungalungile;
- izilungiselelo ze-firewall zingavumela abasebenzisi ukuthi bafinyelele i-inthanethi kuphela kumasayithi athile.
Kwesinye isikhathi iklayenti lifuna ukuphatha ngokuzimela ukufinyelela kwabasebenzi kumasayithi. Ngokuvamile amabhange eza nesicelo esinjalo: izinsizakalo zokuphepha zidinga ukuthi ukulawula ukufinyelela kuhlale ohlangothini lwenkampani. Izinkampani ezinjalo zigada ithrafikhi ngokwazo futhi zenza izinguquko njalo kuzinqubomgomo. Kulokhu, siphendulela yonke ithrafikhi esuka e-FortiGate iye eklayentini. Ukwenza lokhu, sisebenzisa isixhumi esibonakalayo esimisiwe nengqalasizinda yenkampani. Ngemva kwalokho, iklayenti ngokwakhe ulungiselela imithetho ukufinyelela inethiwekhi yezinkampani kanye Internet.
Ukubuka imicimbi esitendini. Kanye ne-FortiGate, sisebenzisa i-FortiAnalyzer, umqoqi welogi ovela e-Fortinet. Ngosizo lwayo, sibheka wonke amalogi omcimbi ku-VDI endaweni eyodwa, sithole imisebenzi esolisayo futhi silandelele ukuhlobana.
Omunye wamakhasimende ethu usebenzisa imikhiqizo ye-Fortinet ehhovisi lakhe. Ngalo, simisa ukulayishwa kwelogi - ukuze iklayenti likwazi ukuhlaziya yonke imicimbi yezokuphepha yemishini yasehhovisi namadeskithophu abonakalayo.
Siwavikela kanjani amadeskithophu abonakalayo
Kusukela ezinsongweni ezaziwayo. Uma iklayenti lifuna ukuphatha ngokuzimela ukuvikelwa kwe-anti-virus, sifaka futhi i-Kaspersky Security ye-Virtualization.
Lesi sixazululo sisebenza kahle efwini. Sonke sijwayele ukuthi i-antivirus ye-Kaspersky yakudala iyisixazululo "esinzima". Ngokungafani nayo, i-Kaspersky Security ye-Virtualization ayilayishi imishini ebonakalayo. Zonke izingosi zolwazi zegciwane zitholakala kuseva, ekhipha izinqumo zayo yonke imishini ebambekayo yokusingatha. I-ejenti yokukhanya kuphela efakwe kudeskithophu ebonakalayo. Ithumela amafayela kuseva ukuze aqinisekiswe.
Lesi sakhiwo ngesikhathi esisodwa sinikeza ukuvikelwa kwefayela, ukuvikelwa kwe-inthanethi, ukuvikelwa ekuhlaselweni futhi akunciphisi ukusebenza kwemishini ebonakalayo. Kulokhu, iklayenti lingenza okuhlukile ekuvikelweni kwefayela ngokwalo. Sisiza ngokusetha okuyisisekelo kwesixazululo. Sizokhuluma ngezici zayo esihlokweni esihlukile.
Kusukela ezinsongweni ezingaziwa. Ukwenza lokhu, sixhuma i-FortiSandbox, ibhokisi lesihlabathi elivela e-Fortinet. Siyisebenzisa njengesihlungi uma i-antivirus iphuthelwa usongo lwezinsuku eziyiziro. Ngemva kokulanda ifayela, siqala ngokulihlola nge-antivirus, bese silithumela ku-sandbox. I-FortiSandbox ilingisa umshini we-virtual, yethula ifayela futhi iqaphe ukuziphatha kwayo: yiziphi izinto ekubhaliseni efinyelela kuzo, noma ngabe ithumela izicelo zangaphandle, njalonjalo. Uma ifayela liziphatha ngokusolisayo, i-VM ene-sandboxed iyasuswa futhi ifayela eliyingozi alibekwa ku-VDI yomsebenzisi.
Ungalumisa kanjani uxhumano oluvikelekile ku-VDI
Sihlola ukuthobela kwedivayisi nezidingo zokuphepha kolwazi. Kusukela ekuqaleni komsebenzi okude, amaklayenti abelokhu esithinta ngezicelo: ukuqinisekisa ukusebenza okuphephile kwabasebenzisi kumakhompyutha abo. Noma yimuphi uchwepheshe wezokuphepha wolwazi uyazi ukuthi kunzima ukuvikela amadivaysi asekhaya: awukwazi ukufaka i-antivirus edingekayo lapho noma usebenzise izinqubomgomo zeqembu, ngoba lezi akuzona izinto zasehhovisi.
Ngokuzenzakalelayo, i-VDI iba "ungqimba" oluvikelekile phakathi kwedivayisi yomuntu siqu nenethiwekhi yebhizinisi. Ukuvikela i-VDI ekuhlaselweni emshinini womsebenzisi, sikhubaza ibhodi lokunamathisela, sikhubaze ukudlulisela phambili nge-USB. Kodwa lokhu akwenzi idivayisi yomsebenzisi ngokwayo ivikeleke.
Sixazulula inkinga ngosizo lwe-FortiClient. Leli ithuluzi lokuvikela izindawo zokugcina (ukuvikelwa kwephoyinti lokugcina). Abasebenzisi benkampani bafaka i-FortiClient kumakhompyutha abo asekhaya futhi bayisebenzisele ukuxhuma kudeskithophu ebonakalayo. I-FortiClient ixazulula imisebenzi emi-3 ngesikhathi esisodwa:
- iba "iwindi elilodwa" lokufinyelela komsebenzisi;
- ihlola ukuthi ikhompuyutha yomuntu siqu ine-antivirus kanye nezibuyekezo zakamuva ze-OS;
- yakha umhubhe we-VPN wokufinyelela okuphephile.
Isisebenzi sithola ukufinyelela kuphela uma siphumelele ukuqinisekiswa. Ngesikhathi esifanayo, amadeskithophu abonakalayo ngokwawo awatholakali ku-inthanethi, okusho ukuthi avikelwe kangcono ekuhlaselweni.
Uma inkampani ifuna ukuphatha ukuvikelwa kwe-endpoint ngokwayo, sinikeza i-FortiClient EMS (Iseva Yokuphathwa Kwephoyinti). Iklayenti lingamisa ukuskena kwedeskithophu kanye nokuvimbela ukungena, lakha uhlu olumhlophe lwamakheli.
Engeza izici zokuqinisekisa. Ngokuzenzakalelayo, abasebenzisi bagunyazwa nge-Citrix netscaler. Lapha, futhi, singathuthukisa ukuphepha ngokufakazela ubuqiniso bezinto eziningi ngokusekelwe emikhiqizweni ye-SafeNet. Lesi sihloko sidinga ukunakwa okukhethekile, sizophinde sikhulume ngaso esihlokweni esihlukile.
Siqongelele isipiliyoni esinjalo sokusebenza nezisombululo ezahlukahlukene onyakeni wokugcina womsebenzi. Isevisi ye-VDI ilungiselelwe ngokwehlukana kuklayenti ngalinye, ngakho sikhethe amathuluzi avumelana nezimo kakhulu. Mhlawumbe esikhathini esizayo esiseduze sizofaka okunye futhi sabelane ngolwazi lwethu.
Ngomhla ka-7 Okthoba ngo-17.00 ozakwethu bazokhuluma ngamadeskithophu abonakalayo kuwebhu yewebhu "Ingabe ngidinga i-VDI, noma indlela yokuhlela umsebenzi okude?"
, uma ufuna ukuxoxa lapho ubuchwepheshe be-VDI bufanele inkampani, futhi uma kungcono ukusebenzisa ezinye izindlela.
Source: www.habr.com