Ingabe kunzima ukudala umshini obonakalayo (VM) efwini? Akunzima ukwedlula ukwenza itiye. Kodwa uma kuziwa enkampanini enkulu, ngisho nesenzo esinjalo esilula singaba side kabuhlungu. Akwanele ukwakha umshini obonakalayo; udinga futhi ukuthola ukufinyelela okudingekayo ukuze usebenze ngokuhambisana nayo yonke imithethonqubo. Ubuhlungu obujwayelekile babo bonke onjiniyela? Kwelinye ibhange elikhulu, le nqubo yathatha amahora ambalwa kuya ezinsukwini ezimbalwa. Futhi njengoba bekunamakhulu emisebenzi efanayo ngenyanga, kulula ukucabanga ubukhulu balolu hlelo oludla abasebenzi. Ukuqeda lokhu, senze ifu eliyimfihlo lebhange libe lesimanje futhi asigcinanga ngokuzenzakalelayo inqubo yokudala ama-VM, kodwa nemisebenzi ehlobene nayo.
Umsebenzi No. 1. Ifu elinoxhumano lwe-inthanethi
Ibhange lidale ifu eliyimfihlo lisebenzisa ithimba langaphakathi le-IT engxenyeni eyodwa yenethiwekhi. Ngokuhamba kwesikhathi, abaphathi bathokozele izinzuzo zayo futhi banquma ukunweba umqondo wamafu oyimfihlo kwezinye izindawo nezingxenye zebhange. Lokhu kudinga ochwepheshe abengeziwe nobungcweti obuqinile kumafu ayimfihlo. Ngakho-ke, ithimba lethu laphathiswa ukwenza ifu libe lesimanje.
Ukusakazwa okuyinhloko kwale phrojekthi kwaba ukwakhiwa kwemishini ebonakalayo engxenyeni eyengeziwe yokuphepha kolwazi - endaweni engahlosiwe (DMZ). Yilapho izinsiza zebhange zihlanganiswa nezinhlelo zangaphandle ezingaphandle kwengqalasizinda yamabhange.
Kodwa le ndondo iphinde yaba ne-flip side. Izinkonzo ezivela ku-DMZ zazitholakala “ngaphandle” futhi lokhu kwakuhlanganisa lonke isethi yolwazi lwezingozi zokuphepha. Okokuqala, lokhu kuwusongo lwezinhlelo zokugebenga, ukwandiswa kwenkundla yokuhlasela ku-DMZ, bese kungenwa nengqalasizinda yebhange. Ukuze kuncishiswe ezinye zalezi zingozi, siphakamise ukuthi kusetshenziswe indlela eyengeziwe yokuphepha - isisombululo sokuhlukanisa izingxenye ezincane.
Ukuvikelwa kwe-micro-segmentation
Ukuhlukaniswa kwakudala kwakha imingcele evikelekile emingceleni yamanethiwekhi kusetshenziswa i-firewall. Nge-microsegmentation, i-VM ngayinye ingahlukaniswa ibe ingxenye yomuntu siqu, engayodwa.
Lokhu kuthuthukisa ukuvikeleka kwalo lonke uhlelo. Noma ngabe abahlaseli bagebenga iseva eyodwa ye-DMZ, kuzoba nzima kakhulu kubo ukusabalalisa ukuhlasela kunethiwekhi yonkana - kuzodingeka bagqekeze “iminyango ekhiyiwe” eminingi ngaphakathi kwenethiwekhi. I-firewall yomuntu siqu ye-VM ngayinye iqukethe imithetho yayo mayelana nayo, enquma ilungelo lokungena nokuphuma. Sinikeze ukuhlukaniswa okuncane sisebenzisa i-VMware NSX-T Distributed Firewall. Lo mkhiqizo udala imithetho ye-firewall yama-VM futhi uwasabalalise kuyo yonke ingqalasizinda yokwenza izinto ezibonakalayo. Akunandaba ukuthi iyiphi i-OS yesivakashi esetshenziswayo, umthetho usetshenziswa ezingeni lokuxhuma imishini ebonakalayo kunethiwekhi.
Inkinga N2. Ekufuneni isivinini kanye lula
Sebenzisa umshini obonakalayo? Kalula! Ukuchofoza okumbalwa futhi usuqedile. Kepha bese kuphakama imibuzo eminingi: kanjani ukuthola ukufinyelela kusuka kule VM kuya kwenye noma uhlelo? Noma kusuka kwenye isistimu emuva ku-VM?
Isibonelo, ebhange, ngemva koku-oda i-VM ku-portal yefu, kwakudingeka ukuvula i-portal yokusekelwa kwezobuchwepheshe bese uhambisa isicelo sokuhlinzekwa kokufinyelela okudingekayo. Iphutha esicelweni liholele ekushayeni izingcingo kanye nezincwadi ukuze kulungiswe isimo. Ngesikhathi esifanayo, i-VM ingaba nokufinyelela okungu-10-15-20 futhi ukucubungula ngakunye kuthathe isikhathi. Inqubo kaDeveli.
Ngaphezu kwalokho, imikhondo "yokuhlanza" yomsebenzi wempilo yemishini ekude ekude yayidinga ukunakekelwa okukhethekile. Ngemuva kokuthi zisusiwe, izinkulungwane zemithetho yokufinyelela yahlala ku-firewall, ilayisha imishini. Lokhu kokubili kuwumthwalo owengeziwe nezimbobo zokuphepha.
Awukwazi ukwenza lokhu ngemithetho efwini. Akulungile futhi akuphephile.
Ukuze unciphise isikhathi esisithathayo ukunikeza ukufinyelela kuma-VM nokwenza kube lula ukuwaphatha, sithuthukise isevisi yokulawula ukufinyelela kwenethiwekhi yama-VM.
Umsebenzisi osezingeni lomshini obonakalayo kumenyu yokuqukethwe ukhetha into ukuze akhe umthetho wokufinyelela, bese ngendlela evulayo acacise amapharamitha - ukusuka lapho, kuphi, izinhlobo zephrothokholi, izinombolo zembobo. Ngemva kokugcwalisa kanye nokuthumela ifomu, amathikithi adingekayo adaleka ngokuzenzakalelayo ohlelweni losekelo lomsebenzisi olusekelwe ku-HP Service Manager. Banomthwalo wemfanelo wokugunyaza lokhu noma lokho kufinyelela futhi, uma ukufinyelela kuvunyiwe, kochwepheshe abenza eminye imisebenzi engakenziwa ngokuzenzakalelayo.
Ngemuva kokuthi isigaba senqubo yebhizinisi ebandakanya ochwepheshe sesisebenzile, ingxenye yesevisi iqala eyenza ngokuzenzakalelayo imithetho kuma-firewall.
Njengechord yokugcina, umsebenzisi ubona isicelo esiqedwe ngempumelelo kuphothali. Lokhu kusho ukuthi umthetho udaliwe futhi ungakwazi ukusebenza nawo - buka, shintsha, susa.
Isikolo sokugcina sezinzuzo
Empeleni, senze izingxenye ezincane zefu eliyimfihlo zibe zesimanjemanje, kodwa ibhange lithole umphumela obonakalayo. Abasebenzisi manje bathola ukufinyelela kwenethiwekhi kuphela ngephothali, ngaphandle kokusebenzelana ngokuqondile neDeski Lesevisi. Izinkambu zefomu eliphoqelekile, ukuqinisekiswa kwazo ngokunemba kwedatha efakiwe, izinhlu ezilungiselelwe ngaphambilini, idatha eyengeziwe - konke lokhu kusiza ukwakha isicelo esinembile sokufinyelela, esizocatshangelwa ngezinga eliphezulu futhi singanqatshwa abasebenzi bezokuphepha kolwazi ukufaka amaphutha. Imishini ebonakalayo ayisewona amabhokisi amnyama—ungaqhubeka nokusebenza nawo ngokwenza izinguquko kuphothali.
Ngenxa yalokho, namuhla ochwepheshe be-IT bebhange banalo ithuluzi elilula kakhulu lokuthola ukufinyelela, futhi yilabo bantu kuphela abahilelekile kule nqubo, ngaphandle kwabo abangakwazi ukwenza ngaphandle kwabo. Sekukonke, ngokwezindleko zabasebenzi, lokhu ukukhululwa emthwalweni ogcwele wansuku zonke okungenani ongu-1, kanye nenqwaba yamahora elondolozwe kubasebenzisi. Ukuzenzakalela kokudala imithetho kwenze kwaba nokwenzeka ukuqalisa isixazululo sokuhlukanisa izingxenye ezincane esingadali umthwalo kubasebenzi basebhange.
Futhi ekugcineni, "umthetho wokufinyelela" waba iyunithi ye-accounting yefu. Okusho ukuthi, manje ifu ligcina ulwazi mayelana nemithetho yawo wonke ama-VM futhi liwahlanze lapho kususwa imishini ebonakalayo.
Ngokushesha izinzuzo zesimanje zizosabalala kulo lonke ifu lebhange. Ukuzenzakalela kwenqubo yokudala ye-VM kanye nokuhlukaniswa okuncane kudlulele ngale kwe-DMZ futhi kwathwebula amanye amasegimenti. Futhi lokhu kwandisa ukulondeka kwefu lilonke.
Isixazululo esisetshenzisiwe siyathakazelisa futhi ngoba sivumela ibhange ukuthi lisheshise izinqubo zokuthuthukiswa, lilethe eduze nemodeli yezinkampani ze-IT ngokwalesi simiso. Phela, uma kukhulunywa ngezinhlelo zokusebenza zeselula, izingosi, kanye nezinsizakalo zamakhasimende, noma iyiphi inkampani enkulu namuhla ilwela ukuba “imboni” yokukhiqiza imikhiqizo yedijithali. Ngalo mqondo, amabhange adlala ngokulingana nezinkampani ze-IT eziqine kakhulu, ahambisana nokwakhiwa kwezicelo ezintsha. Futhi kuhle uma amakhono wengqalasizinda ye-IT eyakhelwe kumodeli wamafu wangasese ekuvumela ukuthi unikeze izinsiza ezidingekayo zalokhu ngemizuzu embalwa futhi ngokuphepha ngangokunokwenzeka.
Ababhali:
UVyacheslav Medvedev, iNhloko yoMnyango we-Cloud Computing, iJet Infosystems,
U-Ilya Kuikin, unjiniyela oholayo womnyango we-cloud computing we-Jet Infosystems
Source: www.habr.com