softwarecloudlink
cloudlink 时间:2021-01-08 阅读:(
)
SOLUTIONOVERVIEWVMwarevSANSecurityZoneDeploymentVMwarevSphereClustersinSecurityZonesAsecurityzone,alsoreferredtoasa"DMZ,"isasub-networkthatisdesignedtoprovidetightlycontrolledconnectivitytoanorganization'sinternalITinfrastructureandapplications.
Asecurityzonetypicallycontainsexternal-facingservicesthatareaccessiblefromuntrustednetworkssuchastheInternet.
Othercommonusecasesforsecurityzonesareinternalisolationforclassiedenvironmentsordevelopmentinfrastructures.
Theprimarypurposeofthisarchitectureisaddinganotherlayerofsecuritytofurtherreducetheriskofunauthorizedaccesstoanorganization'sinternalnetwork,applications,anddata.
Oneofthemostsignicantthreatstosecurityinanyenvironmentismisconguration.
Complexityincreasesthepossibilityofmisconguration,whichcouldleadtopotentialsecurityincidents.
VMwarevSphereuses"bare-metal"virtualization,sothehypervisorinterfacesdirectlywithserverhardwarewithouttheneedforamorecomplex,generaloperatingsystem.
ThisapproachreducestheattacksurfaceandhelpssafeguardfromOS-relatedvulnerabilitiesmakingitthemostrobustandsecurevirtualizationplatformintheindustry—anexcellentplatformforrunningworkloadsinsecurityzones.
Examplesofworkloadstypicallyfoundinsecurityzonesincludewebservers,emailgateways,andproxyservices.
Itisverycommonfortheseworkloadstohavehighavailabilityrequirements.
FeaturessuchasvSphereHighAvailability,vSphereFaultTolerance,andvSphereDistributedResourceSchedulerhelpprotectvirtualizedapplicationsandservicesfromdowntimeassociatedwithhardwarefailuresandresourcecontention.
Thesefeaturesrequiresharedstorage,whichmeansaccesstointernallyhostedstoragenetworks(SANandNAS)arecommonlyextendedtosecurityzones.
Thispotentiallyopensupadditionaloptionsforhackerstogainaccesstointernalresourcesandleadstomorecomplexrewallcongurations.
Anotheroptionisadedicatedstorageappliancecontainedwithinthesecurityzone,butthissolutioncanbeexpensiveandaddmanagementoverhead.
Computeandstorageresourcesforasecurityzoneareideallyverysecure,simpletoimplement,cost-effective,andprovidetheperformanceandavailabilitylevelsnecessarytorunandprotectcritical,external-facingworkloads.
vSphereandVMwarevSANprovidethehyper-convergedinfrastructure(HCI)bestsuitedtomeettheserequirements.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMwarevSANSecurityZoneDeploymentWhyvSANforaSecurityZonevSANisVMware'ssoftware-denedstoragesolutionforHCI.
vSANandvSphereprovideacomplete,nativelyintegratedplatformconsistingofcompute,network,andstorageresourcesthataresecureandisolatedfromtherestoftheinfrastructure.
SincedisksinternaltothevSpherehostsareusedtocreateavSANdatastore,thereisnodependencyonexternalsharedstorageappliances.
Virtualmachinescanbeassignedspecicstoragepoliciesbasedontheavailabilityandperformanceneedsoftheapplication.
External-facingworkloadsbenetfromdependablestorageandpredictableperformancecharacteristicswhileminimizingrisk.
vSANisbuiltonanoptimizedI/OdatapathinthevSpherehypervisor.
ItismanagedasacorecomponentofavSphereenvironmentmeaningseparateadministrationtoolsandconnectionsarenotrequired.
Thisminimizestheattacksurfaceandcomplexityofthecomputeandstorageinfrastructure.
Lowercomplexityreducesthechancesofamiscongurationthatcouldleadtovulnerability.
Virtualmachine-centricstoragepoliciesarecreatedandassignedforvariousworkloadtypes.
PoliciesarebasedupontheavailabilityandperformanceservicesprovidedbyvSAN.
Thesepoliciescanbemodiedandreassigned,asneeded,withnodowntime.
AccesstothevSANdatastoreisconnedtothehostsinthesamevSANcluster.
AdedicatedHCIwithvSphereandvSANhelpensurecontrolledaccess,predictableperformance,andavailabilityofapplicationsandservicesinasecurityzonewithoutincreasingrisk.
Runningworkloadsonaseparatecomputeandstorageplatformfacilitatesmoreexibilitywithmaintenanceschedules.
vSANincludesahealthdashboard,whichautomaticallymonitorsandalertsonitemssuchasoveralldiskhealth,hardwarecompatibilitylist(HCL)compliance,networkconnectivityissues,andhighutilization.
Ifanalertisraised,administratorscaneasilyandquicklystartassessingtheissuebyclickingtheAskVMwarebuttoninthevSANHealthuserinterface,whichtakesthemdirectlytotherelevantVMwareknowledgebasearticle.
TimelyalertsandissueresolutionisonemorewayvSANenablesasecureandstableplatformforbusinesscriticalapplications.
NativeDataatRestEncryptionvSANencryptionisanoptionforvSANdatastorestofurtherimprovesecurityandprovidecompliancewithincreasinglystringentregulatoryrequirements.
SincevSANencryptionisnativetovSAN,iteliminatestheextracost,limitations,andcomplexityassociatedwithprocuringandmaintainingself-encryptingdrives.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMwarevSANSecurityZoneDeploymentAKeyManagementServer(KMS)isrequiredtoenableandusevSANencryption.
MultipleKMSvendorsarecompatibleincludingHyTrust,Gemalto(SafeNet),Thalese-Security,CloudLink,andVormetric.
AfteratrustrelationshiphasbeensetupbetweenVMwarevCenterServerandtheKMScluster,vSANencryptionisenabledwithjustafewmouseclicks.
vSANdatastoreencryptionisenabledandconguredatthedatastorelevel.
Inotherwords,everyobjectonthevSANdatastoreisencryptedwhenthisfeatureisenabled.
DataisencryptedusinganAES256cipherwhenitiswrittentopersistentmediainthecacheandcapacitytiersofavSANdatastore.
EncryptionoccursjustabovethedevicedriverlayerofthevSpherestoragestack,whichmeansitiscompatiblewithallvSANfeaturessuchasdeduplication,compression,andRAID-5/6erasurecoding.
vSANwithvSphereAvailabilityTheuseoflocaldiskdatastoreswithoutvSANintroducesrisktoapplicationuptime.
Forexample,onlyonecopyofavirtualmachine'slesisstoredonalocaldisk.
Ifthatdiskfails,thevirtualmachinelesmustberestoredfrombackupmedia,whichistimeconsumingandunreliable.
Itispossibletocreateasecondcopyofvirtualmachinelesonanotherdisk,buttheprocessisnotautomaticandmustbeperformedfrequently.
Therecoveryfromthissecondcopywouldalsobeamanualprocessincreasingriskandrecoverytime.
vSANaddressesthesechallengesbyaggregatinglocaldisksintoashareddatastoredistributedacrosshostsinthecluster.
vSANfeaturesastoragepolicyrulecalled"Primaryleveloffailurestotolerate"or"PFTT,"whichdenesthenumberofreplicasofavirtualmachine'slestodistributeacrossphysicalnodesinthevSANcluster.
Forexample,whenPFTT=1,vSANwillcreateandmaintaintwomirroredreplicasofthevirtualmachine'slesandplacethemonseparatehosts.
Ifadiskorhostcontainingoneofthosereplicasisoffline,thedataisstillaccessiblefromtheotherreplica.
vSphereHArequiressharedstorageandvSANistightlyintegratedwithvSphereHA.
Ifahostfails,virtualmachinesthatwererunningonthefailedhostareautomaticallyrebootedbyvSphereHAonotherhostsintheclustertominimizedowntime.
vSphereHAcanalsomonitorguestoperatingsystemsandautomaticallyrebootavirtualmachineintheeventofanoperatingsystemfailuresuchasaWindowsbluescreen.
vSphereFaultToleranceisalsocompatiblewithvSANandprovidescontinuousavailabilityforapplicationswithuptofourvirtualCPUsintheeventofahostfailure.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMwarevSANSecurityZoneDeploymentAvarietyofdataprotectionsolutionsareavailabletobackupandrecovervirtualmachinesandapplicationsinavSANcluster.
Checkwithyourdataprotectionvendortoverifysupportandlookforthe"VMwareReadyforvSAN"logo.
VirtualmachinereplicationsolutionssuchasDellEMCRecoverPointforVirtualMachinesandVMwarevSphereReplicationworksseamlesslywithvSANtoenablerapid,reliableper-virtualmachinerecovery.
vSANPerformancevSANisuniquelyembeddedinthevSpherehypervisorkernelandsitsdirectlyintheI/Odatapath.
ItcandeliverthehighestlevelsofperformancewithouttaxingtheCPUorconsuminghighamountsofmemoryresources,ascomparedtoothervirtualstorageappliancesthatrunseparatelyontopofthehypervisor.
All-ashvSANcongurationsprovideexcellentperformancewithpredictable,lowlatencies.
Acombinationofmagneticandsolidstatedrivescanbeusedtoenableash-acceleratedhybridcongurations.
Specicrulessuchas"Numberofdiskstripesperobject"and"Flashreadcachereservation(%)"canbeusedtoaccelerateread-intensiveworkloads—especiallyinhybridvSANcongurations.
WithvSAN,itispossibletoapplypolicieswithprecision.
Forexample,databaseserversarecommonlydeployedwiththeguestOSononevirtualdiskanddatabasesonothervirtualdisks.
Astoragepolicythatreservesahigherpercentageofashreadcachecouldbeassignedspecicallytothevirtualdiskscontainingdatabasestohelpguaranteeperformance.
VisibilityandProactiveNoticationswithvRealizeOperationsvSANincludesahealthcheckfeaturetomonitoritemssuchasnetworkconnectivity,diskcapacity,componentmetadata,andcompliancewiththehardwarecompatibilitylist(HCL).
Whilethismightbesufficientinmanycases,enhancedvisibilityandmanagementcapabilitiesacrossvSANclustersatmultiplelocationsareavailablewithVMwarevRealizeOperations.
vRealizeOperationsManagerincludesdashboardsforvSANsuchasCapacityOverview,OptimizevSANDeployments,andOperationsOverview.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMwarevSANSecurityZoneDeploymentvRealizeOperationsfeaturespredictiveanalyticsandsmartalertstohelpensureoptimumperformanceandavailabilityofapplicationsandinfrastructures.
vRealizeOperationsManagerenablesadministratorstomonitorseveralfactorssuchasreadandwriteIOPS,throughput,latency,cachehits,writebufferutilization,andcapacity.
Capacityutilizationandtimeremainingmetricsarealsoincluded.
vRealizeOperationsanalyzesconsumptiontrendsandprovidesestimatesontheamountoftimeremainingbeforeresourcesareexhausted.
Thismakesiteasierforadministratorstoprocureadditionalcapacityinatimelymannertoavoidprojectdelaysandmoreseriousissuessuchasapplicationdowntimeduetolackoffreespace.
EasilyAddCapacitywithoutDowntimevSANisadistributedarchitecturethatallowsforelastic,non-disruptivescaling.
Computeandstoragecapacityisscaledoutsimplybybringinganewhostintothecluster.
Storagecapacityandperformancecanbescaledupindependentlybyaddingnewdrivestoexistinghosts.
This"grow-as-you-go"modelprovidespredictable,linearscalingforremoteofficeenvironmentswithaffordableinvestmentsspreadoutovertime.
SummaryvSANandvSphereprovidethebestHCIplatformforrunningvirtualmachineworkloadsrequiringpredictableperformanceandavailabilityinsecureenvironments.
vSpherehasachievedmultiplesecuritycerticationsandhasaproventrackrecord.
vSphereandvSANistherstandonlyHCIsolutionthatispartofaDISASTIG.
TheintegrationofvSANwithvSpherereducesriskthroughpolicy-basedmanagementandrole-basedaccesscontrol.
Importantservicessuchasexternal-facingwebsites,email,andemployeeremoteaccesscanbenetfromsharedstoragewithoutthecostandcomplexityofdedicatedstoragehardware.
Virtualmachine-centricstoragepoliciesarecreated,assigned,andmodied,asneedschangeintheenvironment.
MaintenancewindowsareeasiertoscheduleandtherearefeaturessuchasvSphereHAandvSphereReplicationtoenablerapidrecoveryfromunplanneddowntime.
vSANhealthmonitoringisincludedand,optionally,vRealizeOperationsManagementPackforStorageDevicesprovidesmultiplevSANdashboardsforproactivealerting,heatmaps,deviceandclusterinsights,andstreamlinedissueresolution.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
俄罗斯vps速度怎么样?俄罗斯vps云主机节点是欧洲十大节点之一,地处俄罗斯首都莫斯科,网络带宽辐射周边欧洲大陆,10G专线连通德国法兰克福、法国巴黎、意大利米兰等,向外连接全球。俄罗斯vps云主机速度快吗、延迟多少?由于俄罗斯数据中心出口带宽充足,俄罗斯vps云主机到全球各地的延迟、速度相对来说都不错。今天,云服务器网(yuntue.com)小编介绍一下俄罗斯vps速度及俄罗斯vps主机推荐!俄...
digital-vm在日本东京机房当前提供1Gbps带宽、2Gbps带宽、10Gbps带宽接入的独立服务器,每个月自带10T免费流量,一个独立IPv4。支持额外购买流量:20T-$30/月、50T-$150/月、100T-$270美元/月;也支持额外购买IPv4,/29-$5/月、/28-$13/月。独立从下单开始一般24小时内可以上架。官方网站:https://digital-vm.com/de...
成立于2006年的荷兰Access2.IT Group B.V.(可查:VAT: NL853006404B01,CoC: 58365400) 一直运作着主机周边的业务,当前正在对荷兰的高性能AMD平台的VPS进行5折优惠,所有VPS直接砍一半。自有AS208258,vps母鸡配置为Supermicro 1024US-TRT 1U,2*AMD Epyc 7452(64核128线程),16条32G D...
cloudlink为你推荐
独立ip主机有用过独立IP主机吗域名服务什么是域名服务?域名服务的主要作用是什么?asp虚拟空间ASP空间是什么意思?美国网站空间购买美国网站空间使用会不会麻烦呢,100m网站空间100M的最好的网站空间价格多少?国外网站空间怎么样把网站空间放到国外去?万网虚拟主机如何购买万网的虚拟主机?虚拟主机服务商请问哪个服务商的虚拟主机比较好呀大连虚拟主机大连哪些地方的网通机房好?重庆虚拟主机万网M3型虚拟主机怎么样?速度如何?
xenvps 国外永久服务器 主机测评网 adman diahosting unsplash 稳定免费空间 美国堪萨斯 华为云服务登录 google台湾 vul ebay注册 免费的域名 摩尔庄园注册 金主 supercache 空间申请 免备案cdn加速 云销售系统 国外免费网盘 更多