softwarecloudlink

cloudlink  时间:2021-01-08  阅读:()
SOLUTIONOVERVIEWVMwarevSANSecurityZoneDeploymentVMwarevSphereClustersinSecurityZonesAsecurityzone,alsoreferredtoasa"DMZ,"isasub-networkthatisdesignedtoprovidetightlycontrolledconnectivitytoanorganization'sinternalITinfrastructureandapplications.
Asecurityzonetypicallycontainsexternal-facingservicesthatareaccessiblefromuntrustednetworkssuchastheInternet.
Othercommonusecasesforsecurityzonesareinternalisolationforclassiedenvironmentsordevelopmentinfrastructures.
Theprimarypurposeofthisarchitectureisaddinganotherlayerofsecuritytofurtherreducetheriskofunauthorizedaccesstoanorganization'sinternalnetwork,applications,anddata.
Oneofthemostsignicantthreatstosecurityinanyenvironmentismisconguration.
Complexityincreasesthepossibilityofmisconguration,whichcouldleadtopotentialsecurityincidents.
VMwarevSphereuses"bare-metal"virtualization,sothehypervisorinterfacesdirectlywithserverhardwarewithouttheneedforamorecomplex,generaloperatingsystem.
ThisapproachreducestheattacksurfaceandhelpssafeguardfromOS-relatedvulnerabilitiesmakingitthemostrobustandsecurevirtualizationplatformintheindustry—anexcellentplatformforrunningworkloadsinsecurityzones.
Examplesofworkloadstypicallyfoundinsecurityzonesincludewebservers,emailgateways,andproxyservices.
Itisverycommonfortheseworkloadstohavehighavailabilityrequirements.
FeaturessuchasvSphereHighAvailability,vSphereFaultTolerance,andvSphereDistributedResourceSchedulerhelpprotectvirtualizedapplicationsandservicesfromdowntimeassociatedwithhardwarefailuresandresourcecontention.
Thesefeaturesrequiresharedstorage,whichmeansaccesstointernallyhostedstoragenetworks(SANandNAS)arecommonlyextendedtosecurityzones.
Thispotentiallyopensupadditionaloptionsforhackerstogainaccesstointernalresourcesandleadstomorecomplexrewallcongurations.
Anotheroptionisadedicatedstorageappliancecontainedwithinthesecurityzone,butthissolutioncanbeexpensiveandaddmanagementoverhead.
Computeandstorageresourcesforasecurityzoneareideallyverysecure,simpletoimplement,cost-effective,andprovidetheperformanceandavailabilitylevelsnecessarytorunandprotectcritical,external-facingworkloads.
vSphereandVMwarevSANprovidethehyper-convergedinfrastructure(HCI)bestsuitedtomeettheserequirements.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMwarevSANSecurityZoneDeploymentWhyvSANforaSecurityZonevSANisVMware'ssoftware-denedstoragesolutionforHCI.
vSANandvSphereprovideacomplete,nativelyintegratedplatformconsistingofcompute,network,andstorageresourcesthataresecureandisolatedfromtherestoftheinfrastructure.
SincedisksinternaltothevSpherehostsareusedtocreateavSANdatastore,thereisnodependencyonexternalsharedstorageappliances.
Virtualmachinescanbeassignedspecicstoragepoliciesbasedontheavailabilityandperformanceneedsoftheapplication.
External-facingworkloadsbenetfromdependablestorageandpredictableperformancecharacteristicswhileminimizingrisk.
vSANisbuiltonanoptimizedI/OdatapathinthevSpherehypervisor.
ItismanagedasacorecomponentofavSphereenvironmentmeaningseparateadministrationtoolsandconnectionsarenotrequired.
Thisminimizestheattacksurfaceandcomplexityofthecomputeandstorageinfrastructure.
Lowercomplexityreducesthechancesofamiscongurationthatcouldleadtovulnerability.
Virtualmachine-centricstoragepoliciesarecreatedandassignedforvariousworkloadtypes.
PoliciesarebasedupontheavailabilityandperformanceservicesprovidedbyvSAN.
Thesepoliciescanbemodiedandreassigned,asneeded,withnodowntime.
AccesstothevSANdatastoreisconnedtothehostsinthesamevSANcluster.
AdedicatedHCIwithvSphereandvSANhelpensurecontrolledaccess,predictableperformance,andavailabilityofapplicationsandservicesinasecurityzonewithoutincreasingrisk.
Runningworkloadsonaseparatecomputeandstorageplatformfacilitatesmoreexibilitywithmaintenanceschedules.
vSANincludesahealthdashboard,whichautomaticallymonitorsandalertsonitemssuchasoveralldiskhealth,hardwarecompatibilitylist(HCL)compliance,networkconnectivityissues,andhighutilization.
Ifanalertisraised,administratorscaneasilyandquicklystartassessingtheissuebyclickingtheAskVMwarebuttoninthevSANHealthuserinterface,whichtakesthemdirectlytotherelevantVMwareknowledgebasearticle.
TimelyalertsandissueresolutionisonemorewayvSANenablesasecureandstableplatformforbusinesscriticalapplications.
NativeDataatRestEncryptionvSANencryptionisanoptionforvSANdatastorestofurtherimprovesecurityandprovidecompliancewithincreasinglystringentregulatoryrequirements.
SincevSANencryptionisnativetovSAN,iteliminatestheextracost,limitations,andcomplexityassociatedwithprocuringandmaintainingself-encryptingdrives.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMwarevSANSecurityZoneDeploymentAKeyManagementServer(KMS)isrequiredtoenableandusevSANencryption.
MultipleKMSvendorsarecompatibleincludingHyTrust,Gemalto(SafeNet),Thalese-Security,CloudLink,andVormetric.
AfteratrustrelationshiphasbeensetupbetweenVMwarevCenterServerandtheKMScluster,vSANencryptionisenabledwithjustafewmouseclicks.
vSANdatastoreencryptionisenabledandconguredatthedatastorelevel.
Inotherwords,everyobjectonthevSANdatastoreisencryptedwhenthisfeatureisenabled.
DataisencryptedusinganAES256cipherwhenitiswrittentopersistentmediainthecacheandcapacitytiersofavSANdatastore.
EncryptionoccursjustabovethedevicedriverlayerofthevSpherestoragestack,whichmeansitiscompatiblewithallvSANfeaturessuchasdeduplication,compression,andRAID-5/6erasurecoding.
vSANwithvSphereAvailabilityTheuseoflocaldiskdatastoreswithoutvSANintroducesrisktoapplicationuptime.
Forexample,onlyonecopyofavirtualmachine'slesisstoredonalocaldisk.
Ifthatdiskfails,thevirtualmachinelesmustberestoredfrombackupmedia,whichistimeconsumingandunreliable.
Itispossibletocreateasecondcopyofvirtualmachinelesonanotherdisk,buttheprocessisnotautomaticandmustbeperformedfrequently.
Therecoveryfromthissecondcopywouldalsobeamanualprocessincreasingriskandrecoverytime.
vSANaddressesthesechallengesbyaggregatinglocaldisksintoashareddatastoredistributedacrosshostsinthecluster.
vSANfeaturesastoragepolicyrulecalled"Primaryleveloffailurestotolerate"or"PFTT,"whichdenesthenumberofreplicasofavirtualmachine'slestodistributeacrossphysicalnodesinthevSANcluster.
Forexample,whenPFTT=1,vSANwillcreateandmaintaintwomirroredreplicasofthevirtualmachine'slesandplacethemonseparatehosts.
Ifadiskorhostcontainingoneofthosereplicasisoffline,thedataisstillaccessiblefromtheotherreplica.
vSphereHArequiressharedstorageandvSANistightlyintegratedwithvSphereHA.
Ifahostfails,virtualmachinesthatwererunningonthefailedhostareautomaticallyrebootedbyvSphereHAonotherhostsintheclustertominimizedowntime.
vSphereHAcanalsomonitorguestoperatingsystemsandautomaticallyrebootavirtualmachineintheeventofanoperatingsystemfailuresuchasaWindowsbluescreen.
vSphereFaultToleranceisalsocompatiblewithvSANandprovidescontinuousavailabilityforapplicationswithuptofourvirtualCPUsintheeventofahostfailure.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMwarevSANSecurityZoneDeploymentAvarietyofdataprotectionsolutionsareavailabletobackupandrecovervirtualmachinesandapplicationsinavSANcluster.
Checkwithyourdataprotectionvendortoverifysupportandlookforthe"VMwareReadyforvSAN"logo.
VirtualmachinereplicationsolutionssuchasDellEMCRecoverPointforVirtualMachinesandVMwarevSphereReplicationworksseamlesslywithvSANtoenablerapid,reliableper-virtualmachinerecovery.
vSANPerformancevSANisuniquelyembeddedinthevSpherehypervisorkernelandsitsdirectlyintheI/Odatapath.
ItcandeliverthehighestlevelsofperformancewithouttaxingtheCPUorconsuminghighamountsofmemoryresources,ascomparedtoothervirtualstorageappliancesthatrunseparatelyontopofthehypervisor.
All-ashvSANcongurationsprovideexcellentperformancewithpredictable,lowlatencies.
Acombinationofmagneticandsolidstatedrivescanbeusedtoenableash-acceleratedhybridcongurations.
Specicrulessuchas"Numberofdiskstripesperobject"and"Flashreadcachereservation(%)"canbeusedtoaccelerateread-intensiveworkloads—especiallyinhybridvSANcongurations.
WithvSAN,itispossibletoapplypolicieswithprecision.
Forexample,databaseserversarecommonlydeployedwiththeguestOSononevirtualdiskanddatabasesonothervirtualdisks.
Astoragepolicythatreservesahigherpercentageofashreadcachecouldbeassignedspecicallytothevirtualdiskscontainingdatabasestohelpguaranteeperformance.
VisibilityandProactiveNoticationswithvRealizeOperationsvSANincludesahealthcheckfeaturetomonitoritemssuchasnetworkconnectivity,diskcapacity,componentmetadata,andcompliancewiththehardwarecompatibilitylist(HCL).
Whilethismightbesufficientinmanycases,enhancedvisibilityandmanagementcapabilitiesacrossvSANclustersatmultiplelocationsareavailablewithVMwarevRealizeOperations.
vRealizeOperationsManagerincludesdashboardsforvSANsuchasCapacityOverview,OptimizevSANDeployments,andOperationsOverview.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.
VMwarevSANSecurityZoneDeploymentvRealizeOperationsfeaturespredictiveanalyticsandsmartalertstohelpensureoptimumperformanceandavailabilityofapplicationsandinfrastructures.
vRealizeOperationsManagerenablesadministratorstomonitorseveralfactorssuchasreadandwriteIOPS,throughput,latency,cachehits,writebufferutilization,andcapacity.
Capacityutilizationandtimeremainingmetricsarealsoincluded.
vRealizeOperationsanalyzesconsumptiontrendsandprovidesestimatesontheamountoftimeremainingbeforeresourcesareexhausted.
Thismakesiteasierforadministratorstoprocureadditionalcapacityinatimelymannertoavoidprojectdelaysandmoreseriousissuessuchasapplicationdowntimeduetolackoffreespace.
EasilyAddCapacitywithoutDowntimevSANisadistributedarchitecturethatallowsforelastic,non-disruptivescaling.
Computeandstoragecapacityisscaledoutsimplybybringinganewhostintothecluster.
Storagecapacityandperformancecanbescaledupindependentlybyaddingnewdrivestoexistinghosts.
This"grow-as-you-go"modelprovidespredictable,linearscalingforremoteofficeenvironmentswithaffordableinvestmentsspreadoutovertime.
SummaryvSANandvSphereprovidethebestHCIplatformforrunningvirtualmachineworkloadsrequiringpredictableperformanceandavailabilityinsecureenvironments.
vSpherehasachievedmultiplesecuritycerticationsandhasaproventrackrecord.
vSphereandvSANistherstandonlyHCIsolutionthatispartofaDISASTIG.
TheintegrationofvSANwithvSpherereducesriskthroughpolicy-basedmanagementandrole-basedaccesscontrol.
Importantservicessuchasexternal-facingwebsites,email,andemployeeremoteaccesscanbenetfromsharedstoragewithoutthecostandcomplexityofdedicatedstoragehardware.
Virtualmachine-centricstoragepoliciesarecreated,assigned,andmodied,asneedschangeintheenvironment.
MaintenancewindowsareeasiertoscheduleandtherearefeaturessuchasvSphereHAandvSphereReplicationtoenablerapidrecoveryfromunplanneddowntime.
vSANhealthmonitoringisincludedand,optionally,vRealizeOperationsManagementPackforStorageDevicesprovidesmultiplevSANdashboardsforproactivealerting,heatmaps,deviceandclusterinsights,andstreamlinedissueresolution.
VMware,Inc.
3401HillviewAvenuePaloAltoCA94304USATel877-486-9273Fax650-427-5001www.
vmware.
comCopyright2017VMware,Inc.
Allrightsreserved.
ThisproductisprotectedbyUSandinternationalcopyrightandintellectualpropertylaws.
VMwareproductsarecoveredbyoneormorepatentslistedathttp://www.
vmware.
com/go/patents.
VMwareisaregisteredtrademarkortrademarkofVMware,Inc.
intheUnitedStatesand/orotherjurisdictions.
Allothermarksandnamesmentionedhereinmaybetrademarksoftheirrespectivecompanies.

A400互联(49元/月)洛杉矶CN2 GIA+BGP、1Gbps带宽,全场独服永久5折优惠

a400互联是一家成立于2020年商家,主营美国机房的产品,包括BGP线路、CN2 GIA线路的云服务器、独立服务器、高防服务器,接入线路优质,延迟低,稳定性高,额外也还有香港云服务器业务。当前,全场服务器5折,香港VPS7折,洛杉矶VPS5折,限时促销!A400互联官网:https://a400.net/优惠活动全场独服永久5折优惠(续费同价):0722香港VPS七折优惠:0711洛杉矶VPS五...

妮妮云,美国cera CN2线路,VPS享3折优惠

近期联通CUVIP的线路(AS4837线路)非常火热,妮妮云也推出了这类线路的套餐以及优惠,目前到国内优质线路排行大致如下:电信CN2 GIA>联通AS9929>联通AS4837>电信CN2 GT>普通线路,AS4837线路比起前两的优势就是带宽比较大,相对便宜一些,所以大家才能看到这个线路的带宽都非常高。妮妮云互联目前云服务器开放抽奖活动,每天开通前10台享3折优惠,另外...

香港服务器租用多少钱一个月?影响香港服务器租用价格因素

香港服务器租用多少钱一个月?香港服务器受到很多朋友的青睐,其中免备案成为其特色之一。很多用户想了解香港云服务器价格多少钱,也有同行询问香港服务器的租赁价格,一些实际用户想要了解香港服务器的市场。虽然价格是关注的焦点,但价格并不是香港服务器的全部选择。今天小编介绍了一些影响香港服务器租赁价格的因素,以及在香港租一个月的服务器要花多少钱。影响香港服务器租赁价格的因素:1.香港机房选择香港机房相当于选择...

cloudlink为你推荐
服务器空间租用租个服务器 一年多少钱免费注册域名怎样免费注册域名呢 要详细的步骤哦美国vps服务器请问国外VPS服务器去哪里买呀,急求?拜托了各位 谢谢独立ip空间独立IP空间和共享IP的区别域名空间请问域名和空间有什么分别租服务器租个服务器?哪里租?海外服务器租用国外服务器租用中文域名注册查询哪里有可以查询中文域名是否被注册的地方?网站服务器租用哪些网站适合租用独立服务器?国内ip代理求一些国内《ip代理》地址大全
justhost diahosting 美元争夺战 56折 20g硬盘 商家促销 网站被封 网通服务器ip 魔兽世界台湾服务器 嘟牛 韩国名字大全 me空间社区 国外代理服务器软件 hkt 上海服务器 linux使用教程 优酷黄金会员账号共享 论坛主机 万网注册 测试网速命令 更多