Cisco Cisco ASA 5585-X Adaptive Security Appliance 백서
Cisco and Public Sector Cyberdefense
13
Response and
Recovery in the
Data Center
Recovery in the
Data Center
Prevention in the Data Center
No discussion of the data center would be complete without
consideration of
consideration of
virtualization. Virtualization of servers in the data
center was designed as a method to combat the rising space, energy,
and management costs of deploying multiple single-purpose servers.
However, as virtualization becomes more prevalent, it soon became
apparent that it could also provide a security purpose. If servers are
virtualized to provide different services on a per-user-group basis, the
network infrastructure could also be divided to maintain that separation
within the data center, and indeed across the entire LAN.
and management costs of deploying multiple single-purpose servers.
However, as virtualization becomes more prevalent, it soon became
apparent that it could also provide a security purpose. If servers are
virtualized to provide different services on a per-user-group basis, the
network infrastructure could also be divided to maintain that separation
within the data center, and indeed across the entire LAN.
There are many methods for providing virtualization of the LAN
infrastructure, and proper selection of a single method, or even
constructing a hybrid architecture integrating multiple methods, will
depend on the capabilities of the individual platforms and the purpose of
the overall design.
infrastructure, and proper selection of a single method, or even
constructing a hybrid architecture integrating multiple methods, will
depend on the capabilities of the individual platforms and the purpose of
the overall design.
The Cisco Nexus 7000 Series switch has been extended to support the
notion of virtual device contexts (VDCs). A VDC can be used to virtualize
the device itself, presenting the physical switch as multiple logical
notion of virtual device contexts (VDCs). A VDC can be used to virtualize
the device itself, presenting the physical switch as multiple logical
devices. Within that VDC, it can contain its own unique and independent
set of VLANs and virtual routing and forwarding (VRF) instances.
Each VDC can have physical ports assigned to it, thus allowing for
the hardware data plane to be virtualized as well. Within each VDC, a
separate management domain can manage the VDC itself, thus allowing
the management plane itself to also be virtualized.
set of VLANs and virtual routing and forwarding (VRF) instances.
Each VDC can have physical ports assigned to it, thus allowing for
the hardware data plane to be virtualized as well. Within each VDC, a
separate management domain can manage the VDC itself, thus allowing
the management plane itself to also be virtualized.
VDCs on the Cisco Nexus 7000 can connect to individual VLAN or VRF
contexts on both the server and network infrastructure sides. Traffic for
individual virtual machine instances on the servers is segregated from
other traffic, even traffic on the same physical machine. This provides
privacy for the data, as well as isolating each context from attacks that
might occur in other device contexts.
contexts on both the server and network infrastructure sides. Traffic for
individual virtual machine instances on the servers is segregated from
other traffic, even traffic on the same physical machine. This provides
privacy for the data, as well as isolating each context from attacks that
might occur in other device contexts.
If you want to extend this virtualization by user group further into
the network, the VDCs on the Cisco Nexus 7000 Series switch can
interoperate with the Cisco Catalyst Series switches. Thus, the VDC
could be mapped into MPLS contexts on the Cisco Catalyst 6500 series
switch or into VLANs or VRFs, available across the entire Cisco Catalyst
Switching Series.
the network, the VDCs on the Cisco Nexus 7000 Series switch can
interoperate with the Cisco Catalyst Series switches. Thus, the VDC
could be mapped into MPLS contexts on the Cisco Catalyst 6500 series
switch or into VLANs or VRFs, available across the entire Cisco Catalyst
Switching Series.
5
5
The Cisco Nexus 7000
series switch also supports
VLANs and VRFs within
a single device context.
VDCs are not required for
virtualization, but do provide
the added benefit of physical
hardware isolation.
VLANs and VRFs within
a single device context.
VDCs are not required for
virtualization, but do provide
the added benefit of physical
hardware isolation.
Continue
Previous