Integrated Security data center creation (1)

How to develop a new generation of data centers correctly and rationally has become a problem that must be solved by IT administrators. Traditional data centers are no longer able to adapt to the pressures of today's exponential and increasing data, resulting in a decline in their security.

Transformation of traditional data centers

Today, the tide of web is emerging, such as Flickr, YouTuBe, BLOG, WIKI, and PODCAST. After the first burst of the Internet bubble. The hero behind these new applications is WEB technology. If WEB1.0 solves the "standardization of human-computer interaction interfaces" problem, WEB further solves the "standardization of Application Data Interaction" problem, the technical basis of WEB2.0 is XML protocol and a series of related WEB technologies.

The biggest feature of the Web 2.0 era is that everyone can become a data provider. In the next few years, the popularity of WEB applications will inevitably bring about another new standardization, that is, application standardization based on WEB technology. If we use the OSI model to describe it, it is the standardization of the Session Layer and presentation layer. "Once standardized, networking" means that these standardized application processing functions will be integrated into network devices, and new businesses will call for new application intelligent networks.

Enterprise businesses and data have changed from distributed deployment to centralized deployment, and the data volume in the data center has expanded dramatically. The importance of the data center has received unprecedented attention. application optimization, network security, and application security equipment are deployed on a large scale, application intelligent data centers that integrate application security and application optimization capabilities are becoming more and more popular. Therefore, it is certain that the requirements for network services have been greatly improved. This not only requires high-traffic data transmission, but also prevents network interruptions or faults. To integrate security technology into the network, the security technology must match the high-speed network facilities. At the same time, it also needs to simplify the network topology, simplify the management of the network, and facilitate the use of network users, to ensure the security of applications and interconnected networks.

Through the research on network security in recent years, it is not difficult to find that the security risks of the network come down to four steps:

• Security Network risks introduced from the outside at the access point through the interconnection of the internal network and external interfaces, such as through the Internet;

• Interconnection between nodes in the Intranet can easily cause regional security risks;

• Security risks arising from access to internal networks through Wlan, VPN, and other non-traditional access methods;

• Key data centers or server zones are vulnerable to targeted attacks.

Of course, there are more than these security risks in the network, such as security access, security isolation, security filtering, and security management. How to avoid these security risks is undoubtedly a challenge for network applications entering the 10G era.

In the construction of traditional data centers, in order to cope with various security threats and information leaks mentioned above, more methods are used to repair and supplement the network of the original data center, if you encounter any problems, deploy the corresponding security device for protection. Although this can solve the security problems, it is followed by more difficult problems such as maintenance, reliability, and performance. With the increasing number of network threats, security devices with different functions are deployed in the data center one by one. At the end, we can see that the network is more like a "Sugar gourd string ", this type of serial network brings a huge impact to the data center.
"Trouble ":

• The addition of new security devices requires sufficient space. However, in the well-planned data center, the space is already very tight, therefore, maintenance personnel have to "squeeze out" a certain amount of space in a small space to accommodate new devices;

• New devices must be connected to the original network devices to establish a data center that is not fully planned in advance and is not fully considered in the future, there cannot be Redundant cable resources to connect new network resources, so you need to redeploy the cables to further degrade the "complexity" of the data center;

• Although the deployment of serial structures can solve all security problems, it brings about greater reliability threats. In this network structure, any point may become the performance bottleneck of the data center, any point of failure may cause service interruption, and the reliability of the data center is facing a greater threat.

To address the problems faced by traditional data centers, H3C helps enterprises smoothly transform their data centers through an integrated network to build an intelligent data center. Based on years of profound accumulation and advanced technology in network product and security product R & D, H3C innovatively implements the firewall module and IPS intrusion protection in high-performance 10-Gigabit core switches) seven service modules, including the LB Load Balancing module, provide high-performance security assurance and application optimization on the basic network platform. It completely solves various problems in deploying security policies and application optimization for traditional data centers.

 
Integrated converged network

Integrated converged networks cover:

Application Security:

Application Layer authentication, authorization, and audit

Application layer encryption SSL) and centralized PKI deployment

Application layer firewall HTTP/XML firewall, SAML Security asserted Markup Language)

Application Layer content security: viruses, intrusions, and so on

Application optimization:

Application Load Balancing

Hardware-based application cache, compression, and switching

Application Protocol optimization HTTP/TCP protocol optimization)