w*f
发帖数: 111 | 1 是一个新的data center. Cisco UCS, Cisco Nexus 9K, and VMware
要有access control among different server groups based on Business units or
function, 还要把不同的users与servers加access control.
比如, 一般的users不可以access IP PBX publisher。
不想用老试的firewalls. 有什么新的technology可以推荐吗?谢谢 | s*****g
发帖数: 1055 | 2 If you have to ask this specific question on MITBBS, you architected it
wrong. | w*f
发帖数: 111 | 3 听不懂你的意思。在这里请教有错吗?
还没有design. we are just considering.
【在 s*****g 的大作中提到】
: If you have to ask this specific question on MITBBS, you architected it
: wrong.
| s*****g
发帖数: 1055 | 4 Fair, although I think you should have architecture design before you buy
equipment .
Is this a highly virtualized environment? I hope so, did you consider Palo
Alto virtual firewall (or any other "next gen"
firewall that can easily integrate with identity service, and works in
virtualized environment), Naturally you don't want to do this manually, so
you will need service chaining, auto provisioning, you will be looking at
orchestration
functionality , I don't want to use the word SDN here, but seems this is the
way going forward in data center networking, Google Cisco ACI, open
contrail, nuagge VSP, VMware NSX 总有一款适合你 | L******t
发帖数: 1985 | 5 你的问题是指怎么配置管理Distributed Virtual Firewalls?还是Role Based ACL就
足够?TOR用的什么,Cisco Nexus?
这种问题VMware和Cisco应该都有方案吧?
or
【在 w*f 的大作中提到】
: 是一个新的data center. Cisco UCS, Cisco Nexus 9K, and VMware
: 要有access control among different server groups based on Business units or
: function, 还要把不同的users与servers加access control.
: 比如, 一般的users不可以access IP PBX publisher。
: 不想用老试的firewalls. 有什么新的technology可以推荐吗?谢谢
| w*f
发帖数: 111 | 6 短期的目的是provide access control for outside consultant workstation/VM.
现在是把visitor VMs 放在firewall DMZ 上。One sub-interface/DMZ per company
so we can lock down which server they are allowed to access.
我想除了firewall, physical or virtual firewall, 有其他的方法吗?
Cisco VSG, Cisco Clean Access, Cisco ACI?
【在 L******t 的大作中提到】
: 你的问题是指怎么配置管理Distributed Virtual Firewalls?还是Role Based ACL就
: 足够?TOR用的什么,Cisco Nexus?
: 这种问题VMware和Cisco应该都有方案吧?
:
: or
| z**r
发帖数: 17771 | 7 新版aci加了micro segment功能。
【在 w*f 的大作中提到】
: 短期的目的是provide access control for outside consultant workstation/VM.
: 现在是把visitor VMs 放在firewall DMZ 上。One sub-interface/DMZ per company
: so we can lock down which server they are allowed to access.
: 我想除了firewall, physical or virtual firewall, 有其他的方法吗?
: Cisco VSG, Cisco Clean Access, Cisco ACI?
| z**r
发帖数: 17771 | 8 新版aci加了micro segment功能。
【在 w*f 的大作中提到】
: 短期的目的是provide access control for outside consultant workstation/VM.
: 现在是把visitor VMs 放在firewall DMZ 上。One sub-interface/DMZ per company
: so we can lock down which server they are allowed to access.
: 我想除了firewall, physical or virtual firewall, 有其他的方法吗?
: Cisco VSG, Cisco Clean Access, Cisco ACI?
| I********x
发帖数: 858 | 9 思科avs nexus1000v就是为这个而生的啊
你能vlan到vm guest,其它的要firewall firewall 要iPs ips。
AVS多个vxlan功能,其它一样。contail结构差不多不过根据ppt功能要强些。
vmware只支持自己家hypervisor,如果只用vmware也不是问题。
【在 z**r 的大作中提到】
: 新版aci加了micro segment功能。
|
|
