Beruflich Dokumente
Kultur Dokumente
This
module
presents
a
more
detailed
inves2ga2on
of
the
growing
role
of
data
centers
in
modern
technology
infrastructure
and
how
data
center
rewall
design
and
congura2on
may
provide
network
security
while
maintaining
balance
among
organiza2onal
resources
and
opera2ng
requirements.
A
common
phrase
heard
in
todays
business
market
is
No
maQer
what
business
you
are
in,
you
are
a
technology
business.
In
the
21st
Century,
this
is
true
of
large
businesses
and
the
most
successful
small
and
medium
businesses
(SMB).
Along
with
growing
use
of
technology
came
a
need
to
not
only
develop
more
specialized
applica2ons
but
also
develop
innova2ve
ways
to
store
ever-increasing
volumes
of
digital
data.
This
growing
storage
requirement
spurred
a
new
sector
in
the
technology
opera2onsthe
Data
Center.
As
new
technologies
for
end
users
of
compu2ng
plaGorms
evolve,
so
must
security
measures
for
the
data
centers
they
will
access
for
opera2ons
such
as
email,
social
media,
banking,
shopping,
educa2on,
and
myriad
other
purposes.
Developing
strategies
to
keep
pace
with
the
accelera2ng
integrated
and
distributed
nature
of
technology
has
become
a
cri2cal
industry
in
protec2ng
personal,
business,
and
organiza2onal
data
and
communica2ons
from
legacy,
advanced,
and
emerging
threats.
Mee2ng
the
challenge
of
data
center
growth
while
maintaining
throughput
capability
requires
the
use
of
technology
integra2on
to
reduce
poten2al
for
signal
loss
and
speed
reduc2on
because
of
bridging
and
security
barriers
between
ad
hoc
arrangements
of
independent
appliances.
Designing
the
data
center
rewall
with
a
hybrid
design
merging
Applica1on
Specic
Integrated
Circuits
(ASIC)
with
a
Central
Processing
Unit
(CPU)
may
provide
the
necessary
infrastructure
to
meet
the
demand
for
throughput,
growth,
and
security.
Two
primary
op2ons
for
hybrid
design:
v CPU
+
OTS
ASIC:
General
purpose
CPU
+
O
the
Shelf
(OTS)
processor
Simplest,
but
suers
performance
degrada2on.
v CPU
+
Custom
ASIC:
General
purpose
CPU
+
Custom-built
ASIC
designed
for
intended
device
func2on(s)
More
dicult,
but
most
ecient
design.
Edge
Firewalls
are
implemented
at
the
edge
of
a
network
in
order
to
protect
the
network
against
poten2al
aQacks
from
external
trac.
This
is
the
best
understood,
or
tradi2onal,
role
of
a
rewallthe
gatekeeper.
In
addi2on
to
being
a
gatekeeper,
Data
Center
Firewalls
serve
a
number
of
func2ons.
Depending
on
network
size
and
congura2on,
the
data
center
rewall
may
also
provide
addi2onal
security
func2ons.
These
func2ons
are
referred
to
as
Mul1-Layered
Security,
and
may
include:
IP
Security
(IPSec)
Firewall
IDS/IPS
(Intrusion
Detec2on
System/Intrusion
Preven2on
System)
An2virus/An2spyware
Web
Filtering
An2spam
Trac
Shaping
These
func2ons
work
together,
providing
integrated
security
for
the
data
center,
concurrently
providing
consolidated,
clear
control
for
administrators
while
presen2ng
complex
barriers
to
poten2al
threats.
The
ability
of
a
data
center
network
core
rewall
congura2on
with
high-speed,
high-
throughput,
low-latency
is
the
ability
to
evolve
as
technology
develops.
Throughput
speeds
have
poten2al
to
double
every
18
months
High-speed
40/100
GbE
ports
are
already
going
into
exis2ng
systems
External
users
moving
from
Internet
Protocol
version
4
(IPv4)
to
IPv6
Size
DOES
MaQer.
Historically,
factors
considered
in
rewall
selec2on
included
the
number
of
usersinternal
and
externalaccessing
the
network
or
its
components
Data
center
rewalls
make
sense
for
SMB
because
of
higher
throughput,
port
capacity,
and
concurrent
sessions.
Large
or
highly
distributed
organiza2ons
should
consider
using
an
enterprise
campus
rewall:
v Capacity
to
handle
thousands
of
users
and
mul2ple
loca2ons
v Tradeo:
Required
redundancy
increases
costs
and
system
complexity
v Self-managing
enterprise
campus
rewalls
requires
extensive
training
Managed
Security
Service
Providers
(MSSP)
are
third-party,
outsources
companies
that
manage
data
center
security.
v High
availability:
24/7
service
necessary
for
large
enterprise
campus
networks
v Redundancy:
To
ensure
coverage
of
your
organiza2ons
network
security
infrastructure
v Serviceability:
Detailed
service
level
agreements
(SLA)
&
conden2ality
Current
high
failure
rate
of
MSSP
companies
10
11
Peripherals:
Data Storage
Input Devices
Memory
Displays
Drives
Printers
Motherboards
Scanners
Interfaces
Etc
Computer
system
components
vary
in
size
and
complexity
and
may
be
designed
for
single
or
mul2ple
purposes.
12
13
14
Now
that
we
have
discussed
some
of
the
Data
Center
Firewalls,
their
components,
methods
of
deployment,
and
resul2ng
benets
&
tradeos,
are
there
any
ques2ons
before
moving
into
the
next
module?
From
an
introduc2on
to
the
current
status
of
computer
network
op2ons
and
congura2ons,
to
the
challenges
posed
by
evolving
technologies
and
advanced
threats,
this
module
has
prepared
a
founda2on
for
more
focused
discussion
on
emerging
threats
and
the
development
of
network
security
technologies
and
processes
designed
to
provide
organiza2ons
with
the
tools
necessary
to
defend
best
against
those
threats
and
con2nue
uninterrupted,
secure
opera2ons.
The
next
module
will
focus
on
the
Next
Genera2on
Firewall
(NGFW),
an
evolving
technology
in
network
security.