Beruflich Dokumente
Kultur Dokumente
Data centers play an important role in IT-based development and IT applications in the oil and gas industry. Operational systems used in
oil and gas companies, including enterprise resource planning (ERP) systems, logistics systems, delivery systems, retail systems, portals,
customer management systems, oil and gas prospecting systems, and marketing systems, are all dependent on data centers.
As the Internet is used more extensively, data centers that used to run on clients and servers are migrating to central servers connected to the
Internet. Multi-layer applications under the infrastructure architecture interact with hardware, networks, and operating systems with increased
complexity. It is this complexity that creates a lot of uncertainty for security systems of data centers. Data centers on which security strategies
are inappropriately implemented risk frequent intrusion from hackers and worms. Although most system administrators are aware of the
serious damage caused by Internet-based malicious attacks and have deployed security devices to defend data centers at the access control
layer, these traditional defense measures are becoming less effective in dealing with the latest types of attacks that use mature technologies.
Security threats to data centers can appear on any layer, including terminals, network, business applications, data, management
systems, and risk control, as shown in the following figure "Data Center Security Threats".
Huawei Solution
Application system
Prospecting and exploration system
Data center
...
ERP database
OTN Ring
Access network
2G/CDMA/Wi-Fi/WiMAX/Microwave/GPON
Access network
Communications gateway
Sensor network
ZigBee/RFID
RTU
SCADA/Automatic control
ZigBee/Wi-Fi
Video surveillance
DDoS attack
Attacks to perimeter network
Network attacks between
different internal departments
Visible virtual memory
(VM) flow and mutual access
security control
Illegal terminal or
illegal user access
Terminal data leakage
Malicious attacks from
terminals
Attacks between
Hypervisor and VM
Data transmission security
Cyberloafing lowers
office efficiency.
As a large quantity of
access to point-to-point (P2P)
and videos takes up
bandwidth at network
egress points, important service
operations are delayed.
Trojan-intruded websites
and Structured Query
Language (SQL) injection
Email virus transmission,
email phishing, email
information leakage
Virus intrusion and
dissemination in applications
Hosts and Hypervisor
systems are vulnerable
to threats.
Mobile terminal
Security of data
transmission via internal
and external networks
Database intrusion
risks and data theft
Data disaster recovery
Data leakage due to
vulnerabilities in document
security management
Storage data theft
DC hierarchical model
Terminal
Network
Service application
Data
Management
and risk control
Customer Benefits
The focus of enterprise data centers' security lies in the safe and
efficient operation of data centers, secure access to services
anywhere and anytime, and the capability to keep services
confidential, integrated, and available.
Huawei's enterprise data center security system consists of five
dimensions: identification & authentication (who are you), access &
authorization (what information is available for you), audit trail (behavior
records are traceable for audit), response & recovery (capability to quickly
respond and recover), and content security (what attacks are threatening
data centers). Collectively, these protections are abbreviated as IAARC.
This five-dimensional security approach helps provide differentiated
security solutions to secure the operations of enterprise data centers.
Solution Architecture
Huawei's enterprise data center security architecture secures services in three layers: cloud, pipe, and device.
An overall terminal access security solution is provided to help ensure device security at mobile terminals, virtual desktop infrastructure (VDIs),
and office automation terminals.
A hierarchical network security protection solution is provided to protect perimeter networks, internal networks, and virtual layer networks
against attacks from within or outside data centers.
This solution secures the major services (like Web and email) at the cloud end, and offers an all-around data security solution that helps
ensure document security, database security, virtual machine full-disk encryption, and data leakage prevention (DLP). By securing the
services at these three layers (cloud, pipe, and device), this solution helps ensure access security, network security, application security, and
data security for data center services.
The security service package offered by Huawei's professional teams integrates security management consulting, service security evaluation,
security penetration testing, security hardening, and other services that help customers build highly secure and reliable data centers.
Enterprise data center
Internet
Internet
External networks
iCache
LLB
Extranet
DDOS/FW/IPS
SSL VPN
Branch
Extranet
Local
branch
UTM
DMZ
DMZ
UTM
ASG
WAN/MAN
Network
service zone
Network
service zone
CSS
Network core layer
UTM
iStack
iStack
iStack
iStack
Server
Server
Prospecting and
exploration area
Server
Server
OA area
Data leakage
prevention
PC SAN storage
Network security:
perimeter network security,
internal network security, and
virtual layer network security.
Application security:
host security, service security,
and data security.
Security management:
O&M audit, security device
service management, and
security operation.
iStack
iStack
Operations
management area
Private OA
network
Disaster
recovery
center
Device security:
mobile access security, desktop
cloud terminal access security, and
office automation terminal access
security.
FC SAN storage
Security services:
infrastructure security service
and security management
consulting service.