Vblock Solution for Trusted Multi-Tenancy: Design Guide - VCE

More documents

Recommendations

Info

Design framework This section provides the following information: • End-to-end topology • Logical topology • Logical design details • Overview of tenant anatomy End-to-end topology Secure separation creates trusted zones that shield each tenant’s applications, virtual machines, compute, network, and storage from compromise and resource effects caused by adjacent tenants and external threats. The solution framework presented in this guide considers additional technologies that comprehensively provide appropriate in-depth defense. A combination of protective, detective, and reactive controls and solid operational processes are required to deliver protection against internal and external threats. Key layers include: • Virtual machine and cloud resources (VMware vSphere and VMware vCloud Director) • Virtual access/vSwitch (Cisco Nexus 1000V) • Storage and SAN (Cisco MDS and EMC storage) • Compute (Cisco UCS) • Access and aggregation (Nexus 5000 and Nexus 7000) Figure 3 illustrates the design framework. © 2013 VCE Company, LLC. All Rights Reserved. 20
Figure 3. Trusted multi-tenancy design framework Virtual machine and c loud resources layer VMware vSphere and VMware vCloud Director are used in the cloud layer to accelerate the delivery and consumption of IT services while maintaining the security and control of the data center. VMware vCloud Director enables the consolidation of virtual infrastructure across multiple clusters, the encapsulation of application services as portable vApps, and the deployment of those services ondemand with isolation and control. © 2013 VCE Company, LLC. All Rights Reserved. 21
Page 1 and 2: Vbl oc k Sol uti on for Trus ted M
Page 3 and 4: Contents Introduction .............
Page 5 and 6: Design cons iderations for availabi
Page 7 and 8: Introduction The Vblock Solution fo
Page 9 and 10: Trusted multi-tenancy foundational
Page 11 and 12: Security and compliance Security an
Page 13 and 14: Technology overview The Vblock Syst
Page 15 and 16: Compute technologies Within the com
Page 17 and 18: EMC FA ST Cache EMC FAST Cache is a
Page 19: Cisco Data Center Netw ork Manager
Page 23 and 24: Netw ork layers Access layer Nexus
Page 25 and 26: The logical topology represents the
Page 27 and 28: Traffic flow in the data center is
Page 29 and 30: Figure 7. Management cluster and re
Page 31 and 32: Resource groups A resource group is
Page 33 and 34: vSpher e cluster specifications Eac
Page 35 and 36: Security The RSA Archer eGRC Platfo
Page 37 and 38: Design considerations for managemen
Page 39 and 40: Configuration While UIM/P automates
Page 41 and 42: Figure 13 describes the provisionin
Page 43 and 44: Design considerations for secure se
Page 45 and 46: Figure 14 shows an example of how t
Page 47 and 48: UCS organizations The Cisco UCS org
Page 49 and 50: Figure 18 is an example of a UCS Se
Page 51 and 52: Figure 20 shows that VSAN 10 and VS
Page 53 and 54: A service provider may want to view
Page 55 and 56: Figure 25 shows an example of an in
Page 57 and 58: To deploy an organization or vApp n
Page 59 and 60: Figure 29 shows different quality o
Page 61 and 62: Figure 31. Organization virtual dat
Page 63 and 64: Element Role User Action Priv ilege
Page 65 and 66: VMw are vCloud Director Role-based
Page 67 and 68: VMw are vCenter Server VMware vCent
Page 69 and 70: Figure 41 shows how port channel 10
Page 71 and 72:
VMware v Cloud Director cells VMwar
Page 73 and 74:
Design considerations for tenant ma
Page 75 and 76:
For example, in vCloud Director, th
Page 77 and 78:
Key Vblock System metrics When dete
Page 79 and 80:
Design scenarios of VSAN and zoning
Page 81 and 82:
Figure 49 is a graphical representa
Page 83 and 84:
Figure 50 shows a physical data mov
Page 85 and 86:
CIFS stack component CIFS Share ABE
Page 87 and 88:
Support for VLAN tagging in iSCSI V
Page 89 and 90:
Design considerations for service a
Page 91 and 92:
EMC FAST VP storage tiering There a
Page 93 and 94:
When a provider virtual data center
Page 95 and 96:
LUN masking component authorization
Page 97 and 98:
Network encryption The Storage Mana
Page 99 and 100:
Local and remote data protection It
Page 101 and 102:
Design considerations for service p
Page 103 and 104:
The following table lists example V
Page 105 and 106:
Use VLANs to achieve network separa
Page 107 and 108:
The traffic flow types break down i
Page 109 and 110:
The following table describes the h
Page 111 and 112:
Deployment recommenda tions Firewal
Page 113 and 114:
Cisco ACE provides a highly availab
Page 115 and 116:
The IPS deployment in the data cent
Page 117 and 118:
Cisco A CE, Cisco ACE Web Applic at
Page 119 and 120:
Figure 70. Data center access layer
Page 121 and 122:
When a network policy is defined on
Page 123 and 124:
Using a different ERSPAN-id for eac
Page 125 and 126:
A VLAN access control list (VACL) i
Page 127 and 128:
Virtual por t channel A vi rtual po
Page 129 and 130:
Design considerations for service p
Page 131 and 132:
Design considerations for secure se
Page 133 and 134:
Design considerations for security
Page 135 and 136:
RSA enV ision RSA enVision helps th
Page 137 and 138:
Conclusion The six foundational ele
Page 139 and 140:
Next steps To learn more about this
Page 141 and 142:
Acronym LACP LUN MAC NAM NAT NDMP N
Page 143:
ABOUT VCE VCE, formed by Cisco and
show all

Vblock Solution for Trusted Multi-Tenancy: Design Guide - VCE

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?