信息网络安全

信息网络安全 ›› 2016, Vol. 16 ›› Issue (9): 98-103.doi: 10.3969/j.issn.1671-1122.2016.09.020

• • 上一篇    下一篇

云数据中心网络安全服务架构的研究与实践

张晔(), 尚进, 蒋东毅   

  1. 山石网科信息技术有限公司,北京 100084
  • 收稿日期:2016-07-25 出版日期:2016-09-20 发布日期:2020-05-13
  • 作者简介:

    作者简介: 张晔(1968—),男,北京,博士,主要研究方向为网络安全;尚进(1972—),男,辽宁,博士,主要研究方向为网络安全;蒋东毅(1965—),男,辽宁,硕士,主要研究方向为网络安全。

Study of Cloud and Data Center Networking Security Architecture

Ye ZHANG(), Jin SHANG, Dongyi JIANG   

  1. Hill stone Networks, Beijing 100084, China
  • Received:2016-07-25 Online:2016-09-20 Published:2020-05-13

RichHTML

1

PDF (PC)

94

摘要:

随着虚拟化和软件定义数据中心等技术的发展,云数据中心(SDDC)具备了敏捷、弹性和高效等特性,同时也对其安全服务提出了等同或更高的要求。基于物理网络的安全方案不能直接部署于虚拟化数据中心上。文章提出了一种分布式的虚拟化数据中心的网络安全架构,具备了分布式部署,支持业务迁移和扩展,支持多类型Hypervisor和多厂家的数据中心平台。文章还分析了这种架构对当前云数据中心热点,如微隔离(Micro-segmentation)、可视化、关联分析等的支撑,以及在不同类型数据中心的部署实例。

关键词: 数据中心网络安全, 软件定义安全, 软件定义数据中心, 虚拟化安全设备

Abstract:

With the development of visualization technologies and Software Defined Data Center (SDDC), data center becomes agile, elastic and efficient. It requires security service running on it which also carry the same characteristics and beyond. Security solution designed for physical network and physical server cannot be deployed into virtualized data center. This paper proposes a distributed architecture for data center network security solution. The components of this solution are distributed into data center. The security service is elastic, agile and efficient. It supports work load migration and security service scale out, and multiple hypervisors and multiple types of data center deployments. This paper describes how this architecture can support several key requirements from data center, like micro-segmentation, visibility, and network behavior correlation, and several deployments on multiple data centers.

Key words: network security in data center, software defined security, software defined data center, virtualized security appliance

中图分类号: