Ranch Networks for Hosted Data Centers



Similar documents
Using Ranch Networks for Internal LAN Security

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Barracuda Link Balancer

Multi-Homing Dual WAN Firewall Router

DEPLOYING VoIP SECURELY

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Chapter 1 Personal Computer Hardware hours

Improving Network Efficiency for SMB Through Intelligent Load Balancing

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Radware s Multi-homing Solutions

CTS2134 Introduction to Networking. Module Network Security

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Barracuda Load Balancer Online Demo Guide

Network Security Topologies. Chapter 11

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Chapter 8 Router and Network Management

Gigabit SSL VPN Security Router

ReadyNAS Remote White Paper. NETGEAR May 2010

Barracuda Link Balancer Administrator s Guide

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Recommended IP Telephony Architecture

About Firewall Protection

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Chapter 9 Monitoring System Performance

Firewall Defaults and Some Basic Rules

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Understanding Slow Start

Lucent VPN Firewall Security in x Wireless Networks

DMZ Network Visibility with Wireshark June 15, 2010

Steelcape Product Overview and Functional Description

Firewalls und IPv6 worauf Sie achten müssen!

Virtual Server in SP883

Firewall. FortiOS Handbook v3 for FortiOS 4.0 MR3

Deploying ACLs to Manage Network Security

CMPT 471 Networking II

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

GregSowell.com. Mikrotik Basics

SLA para aplicaciones en redes WAN. Alvaro Cayo Urrutia

Availability Digest. Redundant Load Balancing for High Availability July 2013

Essential Curriculum Computer Networking 1. PC Systems Fundamentals 35 hours teaching time

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

Load Balance Router R258V

PRODUCTS & TECHNOLOGY

Secure Networks for Process Control

July, Figure 1. Intuitive, user-friendly web-based (HTML) interface.

White Paper: Virtual Leased Line

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Top-Down Network Design

Virtual Leased Line (VLL) for Enterprise to Branch Office Communications

Edgewater Routers User Guide

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.

Lab Diagramming Intranet Traffic Flows

Truffle Broadband Bonding Network Appliance

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

Transport and Network Layer

Lecture 02b Cloud Computing II

Altus UC Security Overview

Network Performance Monitoring at Minimal Capex

A Model Design of Network Security for Private and Public Data Transmission

WAN Traffic Management with PowerLink Pro100

Using SonicWALL NetExtender to Access FTP Servers

Multi-Homing Security Gateway

Gaining Operational Efficiencies with the Enterasys S-Series

Directory and File Transfer Services. Chapter 7

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Network Configuration Settings

LifeSize Transit Deployment Guide June 2011

Web Application Hosting Cloud Architecture

Cornerstones of Security

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Reliable high throughput data connections with low-cost & diverse transport technologies

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Cisco Performance Visibility Manager 1.0.1

ExamPDF. Higher Quality,Better service!

Gigabit Content Security Router

AppDirector Load balancing IBM Websphere and AppXcel

Edgewater Routers User Guide

Technical White Paper

Guideline for setting up a functional VPN

Figure 41-1 IP Filter Rules

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

8 Steps for Network Security Protection

High Availability Solutions & Technology for NetScreen s Security Systems

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Steps for Basic Configuration

8 Steps For Network Security Protection

WAN Optimization. Riverbed Steelhead Appliances

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

Cloud Security Best Practices

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

Transcription:

Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch Functionality Provided The diagram shown above illustrates a portion of a Hosted Data Center which contains the servers of 6 of the Hosted Data Center s customers as well as servers of the Hosting Company themselves. Using the RN20 in this type of shared network environment allows a single device to be leveraged across multiple customers, so that each customer appears to have their own virtual Data Center. In this scenario, each of the Hosted Data Center s customers receives the following value-added services from the Hosting Company: - Security i. Firewall and Denial of Service attack protection from both the Internet and other Data Center customers ii. Fully secured three-tier website architecture. Web servers, Application Servers, and Database Servers can be separated into different Secure Zones for each customer. iii. User access to different portions of the customer s Virtual Data Center can be restricted

iv. Authentication and Authorization can be enabled so that per-user Username and Password must be entered before the user is allowed to enter the Data Center. Once approved, the user s access is limited to the permissions set in their Profile, which can be either a Group Profile or an Individual Profile. Permissions within these Profiles can be limitations based on any firewall rule (source or destination zone, source or destination IP address or port number, etc.). v. VPN (available in 2Q04) site-to-site based on SSL. - Overlay without reconfiguration i. Ranch products can be added as an overlay to upgrade an existing Data Center without needing to (1) rewire the Data Center to achieve Secure Zones, or (2) reconfigure IP addresses. This is possible due to the Virtual Zones and Split Subnetting features included in all Ranch devices. - Virtualization i. It is not necessary for all the servers of a particular Data Center customer to be all physically located together. Their servers can be anywhere within the same RN20 network but logically they will all appear as part of the same Virtual Data Center. ii. Because of Virtualization, Moves/Adds/Changes within the Data Center are much easier they can often be handled through the Ranch Configuration GUI without any rewiring, reconfiguration, or physical movement of devices within the Data Center. If one customer needs greater server capacity but another needs less, the server can be moved from one customer to the other logically rather than physically. iii. Processing power within the Ranch device will be automatically allocated to customers based on their real-time traffic demand, up to the designated bandwidth allocation available to each customer. - Quality of Service i. Each Data Center customer gets their own guaranteed bandwidth ii. Within this bandwidth, customers can prioritize different types of traffic, and guarantee this bandwidth if desired (for example, for a specific application) iii. Full support for end-to-end QoS can be provided by (1) setting TOS or DiffServ priority for outgoing traffic and (2) classification and prioritization of incoming traffic based on TOS or DiffServ. - Load Balancing i. Each Data Center customer can have Load Balancing for multiple server groups (up to a total of 1024 server groups per Ranch device) ii. Common Load Balancing algorithms such as Round Robin, Weighted Round Robin, and Least Connections are provided. iii. Persistency can be provided via: Cookie, SSL, Client IP HTTP, HTTPs, FTP (active and passive) - Health Monitoring

i. All servers within each customer s Virtual Data Center can be monitored at Layers 2, 3, or 4. If the server fails, an SNMP alarm/trap and/or Syslog message is sent to the Data Center administrator. ii. Web (HTTP) and FTP servers can be monitored at Layer 7 iii. An HTTP server can be requested to perform a database query into another server. If this database query is not successful an alarm will be sent. - Multicasting and Switching i. Layer 2-4 Switching is provided with VLAN support. ii. Multicasting is based on RFC 1112/2236/2933 and is hardware assisted to provide up to 1 Gbps of Multicast traffic. - Accounting i. All Ranch devices have the ability to count packets and bytes so that network usage can be monitored or charged back to users. Traffic can be classified for Accounting purposes based on Source or Destination Zone, Source or Destination IP Address, Source or Destination Protocol Port, or other Protocol information. The number of packets (or bytes) corresponding to the classification specification are then counted. An external Accounting, Billing, or Network Management System can query the Ranch device periodically in order to read the counters and bill (or measure) users accordingly. Over a thousand Classification Categories can be defined. Monitoring of network usage can thus be performed by customer, application, user (or group of users), server (or group of servers), or network segment Remote Management All Ranch Networks products are remotely manageable through two means: a Web-based GUI (Graphical User Interface) and SNMP. In January 2004 Ranch will be adding a third method of Remote Management which will be a PC-based tool. This tool will allow RN devices to be easily configured using a Drag and Drop user interface. The tool will also store Configuration Files for multiple RN devices, thus serving as a central repository for all Config Files. The Advantages of This Approach This Ranch solution is advantageous over other alternatives in the following ways: - Lower Capital Expense: The cost of purchasing the separate products required to perform a similar set of functions is much more expensive. (up to 5-7 times more expensive depending on vendors and products used) - Lower Operating Expense: The cost of maintaining the separate products required to perform these functions is similarly much more expensive. These costs include vendor maintenance, software support, and technical support,

internal staff time, training time, installation and configuration time, per-user licensing fees as users on the system increase, and network monitoring costs. - Ease of Upgrade: Ranch devices can be easily added as an overlay to upgrade an existing Data Center without needing to (1) rewire the Data Center to achieve Secure Zones, or (2) reconfigure IP addresses. This is possible due to the Virtual Zones and Split Subnetting features included in all Ranch devices. - Higher Reliability: The presence of multiple devices instead of one decreases the reliability of the system since more boxes means more cables, more connectors, more power supplies, more fans, and more electronic components. The greater the number of these components, the more likely there will be a system failure. Increased Reliability and Performance Firewall Bandwidth Manager Load Balancer Switch Servers Traditional Approach Enterprise LAN Ranch Approach Enterprise LAN RN20 - Higher Performance: When a packet needs to traverse multiple devices, each device must process the packet up and down its own TCP/IP stack. With Ranch Networks patent-pending Single Pass Packet Scanning technology, each packet is only processed once, regardless of how many services (security, bandwidth, etc.) are applied to it. - Lower Complexity: Fewer boxes means less network complexity and fewer opportunities to make mistakes. Training can be standardized on a single user interface, rather than multiple. Providing redundant configurations in far easier.

Example Target Customers - Hosting Data Centers - Internet Service Providers (ISPs) - Telecom Service Providers (Telco s, LECs, IXCs, MSOs) - Managed Service Providers (MSPs) - Application Service Providers (ASPs) - Disaster Recovery Centers

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information