No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionStorage 8.0.0 Block Storage Security Configuration Guide 06

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Deployment

Security Deployment

Secure Networking

Figure 2-1 shows the planned secure networking that meets security requirements including security domain division, border access control, and network intrusion detection.

Figure 2-1 Secure networking (which varies with the actual configuration)

In the service network of FusionStorage block storage, FusionStorage block storage and the network management system are in the same internal network. Remote users can connect to FusionStorage block storage only through the firewall.

Management functions are typically used in the internal network. Therefore, security risks may be ignored. It is advised to enhance security protection on the management side during networking, for example, configure a switch whitelist.

Network Isolation

FusionStorage block storage employs a secure physical network structure that can be divided into a management network, BMC network, service network, storage network, and replication network based on service types. VLANs are configured for communication isolation between these networks to ensure system security. Table 2-1 describes the functions of each network.

Table 2-1 Network description

Network

Description

Management network

Used for system management and maintenance.

BMC network

Used to remotely manage hardware by connecting to the Mgmt port of a FusionStorage node.

Service network

Used for communication between compute nodes and VBS processes through the iSCSI protocol.

Storage network

Used for data communication between storage nodes as well as that between VBS processes and storage nodes.

Replication network

Used for data synchronization between sites.

Figure 2-2 shows the physical network structure of FusionStorage block storage.

Figure 2-2 Physical networking
Translation
Download
Updated: 2019-11-14

Document ID: EDOC1100081422

Views: 1619

Downloads: 3

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next