N'ime mgbagwoju anya nke oge a, ọsọ ọsọ yana gburugburu netwọk ezoro ezo, inweta ọhụhụ zuru oke bụ ihe kacha mkpa maka nchekwa, nlekota oru na nnabata.Ndị na-ere ahịa netwọk (NPBs)esiwo n'aka ndị nchịkọta TAP dị mfe na-eme ka ọ bụrụ usoro mgbagwoju anya, nke nwere ọgụgụ isi nke dị mkpa maka ijikwa iju mmiri nke data okporo ụzọ na ịhụ na nlekota na ngwaọrụ nchekwa na-arụ ọrụ nke ọma. Nke a bụ nlele zuru oke na ndapụta ngwa ha na ngwọta ha:
Isi Nsogbu NPBs edozi:
Netwọk ọgbara ọhụrụ na-ebute oke okporo ụzọ. Ijikọ ihe nchekwa dị oke egwu na ngwaọrụ nlekota (IDS/IPS, NPM/APM, DLP, forensics) ozugbo na njikọ netwọkụ (site na ọdụ ụgbọ mmiri SPAN ma ọ bụ TAPs) adịghị arụ ọrụ ma na-adịkarị mfe n'ihi:
1. Ibufe ngwá ọrụ: Ngwá ọrụ na-ejupụta na okporo ụzọ na-adịghị mkpa, ngwugwu na-adaba na ihe egwu na-efu.
2. Ngwá ọrụ adịghị arụ ọrụ: Ngwá ọrụ na-emebi akụrụngwa na-ahazi data oyiri ma ọ bụ na-enweghị isi.
3. Mgbagwoju anya Topology: Netwọk ekesara (Ebe data, ígwé ojii, alaka ụlọ ọrụ) na-eme ka nleba anya n'etiti etiti siri ike.
4. Ebe kpuru ìsì ezoro ezo: Ngwaọrụ enweghị ike inyocha okporo ụzọ ezoro ezo (SSL/TLS) na-enweghị decryption.
5. Ego SPAN nwere oke: ọdụ ụgbọ mmiri SPAN na-eri ihe mgba ọkụ na mgbe mgbe enweghị ike ijikwa okporo ụzọ ọnụ ahịa ahịrị zuru oke.
Ngwọta NPB: Mgbasa ozi okporo ụzọ nwere ọgụgụ isi
NPBs na-anọdụ n'etiti ọdụ ụgbọ mmiri TAP / SPAN netwọk yana ngwaọrụ nlekota/nchekwa. Ha na-eme dị ka ndị nwere ọgụgụ isi "ndị uwe ojii okporo ụzọ," na-eme:
1. Mkpokọta: Jikọta okporo ụzọ site na ọtụtụ njikọ (anụ ahụ, mebere) n'ime ntanetịime agbakwunyere.
2. Nzacha: Nhọrọ na-ebuga naanị okporo ụzọ dị mkpa na ngwá ọrụ dị iche iche dabere na njirisi (IP / MAC, VLAN, protocol, port, ngwa).
3. Nhazi ibu: Kesaa okporo ụzọ na-aga n'ụzọ ziri ezi n'ofe ọtụtụ oge nke otu ngwá ọrụ (dịka, ihe mmetụta IDS ụyọkọ) maka scalability na resilience.
4. Mwepu: Wepụ otu ngwugwu nke ejidere na njikọ anaghị arụ ọrụ.
5. Ngwunye ngwugwu: ngwugwu mkpọ (iwepụ ụgwọ ọrụ) mgbe ị na-echekwa nkụnye eji isi mee, na-ebelata bandwit na ngwaọrụ ndị chọrọ metadata naanị.
6. SSL/TLS Decryption: Kwụsị oge ezoro ezo (iji igodo), na-egosi okporo ụzọ ederede doro anya na ngwaọrụ nyocha, wee megharịa ọzọ.
7. Ntugharị / Mgbanwe: Zipụ otu iyi okporo ụzọ na ọtụtụ ngwaọrụ n'otu oge.
8. Nhazi dị elu: Mwepụta metadata, ọgbọ na-asọpụta, nhazi oge, nkpuchi data nwere mmetụta (dịka ọmụmaatụ, PII).
Chọta ebe a ka ịmatakwu gbasara ihe nlereanya a:
Mylinking™ Network Packet Broker(NPB) ML-NPB-3440L
16*10/100/1000M RJ45, 16*1/10GE SFP+, 1*40G QSFP na 1*40G/100G QSFP28, Max 320Gbps
Ngwa zuru ezu & ihe ngwọta:
1. Ịkwalite Nchekwa Nchekwa (IDS/IPS, NGFW, Intel Threat):
○ Ọnọdụ: Ngwá ọrụ nchekwa na-ejupụta n'oke okporo ụzọ East-West na ebe data, ngwugwu na-atụpụ na ihe iyi egwu ngagharị na-efu efu. Okporo ụzọ ezoro ezo na-ezobe ibu akwụ ụgwọ ọjọọ.
Ngwọta NPB:Gwakọta okporo ụzọ sitere na njikọ intra-DC dị oke mkpa.
Tinye nzacha granular ka izipu naanị akụkụ okporo ụzọ enyo (dịka, ọdụ ụgbọ mmiri na-abụghị ọkọlọtọ, subnets akọwapụtara) na IDS.
* Jikwaa nguzozi n'ofe ụyọkọ ihe mmetụta IDS.
* Mepụta nkwubi okwu SSL/TLS wee ziga okporo ụzọ ederede doro anya na IDS/Egwu Intel ikpo okwu maka nyocha miri emi.
* Wepụ okporo ụzọ site na ụzọ ndị na-adịghị arụ ọrụ.Nsonaazụ:Ọnụego nchọpụta ihe iyi egwu dị elu, belata ihe adịghị mma, iji akụrụngwa IDS kachasị mma.
2. Nleba anya arụmọrụ kachasị mma (NPM/APM):
○ Ihe atụ: Ngwaọrụ nlekota oru netwọk na-agbasi mbọ ike ijikọ data sitere na narị narị njikọ agbasasị agbasa (WAN, alaka ụlọ ọrụ, igwe ojii). Ijide ngwugwu zuru oke maka APM dị oke ọnụ yana bandwidth-akpa ike.
Ngwọta NPB:
* Gwakọta okporo ụzọ sitere na TAPs/SPANs gbasasịrị na mpaghara n'ime akwa NPB etinyere.
* Nzacha okporo ụzọ iji zipu naanị ngwa ngwa akọwapụtara (dịka, VoIP, SaaS dị oke egwu) na ngwaọrụ APM.
* Jiri mkpọ slicing maka ngwaọrụ NPM nke na-achọkarị data nrịba / oge azụmahịa (ndị nkụnye eji isi mee), na-ebelata oke bandwidth oriri.
* Megharịa iyi metrics arụmọrụ dị na ma ngwaọrụ NPM na APM.Nsonaazụ:Nleba anya arụmọrụ jikọtara ọnụ, ọnụ ahịa ngwa ọrụ belatara, obere bandwidth gafere.
3. Nhụta igwe ojii (Ọhaneze/Nkeonwe/ngwakọ):
○ Ihe atụ: Enweghị ohere ịnweta TAP n'igwe ojii (AWS, Azure, GCP). Ọ siri ike ịdekọ na iduzi igwe mebere okporo ụzọ / akpa na ngwaọrụ nchekwa na nleba anya.
Ngwọta NPB:
* Weghachite NPBs mebere (vNPB) n'ime igwe ojii.
* vNPB kpatụ okporo ụzọ mgbanwe mgbanwe (dịka ọmụmaatụ, site na ERSPAN, VPC Traffic Mirroring).
* Nzacha, mkpokọta na nguzozi ibu nke East-West na North-South okporo ụzọ igwe ojii.
* Chekwaa ọwara okporo ụzọ dị mkpa laghachi na NPB anụ ahụ ma ọ bụ ngwaọrụ nleba anya dabere na igwe ojii.
* Jikọta na ọrụ visibiliti nke igwe ojii.Nsonaazụ:Ọkwa nchekwa na-agbanwe agbanwe yana nleba anya arụmọrụ n'ofe gburugburu ngwakọ, na-emeri mmachi ịhụ igwe ojii.
4. Mgbochi ọnwụ data (DLP) & nnabata:
○ Ọnọdụ: Ngwa DLP kwesịrị inyocha okporo ụzọ na-apụ apụ maka data nwere mmetụta (PII, PCI) mana okporo ụzọ ime na-adịghị mkpa juputara. Nrube isi chọrọ nleba anya nrịbama data ahaziri ahazi.
Ngwọta NPB:
* Wepụta okporo ụzọ iji zipu naanị mmiri na-apụ apụ (dịka, nke emere maka ịntanetị ma ọ bụ ndị mmekọ akọwapụtara) na injin DLP.
* Tinye nyocha ngwungwu miri emi (DPI) na NPB iji chọpụta usoro nwere ụdị data edeziri ma nye ha ụzọ maka ngwa DLP.
* Ihe mkpuchi data nwere mmetụta (dịka ọmụmaatụ, nọmba kaadị kredit) n'ime ngwugwumbụiziga na ngwaọrụ nleba anya dị obere maka ịdekọ osisi.Nsonaazụ:Ọrụ DLP na-arụ ọrụ nke ọma karị, belata ihe ọma ụgha, nyocha nnabata nke ọma, nkwalite nzuzo data.
5. Netwọk Forensics & Nchọpụta nsogbu:
○ Ọnọdụ: Ịchọpụta ihe dị mgbagwoju anya arụmọrụ ma ọ bụ mmebi na-achọ ijide ngwugwu zuru ezu (PCAP) site n'ọtụtụ ebe ka oge na-aga. Na-akpali akpali ijide aka na-adị nwayọọ; ịchekwa ihe niile bụ ihe na-agaghị ekwe omume.
Ngwọta NPB:
* NPB nwere ike chekwaa okporo ụzọ mgbe niile (n'ọnụego ahịrị).
* Hazie ihe na-akpalite (dịka ọmụmaatụ, ọnọdụ njehie akọwapụtara, mpụ okporo ụzọ, njikere iyi egwu) na NPB ka ị weghara okporo ụzọ dị mkpa na ngwa njide ngwugwu ejikọrọ.
* Tupu nzacha okporo ụzọ ezigara na ngwa ejidere iji chekwaa naanị ihe dị mkpa.
* Megharịa iyi okporo ụzọ dị oke egwu na ngwa ejidere na-emetụtaghị ngwaọrụ mmepụta.Nsonaazụ:Mkpebi pụtara ọsọ ọsọ (MTTR) maka mwepu/mmebi, njide nyocha ezubere iche, belata ọnụ ahịa nchekwa.
Atụmatụ mmejuputa & ngwọta:
○Scalability: Họrọ NPB nwere njupụta ọdụ ụgbọ mmiri zuru oke yana ntinye (1/10/25/40/100GbE+) iji jikwaa okporo ụzọ dị ugbu a na n'ọdịnihu. Modular chassis na-enyekarị scalability kacha mma. NPBs mebere nke ọma na igwe ojii.
○Nkwụsị ike: Mejuputa NPBs (ha abụọ) na ụzọ eji arụ ọrụ arụ ọrụ. Gbaa mbọ hụ na mmekọrịta steeti na nhazi HA. Lekwaa nguzozi ibu NPB maka nkwụghachi ngwa ọrụ.
○Njikwa & akpaaka: njikwa njikwa etiti dị oke mkpa. Chọọ API (RESTful, NETCONF/YANG) maka ijikọ na nyiwe orchestration (Nkwenye, Puppet, Chef) na sistemụ SIEM/SOAR maka mgbanwe amụma siri ike dabere na ọkwa.
○Nchekwa: Chekwaa interface njikwa NPB. Jikwaa ịnweta ike. Ọ bụrụ na ibelata okporo ụzọ, hụ na atumatu njikwa igodo siri ike yana ọwa echekwara maka mbufe igodo. Tụlee ikpuchi data nwere mmetụta.
○Ngwakọta ngwa ọrụ: Gbaa mbọ hụ na NPB na-akwado njikọta ngwa ọrụ achọrọ (ntụgharị anụ ahụ / mebere, ụkpụrụ). Nyochaa ndakọrịta yana ihe achọrọ akụrụngwa akọwapụtara.
Yabụ,Ndị na-ere ahịa ngwugwu netwọkụabụghịzi ihe okomoko nhọrọ; ha bụ akụrụngwa akụrụngwa dị mkpa maka imezu visibiliti netwọkụ na-arụ ọrụ n'oge a. Site n'iji ọgụgụ isi na-achịkọta, nzacha, na-edozi ibu, na nhazi okporo ụzọ, NPBs na-enye nchekwa na ngwaọrụ nlekota ka ọ rụọ ọrụ na arụmọrụ kachasị elu. Ha na-akụda silos visibiliti, merie ihe ịma aka nke ọnụ ọgụgụ na izo ya ezo, na-emecha nye nkọwa doro anya dị mkpa iji chekwaa netwọkụ, hụ na arụmọrụ kacha mma, mezuo iwu nnabata, na dozie nsogbu ngwa ngwa. Itinye atụmatụ NPB siri ike bụ nzọụkwụ dị oke mkpa iji wulite netwọkụ a na-ahụ anya, nchekwa na nke na-agbanwe agbanwe.
Oge nzipu: Jul-07-2025
