The Definition of Virtualization
Virtualization is a resource management technology that abstracts and presents various physical resources of a computer, such as servers, networks, memory, and storage. It breaks the inseparable barriers between physical structures so that users can use these resources in a better way than the original configuration.
Multiple virtual one: Take the virtualization of a switch machine as an example, through physical connections (such as MPO fiber jumpers), multiple switches are stacked into one switch to improve reliability and reduce operation and maintenance costs. As the below is shown:
The Introduction about the Virtual System
A virtual system (Virtual System) is a plurality of independent logical devices divided on a physical device. You can logically divide a FW device into multiple virtual systems. Each virtual system is equivalent to a real device, with its own interfaces, address sets, users/groups, routing table entries, and policies. And it can be configured and managed by the virtual system administrator. As the below is shown:
Characteristics of the Virtual System
1. Each virtual system is managed by an independent administrator, making the management of multiple virtual systems clearer and simpler. That is very suitable for large-scale networking environments.
2. Each virtual system has its independent configuration and routing table entries, which makes the local area network under the virtual system can still communicate normally even if the same address range is used.
3. Fixed system resources can be allocated to each virtual system in order to ensure the busy business of one virtual system not to affect other virtual systems.
4. The traffic between virtual systems is isolated from each other by default, which is more secure. When needed, secure mutual access can also be carried out between virtual systems.
5. The virtual system realizes the effective use of hardware resources, saving space, energy consumption and management costs.
(Note: For specific non-support, please refer to Huawei official documents.)
The virtual system does not support the following features
③ Agile network
⑥ ISP routing
⑦ Global routing strategy
⑧ Five-tuple packet loss statistics
⑨ Smart security strategy
(Note: For specific non-support, please refer to Huawei official documents)
Application Scenarios of the Virtual System
Scenario 1: Cloud computing center security gateway: enterprise A and enterprise B respectively place servers in the cloud computing center. As the security gateway at the exit of the cloud computing center, FW can isolate the networks and traffic of different enterprises and perform security protection according to requirements.
Scenario 2: Network isolation of large and medium-sized enterprises: the internal network of the enterprise isolates the network into R&D department, financial department and administrative department through FW's virtual system. Each department can access each other according to the authority, and the administrator authority of different departments has a clear management right. According to the authority of different departments, enterprise intranet users can access specific websites on the Internet.
Virtual System and Administrator
1) . Root system (public): The root system is a special virtual system that exists by default on FW. Even if the virtual system function is not enabled, the root system still exists. At this time, the administrator configuring the FW is equivalent to configuring the root system. After using the virtual system function, the root system will inherit the configuration on the previous FW.
In this feature of virtual systems, the role of the root system is to manage other virtual systems and provide services for communication between virtual systems.
2) . Virtual system or subsystem (VSYS): A virtual system is a logical device that is divided on the physical FW and runs independently.
3). Administrator: According to the type of the virtual system, administrators are divided into root system administrators and virtual system administrators. The scope and function of two administrators are different.
1. Root system administrator
After the virtual system is working under the root system, the existing administrator on the device will become the root system administrator. All administrators remain unchanged. Only the root system administrator, with virtual system management authority, can perform virtual system-related configurations, such as creating, deleting virtual systems, and allocating resources.
2. Virtual system administrator
After creating a virtual system, the root system administrator can create one or more administrators for the virtual system. The virtual system administrator can only configure and view the related services of his own virtual system; while the root system administrator can enter the configuration interface of all virtual systems. And if necessary, he can configure the services of any virtual system.
In order to correctly identify the virtual system to which each administrator belongs, the user name format of the virtual system administrator is unified as "Administrator Name@@Virtual System Name".
Through this article, we have mastered part of the virtualization knowledge involved in HCIE-Security, including the virtualization concept, virtual system features, features not supported by Huawei's virtual firewall, virtual firewall application scenarios, and knowledge of root administrators and system administrators. Learning Huawei HCIE-Security certificate, you will not only master virtualization knowledge, but also learn the terminal security system planning, deployment, maintenance and optimization, security solutions and planning and design schemes, security system architecture and best practices of security standards. Possessing the expertise of complex network security applications, you can use Huawei security products to build corporate network security solutions.