Customers: TGC-1 Contractors: VMware Russia, Jet Infosystems Product: VMware vSphereSecond product: VMware NSX Third product: Check Point Security Gateway Project date: 2016/06 - 2016/12
Project's budget: 36 600 000 руб.
|
Content |
"The choice of the VMware platform was caused by its maturity and prevalence in the market. Components of the platform can be installed on any servers of architecture of x86, the list of supported operating systems is also very wide, and the completeness of functionality of products of VMware allows to create failsafe dynamic data processing centers of new generation that entirely corresponds to strategic plans of the company for the next years", - Malafeev Alexey, the associate director, the chief of service of PTS of the Enterprise of Means of Supervisory and Technology control and Information Technologies of JSC TGC-1 says.
Project Progress
On November 25, 2016 it became known of project completion of virtualization of data centers of TGC-1.
The project of virtualization within cooperation of TGC-1 and VMware began in 2008 - virtualization of a part of servers.
In 2010 the turn of disk resources came. Till 2015 the network in a classical physical type in data center worked. A few years ago at it problems with performance began to be shown — it did not keep up with growth of traffic.
In 2015 began network virtualization by means of implementation of VMware NSX technology.
In the summer of 2016 the project proceeded installation over VMware NSX of Check Point technology for protection of virtual workstations[1].
The project is implemented within the contract for 36.6 million by Jet Infosystems company. As reported the CNews edition, with reference to the website of state procurements, the tender procedure is carried out in a purchase format at the only supplier at the end of June, 2016. The official term of a contract is limited on December 29, 2016.
The TGC-1 completed the previous phases of virtualization by own forces — without attracting integrators, but enjoying information support of specialists of VMware.
Problem of a system - detection of harmful network activity, blocking, isolation from network of the infected virtual machines and the notification about the attacks and infections.
A system will be able to provide processing of network traffic to 1 Gbps on an ESXi-node with the included politicians of protection at selection not less than eight main cores to the machine of protection Check Point Security Gateway, to provide management of protection policy with integration into tags in VMware NSX.
Project Results
System circuits
As a part of the created system management subsystems and services of protection work:
- the server of management Check Point Security developed in virtual environment of VMware.
- 16 gateways of security Check Point Security Gateway set on each of 16 ESXi-nodes which will be a part of VDI.
The TGC-1 approached a question of antivirus protection in the environment of VDI from "other party". Classical methods provide the set agents who sit in each machine and not only that they load processors, they still constantly address disks, scan them, etc. In the environment of VDI one of the main problems is that the centralized mass appeal to disks of a set of machines leads to catastrophic load of the disk array. |
The solution implemented by TGC-1 will help to recognize network activity. If the machine is infected a virus or in it the code unknown to antiviruses generating "bad" traffic will be written, the technology automatically isolates such traffic, giving an opportunity to administrators to understand a situation.
The system of protection of corporate virtual infrastructure is implemented in two DPCs of TGC-1, in St. Petersburg in CHPP-17 and CHPP-15.
Between these DPCs network L2 connectivity (40 Gbps) and SAN network (8 Gbps) works, the general environment of virtualization on the VMware platform is unrolled.
Direct subject to protection - the virtual machines placed on servers of virtualization VMware vSphere: one VMware vCenter 6.x, ESXi 6.x eight VMware (2 CPU on the server) and 400 machines running Windows OS for workstations.
These DPCs in which corporate applications are processed and data on heat generation and the electric power on the basis of which management decisions are made are collected, TGC-1 are owned. Physically they are constructed at an interval of a year, a few years ago. At the end of the 2000th years we sat in the historical building on the Field of Mars, and there at us was normal server which equipment periodically overheated and stopped and also there were problems with the electric power. When moving to the new building decided to place the capacities separately. As communication channels on the city at us own, we were able to afford to be located on any of our objects. In spite of the fact that platforms are territorially carried, logically they work as one DPC. So they are equal and reserve each other. If one fails, the second will automatically pick up work. They in the normal mode balance loading, distributing it among themselves. We plan their resources so that they were not loaded more, than for 50%. As a result, sometimes in connection with some works we have the right to completely stop one of DPCs, as we do. |
The TGC-1 logically completed the multi-stage project of virtualization of DPCs on VMware.
When our organization in 2015 made a choice for benefit of VMware NSX over which Check Point is now built on, alternatives of this solution in the market just were not. Our need for NSX appeared before NSX. We tried different solutions: both VMware of the previous generations, and Cisco, and others. But all our experiments came to an end with the fact that limited performance came to light — first of all traffic went via the specific virtual machine. And when there was NSX, we understood that we waited for this functionality. |