Difference between revisions of "Network General Architecture"
Jump to navigation
Jump to search
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
# Basic Components of a Network | # Basic Components of a Network | ||
| − | - out-of-band management network | + | - **infrastructure out-of-band management network** |
| − | - | + | - Example: server IPMI interface like iDrac or Cisco Serial/Management connection |
| − | - in-band management network | + | - This is used for lights-out ipmi/serial management of hosts |
| + | - **infrastructure in-band management network** | ||
| + | - Example: esxi hosts api/ssh access. Could be trunk native vlan | ||
- Used for underlying infrastructure control via ssh and other management connections on devices like switches or virtualization host. Containers/VMs are then connected to bridges that are mapped to networks. | - Used for underlying infrastructure control via ssh and other management connections on devices like switches or virtualization host. Containers/VMs are then connected to bridges that are mapped to networks. | ||
| − | - service | + | - **service network** |
| + | - Example: VMWare guest rdp/winrm/ssh/https service. This could be a docker container on a bridge as well. | ||
- This is used to serve up actual VM guests, containers and other devices on vlans outside of management networks for isolation and control. This would serve up https, sftp, sql and a host of other service oriented protocols. access-control-lists, such as a firewall, should be used to limit access to these services and outside access should be corralled and limited to specific port. | - This is used to serve up actual VM guests, containers and other devices on vlans outside of management networks for isolation and control. This would serve up https, sftp, sql and a host of other service oriented protocols. access-control-lists, such as a firewall, should be used to limit access to these services and outside access should be corralled and limited to specific port. | ||
| − | - storage | + | - **storage network** |
| − | - Just as the name implied this is used for attached storage purposes like SAN/NAS protocols such as iscsi, nfs, cifs. | + | - Example: NFS for storing VMWare vmdk or disk images. |
| + | - Just as the name implied this is used for attached storage purposes like SAN/NAS protocols such as iscsi, nfs, cifs and access should be restricted from services network. | ||
| + | These networks can be singular or plural depending on needs and scale. | ||
# refs | # refs | ||
- https://en.wikipedia.org/wiki/Out-of-band_management | - https://en.wikipedia.org/wiki/Out-of-band_management | ||
Latest revision as of 02:22, 4 May 2020
Basic Components of a Network
- infrastructure out-of-band management network
- Example: server IPMI interface like iDrac or Cisco Serial/Management connection
- This is used for lights-out ipmi/serial management of hosts
- infrastructure in-band management network
- Example: esxi hosts api/ssh access. Could be trunk native vlan
- Used for underlying infrastructure control via ssh and other management connections on devices like switches or virtualization host. Containers/VMs are then connected to bridges that are mapped to networks.
- service network
- Example: VMWare guest rdp/winrm/ssh/https service. This could be a docker container on a bridge as well.
- This is used to serve up actual VM guests, containers and other devices on vlans outside of management networks for isolation and control. This would serve up https, sftp, sql and a host of other service oriented protocols. access-control-lists, such as a firewall, should be used to limit access to these services and outside access should be corralled and limited to specific port.
- storage network
- Example: NFS for storing VMWare vmdk or disk images.
- Just as the name implied this is used for attached storage purposes like SAN/NAS protocols such as iscsi, nfs, cifs and access should be restricted from services network.
These networks can be singular or plural depending on needs and scale.