Intshayelelo
Kwiminyaka yakutshanje, inani leenkonzo zelifu kumashishini aseTshayina liyakhula. Iinkampani zobuchwepheshe zisebenzise ithuba lomjikelo omtsha woguquko lwetekhnoloji, zenze utshintsho lwedijithali ngenkuthalo, zandisa uphando kunye nokusetyenziswa kwetekhnoloji entsha efana ne-cloud computing, i-big data, i-artificial intelligence, i-blockchain kunye ne-intanethi yezinto, kwaye zaphucula amandla azo eenkonzo zesayensi netekhnoloji. Ngophuhliso oluqhubekayo lwetekhnoloji yelifu kunye ne-virtualization, iinkqubo ezininzi zesicelo kwiziko ledatha ziyafuduka ukusuka kwikhampasi yokuqala ebonakalayo ukuya kwiqonga lelifu, kwaye i-traffic empuma-ntshona kwindawo yelifu yamaziko edatha ikhula kakhulu. Nangona kunjalo, inethiwekhi yendabuko yokuqokelelwa kwetrafikhi ayinakuqokelela ngokuthe ngqo i-traffic empuma-ntshona kwindawo yelifu, nto leyo ebangela ukuba i-traffic yeshishini kwindawo yelifu ibe yindawo yokuqala. Kuye kwaba ngumkhwa ongenakuphepheka wokufezekisa ukukhutshwa kwedatha ye-traffic empuma-ntshona kwindawo yelifu. Ukungeniswa kwetekhnoloji entsha yokuqokelelwa kwetrafikhi empuma-ntshona kwindawo yelifu kwenza inkqubo yesicelo esetyenziswa kwindawo yelifu nayo ibe nenkxaso egqibeleleyo yokubeka esweni, kwaye xa kuvela iingxaki kunye nokungaphumeleli, uhlalutyo lokubamba iipakethi lungasetyenziselwa ukuhlalutya ingxaki kunye nokulandelela ukuhamba kwedatha.
1. Itrafikhi yendlela ejikeleze i-cloud ukusuka empuma ukuya entshona ayinakuqokelelwa ngokuthe ngqo, ukuze inkqubo yesicelo kwindawo ye-cloud ingakwazi ukuseta ukufunyanwa kokubeka esweni ngokusekelwe ekuhambeni kwedatha yeshishini ngexesha langempela, kwaye abasebenzi bokusebenza nokugcina abanakukwazi ukufumanisa ngexesha elifanelekileyo ukusebenza kwenkqubo yesicelo kwindawo ye-cloud, nto leyo ezisa iingenelo ezithile ezifihlakeleyo ekusebenzeni okunempilo nokuzinzileyo kwenkqubo yesicelo kwindawo ye-cloud.
2. Itrafikhi yasempuma nasentshona kwindawo yamafu ayinakuqokelelwa ngokuthe ngqo, nto leyo eyenza kube nzima ukukhupha ngqo iipakethi zedatha ukuze zihlalutywe xa kuvela iingxaki kwizicelo zoshishino kwindawo yamafu, nto leyo ebangela ubunzima obuthile kwindawo yempazamo.
3. Ngenxa yeemfuno ezingqongqo zokhuseleko lwenethiwekhi kunye nokuhlolwa okuhlukeneyo, okufana nokubeka esweni intengiselwano yesicelo se-BPC, inkqubo yokufumanisa ukungena kwe-IDS, inkqubo yokuhlolwa kwe-imeyile kunye nenkonzo yabathengi, imfuno yokuqokelelwa kwetrafikhi empuma-ntshona kwindawo yelifu nayo iya isiba yinto engxamisekileyo. Ngokusekelwe kuhlalutyo olungentla, kuye kwaba ngumkhwa ongenakuphepheka ukufezekisa ukukhutshwa kwedatha yetrafikhi empuma-ntshona kwindawo yelifu, kunye nokwazisa iteknoloji entsha yokuqokelela itrafikhi empuma-ntshona kwindawo yelifu ukwenza inkqubo yesicelo esetyenziswe kwindawo yelifu inokuba nenkxaso egqibeleleyo yokubeka esweni. Xa kuvela iingxaki kunye nokungaphumeleli, uhlalutyo lokubamba iipakethi lungasetyenziselwa ukuhlalutya ingxaki kunye nokulandelela ukuhamba kwedatha. Ukufezekisa ukukhutshwa kunye nohlalutyo lwetrafikhi empuma-ntshona kwindawo yelifu sisixhobo esinamandla somlingo sokuqinisekisa ukusebenza okuzinzileyo kweenkqubo zesicelo ezisetyenziswe kwindawo yelifu.
Iimpawu eziphambili ze-Virtual Network Traffic Capture
1. Ukusebenza koKubamba iTrafikhi yeNethiwekhi
Itrafikhi yasempuma-ntshona ithatha ngaphezulu kwesiqingatha setrafikhi yeziko ledatha, kwaye iteknoloji yokufumana ukusebenza okuphezulu iyafuneka ukuze kufezekiswe ukuqokelelwa okupheleleyo. Ngexesha elifanayo lokufumana, eminye imisebenzi yokucwangcisa kwangaphambili efana nokunciphisa, ukunciphisa, kunye nokunciphisa uvakalelo kufuneka igqitywe kwiinkonzo ezahlukeneyo, nto leyo eyonyusa ngakumbi iimfuno zokusebenza.
2. Ulawulo lwezixhobo
Uninzi lweendlela zokuqokelela izithuthi ukusuka empuma ukuya entshona kufuneka zithathe indawo yekhompyutha, indawo yokugcina kunye nezixhobo zenethiwekhi ezinokusetyenziswa kwinkonzo. Ukongeza ekusebenziseni ezi zixhobo kancinci kangangoko, kusekho isidingo sokuqwalasela uxanduva lokuphumeza ulawulo lwetekhnoloji yokufumana. Ingakumbi xa ubungakanani bee-nodes busanda, ukuba iindleko zolawulo nazo zibonisa umkhwa onyukayo ngokuthe ngqo.
3. Inqanaba lokungenelela
Iitekhnoloji zokufumana izinto eziqhelekileyo ngoku zihlala zifuna ukongeza ulungiselelo olongezelelweyo lomgaqo-nkqubo wokufumana izinto kwi-hypervisor okanye izinto ezinxulumene noko. Ukongeza kwiingxabano ezinokubakho nemigaqo-nkqubo yeshishini, le migaqo-nkqubo idla ngokunyusa umthwalo kwi-hypervisor okanye kwezinye izinto zeshishini kwaye ichaphazela i-SLA yenkonzo.
Ukusuka kwinkcazo engasentla, kunokubonwa ukuba ukubanjwa kwetrafikhi kwindawo yelifu kufuneka kugxile ekubanjweni kwetrafikhi empuma-ntshona phakathi koomatshini ababonakalayo kunye nemiba yokusebenza. Kwangaxeshanye, ngenxa yeempawu eziguquguqukayo zeqonga lelifu, ukuqokelelwa kwetrafikhi kwindawo yelifu kufuneka kudlule kwindlela ekhoyo yesibuko sokutshintsha sendabuko, kwaye kufezekiswe ukuthunyelwa kokuqokelelwa kunye nokubeka iliso okuguquguqukayo nokuzenzekelayo, ukuze kuhambelane nenjongo yokusebenza ngokuzenzekelayo kunye nokugcinwa kwenethiwekhi yelifu. Ukuqokelelwa kwetrafikhi kwindawo yelifu kufuneka kufezekise ezi njongo zilandelayo:
1) Qaphela umsebenzi wokubamba ithrafikhi empuma-ntshona phakathi koomatshini ababonakalayo
2) Ukufakwa kwe-capture kuthunyelwa kwi-computing node, kwaye uyilo lwe-distributed collection lusetyenziselwa ukuthintela iingxaki zokusebenza kunye nozinzo ezibangelwa sisibuko sokutshintsha.
3) Ingaziva utshintsho lwezixhobo zomatshini ezibonakalayo kwindawo efihliweyo, kwaye icebo lokuqokelela linokulungiswa ngokuzenzekelayo ngotshintsho lwezixhobo zomatshini ezibonakalayo.
4) Isixhobo sokubamba kufuneka sibe nendlela yokukhusela ukugqithiswa kwe-overload ukunciphisa impembelelo kwiseva
5) Isixhobo sokubamba ngokwaso sinomsebenzi wokuphucula ithrafikhi
6) Iqonga lokuthwebula linokujonga ithrafikhi yomatshini oqokelelweyo
Ukukhethwa kweMo yokuThatha iTrafikhi yoMatshini oSebenzayo kwiNdawo yamafu
Ukubanjwa kwetrafikhi yomatshini obonakalayo kwindawo yelifu kufuneka kuthunyelwe iprobe yokuqokelela kwi-node yekhompyutha. Ngokwendawo yendawo yokuqokelela enokusetyenziswa kwi-node yekhompyutha, imo yokubanjwa kwetrafikhi yomatshini obonakalayo kwindawo yelifu inokwahlulwa ibe ziindlela ezintathu:Imo yeArhente, Imo yoMatshini oSebenzayokwayeImo Yomsingathi.
Imo yoMatshini oSebenzayo: umatshini odibeneyo wokubamba i-virtual ufakwe kwi-host nganye ebonakalayo kwindawo yelifu, kwaye i-probe ethambileyo yokubamba ifakwa kwi-virtual machine yokubamba. I-traffic ye-host iboniswa kwi-virtual machine ngokubamba i-traffic yekhadi lenethiwekhi ebonakalayo kwi-virtual switch, kwaye emva koko umatshini wokubamba i-virtual udluliselwa kwi-platform yendabuko yokubamba i-traffic ebonakalayo ngekhadi lenethiwekhi elizinikeleyo. Emva koko isasazwe kwiqonga ngalinye lokujonga nokuhlaziya. Inzuzo kukuba i-softswitch bypass mirroring, engenalo ukungenelela kwikhadi lenethiwekhi yeshishini ekhoyo kunye nomatshini obonakalayo, inokuqonda umbono wotshintsho lomatshini obonakalayo kunye nokufuduka ngokuzenzekelayo kwemigaqo-nkqubo ngeendlela ezithile. Ingxaki kukuba akunakwenzeka ukufikelela kwindlela yokukhusela i-overload ngokubamba i-virtual machine efumana i-traffic ngaphandle, kwaye ubungakanani be-traffic enokubonwa bumiselwa kukusebenza kwe-virtual switch, enempembelelo ethile kuzinzo lwe-virtual switch. Kwindawo ye-KVM, iqonga lelifu kufuneka likhuphe itafile yokuhamba komfanekiso ngokulinganayo, enzima ukuyilawula nokuyigcina. Ingakumbi xa umatshini wokubamba usilela, umatshini wokubamba i-virtual uyafana nomatshini obonakalayo weshishini kwaye uya kufudukela kwii-host ezahlukeneyo kunye nezinye ii-virtual machine.
Imo yeArhente: Faka i-capturing soft probe (i-Agent Agent) kumatshini ngamnye obonakalayo ofuna ukubamba ithrafikhi kwindawo ekwilifu, kwaye ukhuphe ithrafikhi empuma nasentshona yendawo ekwilifu ngesoftware ye-Agent agent, kwaye uyisasaze kwiqonga ngalinye lohlalutyo. Iingenelo zezokuba ayixhomekekanga kwiqonga le-virtualization, ayichaphazeli ukusebenza kweswitshi ebonakalayo, ingahamba nomatshini obonakalayo, kwaye inokwenza ukucoca ithrafikhi. Iingxaki zezokuba ii-arhente ezininzi kakhulu kufuneka zilawulwe, kwaye impembelelo ye-Agent ngokwayo ayinakukhutshwa xa kwenzeka impazamo. Ikhadi lenethiwekhi yemveliso ekhoyo kufuneka yabelwane ngayo ukuze ithrafikhi isasazeke, enokuchaphazela ukusebenzisana kweshishini.
Imo Yomsingathi: ngokubeka i-probe ethambileyo yokuqokelela ezimeleyo kwi-host nganye ebonakalayo kwindawo yelifu, isebenza kwimo yenkqubo kwi-host, kwaye idlulisela i-traffic ebanjiweyo kwiqonga lendabuko lokubamba i-traffic ebonakalayo. Iingenelo zendlela epheleleyo yokudlula, akukho kungenelela kwi-virtual machine, ikhadi lenethiwekhi yeshishini kunye neswitshi ye-virtual machine, indlela elula yokubamba, ulawulo olulula, akukho mfuneko yokugcina i-virtual machine ezimeleyo, ukufunyanwa kwe-probe elula kunye nethambileyo kunokufezekisa ukhuseleko lokugqithisa. Njengenkqubo ye-host, inokujonga izixhobo ze-host kunye ne-virtual machine kunye nokusebenza ukuze ikhokele ukuthunyelwa kwesicwangciso sesibuko. Iingxaki kukuba kufuneka isebenzise inani elithile lezixhobo ze-host, kwaye impembelelo yokusebenza kufuneka inikwe ingqalelo. Ukongeza, amanye amaqonga e-virtual asenokungaxhasi ukuthunyelwa kwe-probes zesoftware zokubamba kwi-host.
Ngokwemeko yangoku yeshishini, imo ye-virtual machine inezicelo kwilifu likawonke-wonke, kwaye iMo ye-Agent kunye neMo ye-Host zinabasebenzisi abathile kwilifu labucala.
Ixesha leposi: Novemba-06-2024
