|
|
|
In This Section: |
You can manage a VSX deployment using Multi-Domain Security Management. This chapter assumes that you are familiar with the Multi-Domain Security Management product. Only procedures specific to VSX deployments are discussed.
Check Point Multi-Domain Security Management is a centralized security management solution that addresses the unique requirements of service providers and large enterprises. By using Multi-Domain Security Management, administrators can centrally manage multiple independent networks, often belonging to different Domains, divisions, or branches.
Item |
Description |
|---|---|
1 |
SmartDomain Manager |
2 |
Multi-Domain Server |
3 |
SmartDashboard |
4 |
Domain Management Server |
5 |
Main Domain Management Server |
6 |
VSX Gateway |
7 |
Virtual Systems in Domain Management Servers |
The Multi-Domain Server is a central management server that hosts the network management and security policy databases for these networks. Each independent domain is represented by a Domain, which provides the full functionality of a Security Gateway. Each Domain Management Server can host Virtual Systems, Virtual Routers and Virtual Switches as well as physical Check Point Gateways.
The Domain Management Server that manages a VSX Gateway or cluster is known as a Main Domain Management Server. You can host multiple Gateways and/or clusters on one Multi-Domain Server. Virtual Systems belonging to a given Domain can be distributed among multiple VSX Gateways and clusters.
The SmartDomain Manager is a centralized management solution for Domains, Domain Management Servers and the Multi-Domain Security Management environment. Each Domain Management Server uses its own instance of SmartDashboard, which is accessible only via the SmartDomain Manager, to provision its virtual devices and physical Gateways, as well as to manage their security policies.
The procedures for provisioning and configuring VSX Gateways, clusters and virtual devices using the Multi-Domain Security Management model are essentially the same as described for the Security Gateway management model. The principle difference is that you must first create and configure each Domain and its associated Domain Management Server objects using the SmartDomain Manager.
Each individual Domain Management Server is functionally equivalent to one Security Gateway. It has its own SmartDashboard instance that you use to provision, configure and manage network objects and security policies.
The steps for provisioning a VSX environment in using the Multi-Domain Security Management model are as follows:
This section briefly presents the procedures for installing and deploying Multi-Domain Server machines in a VSX / Multi-Domain Security Management environment.
When working with management High Availability, you define at least two Multi-Domain Server machines. You can also employ multiple Multi-Domain Server machines to efficiently distribute management traffic (management Load Sharing) by creating multiple Domain Management Servers for individual Domains. For Load Sharing, define a Domain Management Server for each Multi-Domain Server.
When defining and managing virtual devices in Multi-Domain Security Management, you must use the SmartDashboard associated with a specific Domain Management Server. Otherwise, the configuration procedures are identical to those for a Security Gateway management model. Multi-Domain Security Management treats virtual devices much in the same manner as physical devices.
You can add as many Virtual Systems to Domain Management Servers as your license permits. Virtual Systems added to a Domain Management Server do not have to reside on the same VSX Gateway or cluster.
To add a new Virtual System to a Domain Management Server:
To add Virtual Routers and Virtual Switches to a Domain Management Server:
