7.Data Center architecture , Physical Connectivity and Deployment topology

VDIBuzz
14 Apr 202313:19

Summary

TLDRThe video script discusses the architecture of enterprise data centers, emphasizing the segregation into three network types: the Internet, DMZ, and internal LAN. It explains the function of each network and the importance of placing the Netscaler device according to the application's location. The script also covers connectivity redundancy, including switch and interface level, and introduces different deployment modes: 1-ARM, 2-ARM, and multi-ARM, explaining the scenarios and configurations for each.

Takeaways

  • 🏒 Data centers have three main network types: the Internet, DMZ (Demilitarized Zone), and the internal LAN (Local Area Network).
  • πŸ›‘οΈ The internal LAN network is where critical servers like domain controllers and storage are kept, with no direct visibility to the Internet.
  • 🚫 DMZ is a network segment that is exposed to the Internet and is used for hosting publicly accessible services like websites.
  • 🌐 Internet is the public network where users outside the organization reside, and all traffic to the DMZ first passes through the Internet.
  • πŸ“ Placement of a load balancer like Netscaler depends on where the application is hosted: in the DMZ or the internal LAN.
  • ⚠️ It's highly recommended to segregate Netscaler deployment between DMZ and internal LAN to avoid security risks if the DMZ is compromised.
  • πŸ”Œ Netscaler connectivity involves connecting it to network switches with redundancy at the switch and interface levels for high availability.
  • πŸ”„ There are different modes of operation for Netscaler: 1-Arm mode for single VLAN, 2-Arm mode for two VLANs, and multi-Arm mode for multiple VLANs.
  • πŸ”‘ Virtual IPs are used in 2-Arm and multi-Arm modes to differentiate client-facing IPs from backend server IPs, which are in different VLANs.
  • πŸ› οΈ Configuration complexity increases with the number of VLANs involved, with multi-Arm mode requiring advanced routing configurations.
  • βš™οΈ Redundancy is crucial for Netscaler deployment to ensure that failures in one switch or interface do not affect the load balancer's operation.

Q & A

  • What are the three types of segregation found in a data center?

    -The three types of segregation in a data center are the Internet, the DMZ (Demilitarized Zone) Network, and the Internal LAN (Local Area Network).

  • What is the purpose of the Internal LAN network in a data center?

    -The Internal LAN network is used to store critical servers such as domain controllers and storage, which should not have any visibility to the outside world, specifically the Internet.

  • What is a DMZ Network and why is it used?

    -A DMZ Network, also known as a Demilitarized Zone Network, is used to place devices that have direct exposure to the Internet, such as public-facing websites or applications.

  • Why should direct exposure of the Internal LAN to the Internet be avoided?

    -Direct exposure of the Internal LAN to the Internet should be avoided to protect critical servers from potential security threats and to maintain the integrity and confidentiality of internal data.

  • What is the recommended placement for a Netscaler when the application is hosted in the DMZ?

    -When an application is hosted in the DMZ, it is recommended to deploy the Netscaler in the DMZ as well to manage the traffic to and from the Internet.

  • In which scenario should a Netscaler be placed in the Internal LAN Network?

    -A Netscaler should be placed in the Internal LAN Network when the servers are intended for internal use only and are not exposed to the Internet.

  • What are the risks associated with using a single Netscaler for both DMZ and Internal LAN?

    -Using a single Netscaler for both DMZ and Internal LAN poses a risk where if the DMZ network is compromised, attackers might gain access to the Netscaler and potentially jump into the Internal LAN, compromising internal servers.

  • Why is redundancy important when connecting a Netscaler to a network switch?

    -Redundancy is important to ensure that if one switch or interface fails, there is an alternative path for traffic to flow, preventing downtime and maintaining the availability of the Netscaler.

  • What does 1R mode mean in the context of Citrix Netscaler deployment?

    -1R mode refers to a configuration where the Netscaler appliance connects to the network through a single VLAN, receiving and forwarding requests on the same VLAN.

  • What is the difference between 1R mode and 2R mode in Citrix Netscaler configurations?

    -In 1R mode, all traffic is handled within a single VLAN, whereas in 2R mode, the Netscaler receives requests on one VLAN and forwards them to the backend servers on a different VLAN.

  • What is multi-ARM mode and when is it used?

    -Multi-ARM mode is used when there are multiple VLANs involved in the network configuration. It allows the Netscaler to manage traffic across various VLANs, requiring routing configurations to direct traffic appropriately.

Outlines

00:00

🏒 Enterprise Data Center Architecture and Netscaler Placement

This paragraph discusses the fundamental structure of an enterprise data center, which includes the Internet, DMZ (Demilitarized Zone) Network, and the internal LAN (Local Area Network). The internal LAN is highlighted as a secure area for critical servers with no direct exposure to the Internet. The DMZ Network is described as a zone for exposing public-facing services like websites to the Internet, protected by firewalls or routers. The importance of proper placement for the Netscaler, a load balancer, is emphasized, suggesting it should be placed either in the DMZ for Internet-facing applications or in the internal LAN for internal applications. The paragraph also touches on the risk of using a single Netscaler for both DMZ and internal networks, which is not recommended due to security concerns.

05:02

πŸ”Œ Netscaler Connectivity and Redundancy in Data Centers

The second paragraph delves into the connectivity and redundancy strategies for the Netscaler appliance within a data center environment. It explains the necessity of connecting the Netscaler to two different network switches to ensure redundancy at the switch and interface levels. This setup helps prevent service disruption in case of a switch or port failure. Additionally, the paragraph introduces the concept of high availability by recommending the deployment of two Netscalers to avoid a single point of failure. The explanation also covers different modes of operation for the Netscaler, including 1R mode where all traffic is handled on a single VLAN, setting the stage for further discussion on more complex configurations.

10:03

πŸ›€οΈ Understanding 1R, 2R, and Multi-ARM Modes for Netscaler Configuration

The final paragraph explains the different modes for configuring the Netscaler in various network setups. The 1R mode is a straightforward configuration where the Netscaler operates on a single VLAN, suitable for clients who prefer simplicity and do not require multiple VLANs. The 2R mode involves two VLANs, with the client requests received on one VLAN and backend server communication on another, offering a more complex setup for organizations needing to separate client and server traffic. Lastly, the multi-ARM mode is introduced for environments with multiple VLANs, where routing becomes essential to manage traffic across various networks. This paragraph provides a clear distinction between the modes, helping to guide the configuration process based on the client's network requirements.

Mindmap

Keywords

πŸ’‘Enterprise data center

An enterprise data center is a large-scale facility used by organizations to house, operate, and manage their critical IT infrastructure and applications. It is central to the video's theme as it sets the context for the discussion on network architecture and the placement of Citrix Netscaler. The script mentions the importance of understanding the data center structure before deploying a Netscaler, emphasizing its role in the overall IT strategy.

πŸ’‘Segregation

In the context of the video, segregation refers to the division of a network into different segments for security and management purposes. The script discusses three types of network segregation: the Internet, DMZ (Demilitarized Zone), and internal LAN (Local Area Network). This concept is crucial for understanding how to secure and organize network resources effectively.

πŸ’‘DMZ Network

The DMZ, or Demilitarized Zone, is a neutral security zone within a network that exposes certain services to the Internet while keeping the internal network secure. The video script explains that the DMZ is where public-facing services like websites are hosted, and it's a key concept for discussing where to deploy the Netscaler for load balancing and security.

πŸ’‘Internal LAN Network

The internal LAN network is a private network used within an organization, typically not accessible from the Internet. The script describes it as the place where critical servers like domain controllers and storage are kept, with no direct exposure to the outside world, highlighting its importance for maintaining security and control over sensitive data.

πŸ’‘NetScaler

NetScaler is a Citrix product that provides application delivery and load balancing services. The video script discusses the placement of the NetScaler in different network zones (DMZ or internal LAN) depending on the application's location, which is central to the video's message about optimizing network performance and security.

πŸ’‘Redundancy

Redundancy in networking refers to the inclusion of backup components to prevent system failure and ensure continuous operation. The script explains the importance of redundancy at the switch level, interface level, and NetScaler level, illustrating how to connect multiple cables to different switches to avoid single points of failure.

πŸ’‘1-Arm Mode

1-Arm Mode is a configuration where the Citrix ADC appliance connects to the network through a single VLAN, receiving and forwarding requests on the same VLAN. The script uses this term to describe a simple setup where there is no need for routing between the client and server VLANs, which is relevant for environments that prefer minimal complexity.

πŸ’‘2-Arm Mode

2-Arm Mode is a configuration where the Citrix ADC appliance connects to the network through two VLANs, receiving requests on one VLAN and forwarding them to the server on another. The video script explains this mode as involving two VLANs, one for client requests and another for backend server communication, which is important for understanding more complex network setups.

πŸ’‘Multi-Arm Mode

Multi-Arm Mode is a configuration where multiple VLANs are involved in the network setup, with different servers and interfaces on different VLANs. The script describes this mode as requiring routing configurations to manage traffic between various VLANs, which is essential for understanding how to handle large-scale or multi-tiered network environments.

πŸ’‘Virtual IP

A Virtual IP is an IP address used by a load balancer or ADC appliance to represent a group of servers to clients. The script mentions it in the context of a customer-facing IP in a 2-Arm Mode setup, which is important for understanding how traffic is managed and distributed in complex network configurations.

πŸ’‘Routing

Routing is the process of directing network traffic between different networks or subnets. The video script discusses the importance of routing in the context of Multi-Arm Mode, where traffic must be managed across multiple VLANs. This concept is key to understanding how data flows through complex network architectures.

Highlights

Enterprise data center architecture includes three types of segregation: Internet, DMZ Network, and Internal LAN.

Internal LAN network is for critical servers like domain controllers and storage, with no direct exposure to the Internet.

DMZ Network, also known as Demilitarized Zone, is for devices with direct exposure to the Internet, such as public-facing websites.

Internet traffic should first reach the DMZ, then pass through firewalls or routers to reach internal servers.

NetScaler placement depends on where applications are hosted: DMZ for Internet-facing applications, Internal LAN for internal servers.

Deploying NetScaler in both DMZ and Internal LAN is possible but not recommended due to security risks.

Redundancy is crucial in NetScaler connectivity; use two cables to different switches for each NetScaler.

Switch-level redundancy ensures that if one switch fails, the other can maintain connectivity.

Interface-level redundancy provides backup in case a specific port on a switch fails.

NetScaler-level redundancy involves deploying two NetScalers for high availability.

1R mode is for configurations where all servers and NetScalers are on the same VLAN, simplifying the setup.

2R mode involves two VLANs, with the NetScaler receiving client requests on one VLAN and sending to servers on another.

Multi-ARM mode is for configurations with multiple VLANs, requiring routing configurations for traffic management.

Understanding the server range and VLAN is essential for deciding on the appropriate NetScaler deployment mode.

Security is a primary concern; compromised DMZ networks can pose risks to internal servers if not properly segregated.

NetScaler connectivity requires careful planning to ensure redundancy at the switch, interface, and NetScaler levels.

Different deployment modes (1R, 2R, Multi-ARM) cater to varying network complexities and security requirements.

Transcripts

play00:00

let's discuss about Enterprise data

play00:02

center so this is very important to

play00:05

understand before you deploy your let's

play00:07

killer Okay so if you

play00:12

see this in any data center you will

play00:15

have three types of you know segregation

play00:17

one you have internet on which all your

play00:20

client may be resides and then we have

play00:23

something called DMZ Network

play00:27

sorry yeah something called DMZ Network

play00:29

so and then we have a internal Lan

play00:32

Network so let me tell you what is

play00:34

internal Land network internal Land

play00:36

network it is nothing but a place where

play00:38

you are going to keep your all the

play00:40

critical servers such as your domain

play00:42

controllers storage

play00:43

etc etc which is which should not have

play00:46

any visibility to the outside world when

play00:48

I say outside world it is to the

play00:50

internet okay we should not have any

play00:52

direct exposure to Internet that is the

play00:54

uh Appliance all those Appliance will

play00:57

comes under internal Land network okay

play00:59

so here you can see you have servers you

play01:02

have storage you have routers switches

play01:04

and client also client are nothing but

play01:07

your internal users which is sitting

play01:09

inside your network

play01:11

then we have a DMZ Network what is DMZ

play01:14

Network this is also called all also we

play01:17

are calling it as demilitarized zone

play01:19

networks why we call it as beam literacy

play01:21

Zone Network because here we are going

play01:23

to place a device which is having a

play01:25

direct exposure to internet okay so for

play01:28

example let's say you have a public

play01:30

facing website okay so that you need to

play01:33

deploy on the DMZ Network itself you

play01:35

should not deploy that on the internal

play01:37

land side so DMS is a place where we are

play01:40

going to expose your servers or websites

play01:43

or application to the internet okay so

play01:46

all those things comes under DMZ then

play01:48

internet which already mentioned this is

play01:50

the users which is sitting on the public

play01:52

internet okay so all the traffic first

play01:55

should come to the DMC if it is coming

play01:57

from the internet and it should cross

play01:59

your you know DMZ internet DMZ firewall

play02:03

or router whatever then it will reach

play02:05

your servers which is hosted here okay

play02:07

so your internet should not have direct

play02:10

visibility to

play02:11

Network so this is not at all recommend

play02:14

you know it's not a recommendation it's

play02:17

it's how that it is because your DMZ

play02:20

only should be exposed and internal

play02:22

should not expose to anything outside

play02:24

okay this is the Enterprise data center

play02:26

architecture this is how your most of

play02:28

the data center really looks like and

play02:30

some data center may have some

play02:32

complicated architecture but in general

play02:34

this is architecture you will find in

play02:36

any data centers

play02:38

so now the question is coming

play02:41

that's killer placement so where to

play02:43

place do you know where to keep the net

play02:46

scalar either I should keep the

play02:47

netscaler in DMZ or I should keep the

play02:49

net Skiller in Lan Network so this is

play02:51

the scenario most of the people may come

play02:53

across so

play02:56

let me brief you about this

play03:04

so for example let's say you have an

play03:06

application which is hosted in the DMZ

play03:09

for example you wanted you wanted to

play03:11

expose your uh websites to the internet

play03:15

okay and those websites are sorry those

play03:18

servers which is responsible for the

play03:20

websites are in your DMZ Network then

play03:22

you need to deploy your net scale in the

play03:24

DMZ and then you can expose this to the

play03:27

Internet so this is how you're going to

play03:29

decide you need to ask the customer

play03:30

where is the application hosted customer

play03:32

you will tell my application are hosted

play03:34

in DMZ then you need to deploy your next

play03:36

calendar the DMZ itself okay so this is

play03:39

one scenario and the second scenario is

play03:47

netskiller in Lan or internal Network

play03:49

Okay so

play03:51

this is the scenario where your servers

play03:54

are in the internal Zone itself for

play03:55

example your storefront server the

play03:57

storefront server is not you're going to

play03:58

know you're not going to give that

play03:59

storage server over the internet right

play04:01

so your storefront server is only for

play04:04

the internal users so that time you need

play04:06

to deploy your net scale around the

play04:07

internal Lan Network you you should not

play04:10

deploy on the DMZ and you can do the

play04:12

configuration it has to be on the uh

play04:15

internal itself so always keep it in a

play04:17

mind you need to deploy your netskiller

play04:20

where your server exists either in the

play04:22

DMZ or on the internal Lan so you cannot

play04:25

Deploy on the DMZ and you can configure

play04:27

the servers on the back end so I'll come

play04:29

to that point such configuration also

play04:31

exist but as a best practice you also

play04:33

always you have to segregate if it is an

play04:35

internal you have to deploy it in the

play04:37

internal if your service is in the DMZ

play04:39

you need to deploy it on the DMC Network

play04:41

okay and the third one is netscaler in

play04:44

DMZ as well as internal Network so many

play04:46

some customers they have application

play04:48

which is also available in the DMZ and

play04:51

also available in the internal so if he

play04:54

is having a budget constraint or budget

play04:56

issues to buy multiple net scaler then

play04:59

you can use the same net scalar to do

play05:01

the load balancing of your DMZ as well

play05:03

as your internal but it is highly highly

play05:07

highly not recommended why because for

play05:09

example let's say if your DMZ Network

play05:12

got compromised then use uh the attacker

play05:15

might get access to your netscaler and

play05:17

through netscaler he can jump into your

play05:19

internal servers Etc so that is why I

play05:21

always

play05:22

recommending to do the segregation so

play05:25

even though customer is telling that you

play05:28

know I wanted to use the same netscaler

play05:30

you should highlight this risk okay so

play05:33

if your DMZ Network or compromise

play05:35

because chances are compromising DMZ

play05:37

Network are more because users having a

play05:40

direct access to your DFC Network right

play05:42

or the internet

play05:43

so that is why so you need to deploy

play05:45

your net scalar accordingly but although

play05:48

you can also use the same netskiller to

play05:50

do the load balancing of your DMZ as

play05:52

well as internal Network however there

play05:54

is a risk which I highlighted so this is

play05:57

the three water method you can use to

play05:59

deploy your netskiller so either DMZ or

play06:02

internal or both so netscaler Apple

play06:06

Appliance connectivity this is very

play06:07

important so most of the people who are

play06:10

working on netscaler maybe VPX or if

play06:14

they are not worked on MPX they may have

play06:16

a question how I can I can connect my

play06:18

netscaler to the uh switch okay so for

play06:22

for those people I'm going to explain

play06:24

this is how we are going to connect your

play06:26

netscaler so let's

play06:29

okay so once you decide you are placing

play06:32

in internal Lan or DMZ then the second

play06:35

part comes the connectivity okay so how

play06:37

you are going to connect your Appliance

play06:40

so see guys you have a switch right so

play06:43

you have a network switch so to this

play06:44

network switch you may have a back-end

play06:46

connectivity to the servers

play06:48

or your computer Etc

play06:50

so now you placed your netscaler in the

play06:53

rack okay so this is rack mounted and uh

play06:57

now you need to do the cabling okay so

play07:00

what you have to do you need to connect

play07:02

one end of the cable to the switch and

play07:04

another end to one particular switch

play07:06

Port okay so this is switch number one

play07:09

and this is switch number two always

play07:11

make sure that you have two switches to

play07:14

connect your net scaler for the

play07:16

redundancy I will tell you why so first

play07:18

cable you need to connect to the first

play07:20

interface

play07:21

second cable you need to connect to the

play07:22

second interface okay different switches

play07:25

first interface to the first switch

play07:27

second interface to the second switch

play07:29

similarly you have another Appliance

play07:32

this is for the h a

play07:34

you may have a high availability so you

play07:36

will have another Appliance so here also

play07:38

first it should go to the first switch

play07:41

over here and the second we should go

play07:43

over here so this is how you need to

play07:45

connect why because let's say if this

play07:48

switch goes down due to some reason

play07:50

power failure whatever it is so you'll

play07:52

have a redundancy of the switch

play07:54

okay so this is the switch level

play07:57

redundancy we are talking about

play07:59

now coming into the interface level

play08:00

redundancy for example let's say you

play08:03

connected to this port right if this

play08:04

port is having any issue

play08:06

let's say this port is gone due to some

play08:09

issue then still you have you know

play08:11

another report connected to this to your

play08:14

net scaler so you'll have a redundancy

play08:16

on the interface level also

play08:18

okay so for example if you do not

play08:20

connect like that then if this interface

play08:22

goes down means your internet scalar may

play08:24

go down so now if you are connected two

play08:27

cables one for the one interface another

play08:29

for the another interface then you have

play08:31

redundancy over the interface level as

play08:34

well okay this is so we have seen switch

play08:37

level we have seen interface level

play08:39

redundancy now coming into the net

play08:41

scalar level so now we deployed two net

play08:43

scalar right so even though if this net

play08:45

scalar goes down also then still you

play08:47

have this net scalar so this is how you

play08:50

need to plan and you need to configure

play08:53

or you need to connect your cables to

play08:54

the switch so always connect two cables

play08:58

from each netscaler to different

play09:00

switches so that you will have a

play09:02

complete redundancy over the failures

play09:04

okay so hope this this is clear for you

play09:08

guys

play09:12

so as you may see uh just to avoid

play09:15

confusion I took only one net Skiller

play09:16

here so I connected one cable to this

play09:19

and another cable to the this one

play09:21

similarly you need to connect the other

play09:23

net scaler also to here and to here okay

play09:29

so now going to the next topic which is

play09:33

1R mode to on mode 3r mode

play09:36

so some of somebody asked how I can

play09:39

consider which mode to go so as the

play09:42

statement says

play09:44

one hour mode you can connect Citrix

play09:46

Appliance to the network through a

play09:47

single VLAN the appliance receives the

play09:50

request from the client on a single VLAN

play09:52

and it sends the request to the server

play09:54

on the same VLAN so if you see here

play09:57

let's say you have a network which is

play10:01

configured as single level and it means

play10:02

your servers are sitting in this range

play10:04

which is 192.168 10.5 10.6 10.7 okay

play10:08

this is the same VLAN similarly on the

play10:11

net scalar also you configure the same

play10:13

which is 192 16 10.3 10.4 10.5 so in

play10:18

this case everything is on a single

play10:20

Network or single VLAN Okay so

play10:24

in this case we are confirm we are

play10:27

referring this as a one hour mode where

play10:29

all your you know servers and your

play10:31

netskiller are you are going to deploy

play10:34

it on a single VLAN so you are not

play10:36

introducing complexity so it is very

play10:38

simple configuration so this is

play10:40

referring it as a one hour mode where

play10:42

everything is on a single VLAN so you

play10:44

need to ask your customer when you are

play10:46

going to deploy what is my server range

play10:49

what is the server VLAN and what is the

play10:51

netscaler you wanted to configure okay

play10:54

so if the customer says that no I don't

play10:56

want complexity I want everything in a

play10:58

same VLAN then it is referring it and

play11:01

then we are referring it as a one hour

play11:02

mode

play11:05

sorry

play11:07

so now coming into the second part which

play11:10

is 2R mode so in two or more setup you

play11:13

connect the Citrix ADC Appliance to the

play11:15

network through two vlans

play11:17

the appliance receives the request from

play11:19

the client on a one VLAN and send it

play11:22

send the request to the server on the

play11:24

another VLAN so if you see this diagram

play11:27

here so here you see 192 168 10.5 10.6

play11:31

10.7 so these are all in same VLAN okay

play11:36

so then you have something called

play11:38

something in red right whip virtual IP

play11:40

I'll tell you what is virtual IP later

play11:42

but this is a customer facing IP okay

play11:44

this is the IP user will access so now

play11:47

this IP is different as you can see

play11:49

10.163.1.5 so it means this is in a

play11:53

different VLAN and this is you know

play11:54

different back end is in a different

play11:56

VLAN now two vlans are involved in this

play11:58

configuration so now this is called as

play12:01

2R mode where you re you are getting the

play12:05

request in one VLAN and you are sending

play12:08

that request to the backend on another

play12:10

VLAN okay so this is called 2R mode okay

play12:15

so here two vlans are involved one for

play12:18

the request from the client and another

play12:20

for the backend communication with your

play12:22

servers

play12:25

and the last one is multi-air mode

play12:27

multi-air mode is nothing but here you

play12:29

have multiple vlans uh you know involved

play12:32

for example let's say your server first

play12:34

first server it is in a 10 163 1.5

play12:36

second is

play12:37

172.29.1.5 third one is

play12:40

192.168.1.5 so all these are in a

play12:42

different range and it is in a different

play12:44

VLAN so similarly in ADC if you see nsip

play12:47

is in 10.183 VP is 10.145 Snip is a

play12:52

different 100.163 Etc so here we have

play12:55

involved multiple vlans so in this case

play12:58

we are referring it as a multi-arm mode

play13:00

so you need to do the config there is no

play13:04

specific configuration for all these

play13:05

things you just need to play in the

play13:07

routing part How We Roll traffic you

play13:09

know how you are going to do the routing

play13:11

for all this configuration that's it

play13:13

okay so this is how we are referring it

play13:15

as 1R 2R and multi-air mode

Browse More Related Video

USF IT Video Part 3

Wireless LAN Architecture

Pengalamatan Jaringan Komputer (MAC, IP, Gateway, DNS) | Network Fundamental Learning Series #5

Wireless and Mobile Network

Splunk Components | universal forwarder | Heavy forwarder

Advanced Networking - #6 ICMP [EN]

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Data CenterNetwork SegregationDMZ NetworkInternal LANInternet TrafficNetscalerLoad BalancingRedundancyConnectivityEnterprise IT