Information about Virtual Service Domains
A virtual service domain (VSD) allows you to classify and separate traffic for network services, such as firewalls, traffic monitoring, and those network services that are in support of compliance goals such as the Sarbanes Oxley Act.
Service Virtual Machine
A service virtual machine (SVM) provides the specialized service such as firewall, deep packet inspection (application aware networking), or monitoring. Each SVM has three virtual interfaces:
Interface |
Description |
---|---|
Management |
A regular interface that manages the SVM. This interface should have Layer 2 or Layer 3 connectivity, depending on its use. |
Incoming |
Guards the traffic coming into the VSD. Any packet coming into the VSD must go through this interface. |
Outgoing |
Guards the traffic going out of the VSD.. Any packet that originates in the VSD and goes out must go through the SVM and out through the outgoing interface. |
There is no source MAC learning on these interfaces. Each SVM creates a secure VSD. Interfaces within the VSD are shielded by the SVM.
Port Profiles
A VSD is the collection of interfaces that are guarded by the SVM providing the security service. Any traffic coming into the VSD or going out of the VSD has to go through the SVM.
Traffic that both originates and terminates within the same VSD does not need to be routed through the SVM because it is considered to be safe.
A VSD is formed by creating the following port profiles:
Port Profile |
Description |
---|---|
Inside |
Traffic originating from a VSD member goes into the service VM (SVM) through the inside port and comes out of the outside port before it is forwarded to its destination. |
Outside |
Traffic destined for a VSD member goes into the SVM through the outside port and comes out of the inside port before it is forwarded to its destination. |
Member |
Location for individual inside VMs. |
The following diagram shows that a single VEM takes the place of vSwitches. The SVMs define the following VSDs in the diagram.
VSD |
SVM (guard) |
Inside Port Profile |
Outside Port Profile |
Member Port Profile(s) |
---|---|---|---|---|
DB VSD |
SVM_db |
SVM_db_inside |
SVM_db_outside |
vEth_db1 vEth_db2 |
Web VSD |
SVM_web |
SVM_web_inside |
SVM_web_outside |
vEth_web |
Internet VSD |
SVM_Internet |
SVM_internet_inside |
SVM_internet_outside |
|
Default |
SVM VSD |
vEth Email |