Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

shared environment security

I am tasked with designing a solution for securing a datacenter from the corporate environment. Several different properties are hosted from one datcenter which is connect to the corporate environment via a few T1s. The question is how do I provide each "client"/property the adaquate access to their site while securing each from each other.

My first thought is to use VLANs in the switch environment and filter routes into the datacenter so that downstream corporate sites can only route to datacenter if they absolutely need to. I planned on putting a PIX to further separate the datacenter from corporate environment. Finally my plan was to put a VPN box to force users to authenticate and control what and where each each user has access.

What else can I use to accomplish this goal? I was considering Private VLANs which should isolate each client/property but would that be possible using 2980Gs as my access switch? What would that really buy me? If anyone has any docs or case studies that I can read that would be great. Thanks in advance.

  • Other Security Subjects
2 REPLIES
Bronze

Re: shared environment security

I don't think you can terminate T1s in catalyst switches, of course you can configure AAA on cisco routers and make the users sign up for their accessability. What you would require is a radius or a Tacacs+ server.

New Member

Re: shared environment security

The T1s are going into 3640 routers. On the other side there are 2621 terminating the T1s. I am already running Cisco ACS secure for both TACACS+ authentication and authorization and Radius for our VPN connections.

The question was geared for a more general response. Like what is the best method of securing a share datacenter and access to said datacenter. If the two clients of the shared datacenter are on the same switch infrastructure how can private vlans help secure? If the administrator for one of the clients of the share datacenter needs remote access how do I lock the environment down so that he cannot access other clients in the share enviroment?

214
Views
0
Helpful
2
Replies
This widget could not be displayed.