Duab Tamper Kev Tiv Thaiv: RPM kos npe thiab kos npe pov thawj
rau tag nrho cov pob RPM hauv ISO thiab hloov kho cov duab.
RPM Kos Npe: Txhua pob RPM hauv Cisco Enterprise NFVIS ISO
thiab hloov kho cov duab kos npe los xyuas kom meej cryptographic ncaj ncees thiab
kev tseeb.

RPM Kos Npe Txheeb Xyuas: Kos npe ntawm txhua pob RPM yog
txheeb xyuas ua ntej kev teeb tsa lossis hloov kho.
Daim Duab Kev Ncaj Ncees: Hash ntawm Cisco NFVIS ISO duab
thiab hloov kho cov duab yog luam tawm kom ntseeg tau tias muaj kev ncaj ncees ntxiv
tsis yog RPM files.

ENCS Secure Boot: Ib feem ntawm UEFI tus qauv, xyuas kom meej tias cov
ntaus khau raj tsuas yog siv cov software ntseeg siab.
Secure Unique Device Identification (SUDI): Muab lub cuab yeej
nrog rau tus neeg tsis hloov pauv los txheeb xyuas nws qhov tseeb.

Kev teeb tsa

Txhawm rau nruab NFVIS software, ua raws li cov kauj ruam no:

Xyuas kom meej tias cov duab software tsis tau tampered nrog
txheeb xyuas nws qhov kos npe thiab kev ncaj ncees.

Yog tias siv Cisco Enterprise NFVIS 3.7.1 thiab tom qab ntawd, xyuas kom meej tias
daim ntawv pov thawj kos npe hla thaum lub sijhawm teeb tsa. Yog nws ua tsis tau,
lub installation yuav raug rho tawm.
Yog tias hloov kho dua tshiab los ntawm Cisco Enterprise NFVIS 3.6.x rau Tso
3.7.1, RPM kos npe raug txheeb xyuas thaum hloov kho. Yog tias
kos npe pov thawj ua tsis tiav, ib qho yuam kev raug kaw tab sis qhov kev txhim kho yog
ua tiav.

Yog tias hloov kho dua tshiab los ntawm Tso Tawm 3.7.1 mus rau tom qab tso tawm, RPM
kos npe raug txheeb xyuas thaum cov duab hloov kho tau sau npe. Yog
daim ntawv pov thawj kos npe ua tsis tiav, kev txhim kho yog rho tawm.
Txheeb xyuas qhov hash ntawm Cisco NFVIS ISO duab lossis hloov kho duab
siv cov lus txib: /usr/bin/sha512sum <image_filepath>. Sib piv cov hash nrog cov luam tawm
hash kom muaj kev ncaj ncees.

Ruaj ntseg khau raj

Kev ruaj ntseg khau raj yog ib qho feature muaj nyob rau ntawm ENCS (disabled los ntawm lub neej ntawd)
uas ua kom lub cuab yeej tsuas khau raj siv cov software ntseeg siab. Rau
pab kom ruaj ntseg khau raj:

Xa mus rau cov ntaub ntawv ntawm Secure Boot of Host kom paub ntxiv
cov ntaub ntawv.

Ua raws li cov lus qhia uas tau muab los ua kom muaj kev ruaj ntseg khau raj ntawm koj
ntaus ntawv.

Kev Ruaj Ntseg Cim Ntaus Ntaus Ntaus (SUDI)

SUDI muab NFVIS tus kheej hloov pauv tsis tau, txheeb xyuas qhov ntawd
nws yog cov khoom Cisco tiag tiag thiab ua kom nws muaj kev lees paub hauv lub
cov neeg siv khoom cov khoom lag luam.

FAQ

Q: NFVIS yog dab tsi?

A: NFVIS sawv cev rau Network Function Virtualization
Infrastructure Software. Nws yog software platform siv los xa tawm
thiab tswj cov haujlwm virtual network.

Q: Kuv tuaj yeem txheeb xyuas qhov tseeb ntawm NFVIS ISO duab lossis
upgrade duab?

A: Txhawm rau txheeb xyuas qhov tseeb, siv cov lus txib
/usr/bin/sha512sum <image_filepath> thiab sib piv
lub hash nrog cov hash luam tawm los ntawm Cisco.

Q: Puas yog kev ruaj ntseg khau raj qhib los ntawm lub neej ntawd ntawm ENCS?

A: Tsis yog, kev ruaj ntseg khau raj raug kaw los ntawm lub neej ntawd ntawm ENCS. Nws yog
pom zoo kom qhib kev ruaj ntseg khau raj rau txhim kho kev ruaj ntseg.

Q: Lub hom phiaj ntawm SUDI hauv NFVIS yog dab tsi?

A: SUDI muab NFVIS tus kheej thiab hloov tsis tau tus kheej,
kom ntseeg tau nws qhov tseeb raws li Cisco cov khoom lag luam thiab txhawb nqa nws
paub nyob rau hauv cov neeg siv khoom cov khoom siv system.

View Fullscreen

Kev xav txog kev nyab xeeb
Tshooj lus no piav qhia txog kev nyab xeeb thiab kev xav hauv NFVIS. Nws muab qib siab tshajview ntawm kev ruaj ntseg ntsig txog cov khoom hauv NFVIS los npaj lub tswv yim kev ruaj ntseg rau kev xa tawm tshwj xeeb rau koj. Nws tseem muaj cov lus pom zoo txog kev coj ua zoo tshaj plaws rau kev tswj hwm cov ntsiab lus tseem ceeb ntawm kev ruaj ntseg network. NFVIS software muaj kev ruaj ntseg embedded txoj cai los ntawm installation los ntawm tag nrho cov software txheej. Cov tshooj tom ntej no tsom mus rau cov kev ruaj ntseg sab nraud xws li kev tswj hwm kev lees paub, kev ncaj ncees thiab t.amper kev tiv thaiv, kev tswj kev sib kho, kev ruaj ntseg ntaus ntawv thiab lwm yam.

· Kev teeb tsa, nyob rau nplooj 2 · Kev Ruaj Ntseg Ntaus Ntaus Ntaus, nyob rau nplooj 3 · Ntaus Ntaus, nyob rau nplooj 4

Kev txiav txim siab txog kev nyab xeeb 1

Kev teeb tsa

Kev xav txog kev nyab xeeb

· Infrastructure Management Network, ntawm nplooj 22 · Kev Tiv Thaiv Cov Ntaub Ntawv Hauv Zos, ntawm nplooj 23 · File Hloov, nyob rau nplooj 24 · Logging, nyob rau nplooj 24 · Virtual Machine kev ruaj ntseg, nyob rau nplooj 25 · VM Isolation thiab Resource provisioning, nyob rau nplooj 26 · Secure Development Lifecycle, nyob rau nplooj 29

Kev teeb tsa
Txhawm rau kom ntseeg tau tias NFVIS software tsis tau tampered nrog, cov duab software raug txheeb xyuas ua ntej kev teeb tsa siv cov txheej txheem hauv qab no:

Duab Tamper Kev Tiv Thaiv
NFVIS txhawb RPM kos npe thiab kos npe pov thawj rau txhua pob RPM hauv ISO thiab hloov kho cov duab.

RPM Kos npe

Tag nrho cov pob RPM hauv Cisco Enterprise NFVIS ISO thiab hloov kho cov duab tau kos npe los xyuas kom meej cryptographic kev ncaj ncees thiab muaj tseeb. Qhov no lav tias cov pob khoom RPM tsis tau tampered nrog thiab cov pob RPM yog los ntawm NFVIS. Tus yuam sij ntiag tug siv los kos npe rau cov pob khoom RPM yog tsim thiab tswj xyuas kom ruaj ntseg los ntawm Cisco.

RPM Kos Npe Txheeb Xyuas

NFVIS software txheeb xyuas qhov kos npe ntawm tag nrho cov pob RPM ua ntej kev teeb tsa lossis hloov kho. Cov lus hauv qab no piav qhia txog Cisco Enterprise NFVIS tus cwj pwm thaum qhov kev txheeb xyuas kos npe ua tsis tiav thaum lub teeb tsa lossis hloov kho.

Scenario

Kev piav qhia

Cisco Enterprise NFVIS 3.7.1 thiab tom qab kev teeb tsa Yog tias daim ntawv pov thawj kos npe ua tsis tiav thaum txhim kho Cisco Enterprise NFVIS, lub installation raug rho tawm.

Cisco Enterprise NFVIS hloov kho los ntawm 3.6.x rau Tso 3.7.1

RPM kos npe raug txheeb xyuas thaum qhov kev txhim kho tau ua tiav. Yog tias qhov kev lees paub kos npe ua tsis tiav, qhov yuam kev raug kaw tab sis kev txhim kho tiav lawm.

Cisco Enterprise NFVIS hloov kho los ntawm Tso Tawm 3.7.1 Cov RPM kos npe raug txheeb xyuas thaum hloov kho

rau tom qab tso tawm

daim duab tau sau npe. Yog tias qhov kev lees paub kos npe ua tsis tiav,

kev hloov kho yog rho tawm.

Daim duab Integrity Verification
RPM kos npe thiab kos npe pov thawj tuaj yeem ua tiav rau RPM pob khoom muaj nyob hauv Cisco NFVIS ISO thiab hloov kho cov duab. Txhawm rau kom muaj kev ncaj ncees ntawm txhua qhov ntxiv uas tsis yog RPM files muaj nyob rau hauv Cisco NFVIS ISO duab, ib tug hash ntawm Cisco NFVIS ISO duab yog luam tawm nrog rau cov duab. Ib yam li ntawd, ib qho hash ntawm Cisco NFVIS hloov kho cov duab tau luam tawm nrog rau daim duab. Txhawm rau txheeb xyuas qhov hash ntawm Cisco

Kev txiav txim siab txog kev nyab xeeb 2

Kev xav txog kev nyab xeeb

ENCS Secure Boot

NFVIS ISO duab lossis hloov kho cov duab phim cov hash luam tawm los ntawm Cisco, khiav cov lus txib hauv qab no thiab sib piv cov hash nrog cov hash luam tawm:
% /usr/bin/sha512sumFile> c2122783efc18b039246ae1bcd4eec4e5e027526967b5b809da5632d462dfa6724a9b20ec318c74548c6bd7e9b8217ce96b5ece93dcdd74fda5e01bb382ad607
<ImageFile>
ENCS Secure Boot
Kev ruaj ntseg khau raj yog ib feem ntawm Unified Extensible Firmware Interface (UEFI) tus qauv uas ua kom ntseeg tau tias cov cuab yeej khau raj tsuas yog siv cov software uas ntseeg siab los ntawm Cov Khoom Siv Tseem Ceeb (OEM). Thaum NFVIS pib, lub firmware kos npe kos npe ntawm cov khau raj software thiab lub operating system. Yog tias kos npe siv tau, lub cuab yeej khau raj, thiab lub firmware muab kev tswj hwm rau lub operating system.
Kev ruaj ntseg khau raj muaj nyob rau ntawm ENCS tab sis raug kaw los ntawm lub neej ntawd. Cisco xav kom koj ua kom muaj kev ruaj ntseg khau raj. Yog xav paub ntxiv, saib Secure Boot of Host .
Kev Ruaj Ntseg Ntaus Ntaus Ntaus Ntaus
NFVIS siv lub tshuab hu ua Secure Unique Device Identification (SUDI), uas muab nws tus kheej hloov tsis tau. Cov ntaub ntawv no yog siv los xyuas kom meej tias cov cuab yeej yog cov khoom Cisco tiag tiag, thiab kom ntseeg tau tias cov cuab yeej paub zoo rau cov neeg siv khoom cov khoom siv.
Lub SUDI yog daim ntawv pov thawj X.509v3 thiab ib qho tseem ceeb-pair uas muaj kev tiv thaiv hauv kev kho vajtse. Daim ntawv pov thawj SUDI muaj cov khoom lag luam thiab tus lej xov tooj thiab tau hauv paus hauv Cisco Public Key Infrastructure. Cov khub tseem ceeb thiab daim ntawv pov thawj SUDI tau muab tso rau hauv cov khoom siv kho vajtse thaum lub sijhawm tsim khoom, thiab tus yuam sij ntiag tug tsis tuaj yeem raug xa tawm.
SUDI-raws li tus kheej tuaj yeem siv los ua qhov tseeb thiab tsis siv neeg teeb tsa siv Zero Touch Provisioning (ZTP). Qhov no ua rau muaj kev ruaj ntseg, tej thaj chaw deb ntawm cov khoom siv, thiab xyuas kom meej tias cov neeg rau zaub mov orchestration tham nrog NFVIS cov cuab yeej tiag. Lub kaw lus rov qab tuaj yeem muab qhov kev sib tw rau NFVIS cov cuab yeej kom lees paub nws tus kheej thiab lub cuab yeej yuav teb rau qhov kev sib tw siv nws cov SUDI raws li tus kheej. Qhov no tso cai rau lub backend system tsis tsuas yog txheeb xyuas tawm tsam nws cov khoom muag tias cov cuab yeej tsim nyog yog nyob rau hauv qhov chaw, tab sis kuj muab kev teeb tsa encrypted uas tsuas yog qhib tau los ntawm cov cuab yeej tshwj xeeb, yog li ua kom tsis pub lwm tus paub hauv kev thauj mus los.
Cov duab kos duab hauv qab no qhia txog yuav ua li cas NFVIS siv SUDI:

Kev txiav txim siab txog kev nyab xeeb 3

Device Access Figure 1: Plug and Play (PnP) Server authentication

Kev xav txog kev nyab xeeb

Daim duab 2: Plug and Play Device Authentication and Authorization

Ntaus Ntawv
NFVIS muab cov txheej txheem sib txawv xws li console nrog rau cov chaw taws teeb nkag raws li cov txheej txheem xws li HTTPS thiab SSH. Txhua qhov kev siv tshuab yuav tsum ua tib zoo reviewed thiab configured. Xyuas kom tseeb tias tsuas yog cov txheej txheem kev nkag mus rau qhov yuav tsum tau qhib thiab tias lawv raug nyab xeeb zoo. Cov kauj ruam tseem ceeb rau kev ruaj ntseg ob qho tib si sib tham sib thiab tswj kev nkag mus rau NFVIS yog txwv tsis pub siv cov cuab yeej siv tau, txwv tsis pub muaj peev xwm ntawm cov neeg siv tau tso cai rau qhov xav tau, thiab txwv txoj kev tso cai nkag. NFVIS ua kom ntseeg tau tias kev nkag mus tsuas yog tso cai rau cov neeg siv uas tau lees paub thiab lawv tuaj yeem ua raws li kev tso cai nkaus xwb. Cov cuab yeej nkag tau nkag mus rau kev tshuaj xyuas thiab NFVIS ua kom tsis pub lwm tus paub ntawm cov ntaub ntawv khaws cia hauv zos. Nws yog ib qho tseem ceeb los tsim cov kev tswj kom tsim nyog txhawm rau tiv thaiv kev nkag mus rau NFVIS tsis raug cai. Cov ntu hauv qab no piav qhia txog cov kev coj ua zoo tshaj plaws thiab kev teeb tsa kom ua tiav qhov no:
Kev txiav txim siab txog kev nyab xeeb 4

Kev xav txog kev nyab xeeb

Hloov Password thaum xub thawj nkag

Hloov Password thaum xub thawj nkag
Default daim ntawv pov thawj yog ib qho ntawm feem ntau qhov teeb meem ntawm kev ruaj ntseg khoom. Cov neeg siv khoom feem ntau hnov qab hloov pauv cov ntawv pov thawj nkag mus rau hauv lawv lub kaw lus qhib rau kev tawm tsam. Txhawm rau tiv thaiv qhov no, tus neeg siv NFVIS raug yuam kom hloov tus password tom qab thawj zaug nkag mus siv cov ntawv pov thawj tsis raug (username: admin thiab password Admin123#). Yog xav paub ntxiv, saib Accessing NFVIS.
Txwv tsis pub nkag mus rau qhov tsis zoo
Koj tuaj yeem tiv thaiv qhov tsis zoo rau phau ntawv txhais lus thiab Kev Tsis Txaus Siab Kev Pabcuam (DoS) tawm tsam los ntawm kev siv cov yam ntxwv hauv qab no.
Kev tswj hwm tus password muaj zog
Lub authentication mechanism tsuas yog muaj zog raws li nws cov ntaub ntawv pov thawj. Vim li no, nws yog ib qho tseem ceeb kom ntseeg tau tias cov neeg siv muaj cov passwords ruaj khov. NFVIS xyuas tias tus password muaj zog tau teeb tsa raws li cov cai hauv qab no: Tus password yuav tsum muaj:
· Tsawg kawg yog ib tus tsiaj ntawv loj · Tsawg kawg ib tus tsiaj ntawv me · Tsawg kawg ib tus lej · Tsawg kawg yog ib tus cim tshwj xeeb: hash (#), underscore (_), hyphen (-), asterisk (*), lossis lo lus nug
cim (?) · Xya lub cim lossis ntau dua · Tus password ntev yuav tsum nyob nruab nrab ntawm 7 thiab 128 cim.
Configuring Yam tsawg kawg Length rau Passwords
Tsis muaj kev nyuaj ntawm lo lus zais, tshwj xeeb tshaj yog lo lus zais ntev, txo qhov chaw tshawb nrhiav thaum cov neeg tawm tsam sim twv tus neeg siv tus password, ua rau brute-force tawm tsam yooj yim dua. Tus neeg siv admin tuaj yeem teeb tsa qhov ntev yam tsawg kawg nkaus uas xav tau rau tus password ntawm txhua tus neeg siv. Qhov tsawg kawg nkaus ntev yuav tsum nyob nruab nrab ntawm 7 thiab 128 cim. Los ntawm lub neej ntawd, qhov ntev yam tsawg kawg nkaus uas yuav tsum tau muaj rau cov passwords yog teem rau 7 cim. CLI:
nfvis(config)# rbac authentication min-pwd-length 9
API:
/api/config/rbac/authentication/min-pwd-length
Configuring Password Lifetime
Tus password lub neej txiav txim siab ntev npaum li cas tus password siv tau ua ntej tus neeg siv yuav tsum hloov nws.

Kev txiav txim siab txog kev nyab xeeb 5

Txwv tsis pub siv tus password dhau los

Kev xav txog kev nyab xeeb

Tus neeg siv admin tuaj yeem teeb tsa qhov tsawg kawg nkaus thiab qhov siab tshaj plaws hauv lub neej rau tus password rau txhua tus neeg siv thiab tswj hwm txoj cai los xyuas cov txiaj ntsig no. Lub neej ua haujlwm yam tsawg kawg nkaus tus nqi yog teem rau 1 hnub thiab lub neej ntawd tus nqi siab tshaj plaws yog teem rau 60 hnub. Thaum tus nqi tsawg kawg ntawm lub neej raug teeb tsa, tus neeg siv tsis tuaj yeem hloov tus password kom txog thaum lub sijhawm teev tseg. Ib yam li ntawd, thaum tus nqi siab tshaj plaws nyob rau hauv lub neej raug teeb tsa, tus neeg siv yuav tsum hloov tus password ua ntej tus lej teev hnub dhau mus. Yog tias tus neeg siv tsis hloov tus password thiab tus lej teev hnub dhau los, kev ceeb toom raug xa mus rau tus neeg siv.
Nco ntsoov Qhov tsawg kawg nkaus thiab siab kawg ntawm lub neej qhov tseem ceeb thiab txoj cai los kuaj xyuas cov txiaj ntsig no tsis siv rau tus neeg siv admin.
CLI:
configure terminal rbac authentication password-lub neej tswj qhov tseeb min-hnub 2 max-hnub 30 cog lus
API:
/api/config/rbac/authentication/password-lifetime/
Txwv tsis pub siv tus password dhau los
Yog tias tsis muaj kev tiv thaiv kev siv cov ntawv hla dhau los, kev siv tus lej password tsis muaj txiaj ntsig ntau vim tias cov neeg siv tuaj yeem hloov pauv tus lej lej thiab tom qab ntawd hloov nws rov qab mus rau qhov qub. NFVIS tshawb xyuas tias tus password tshiab tsis zoo ib yam li ib qho ntawm 5 tus lej siv yav dhau los. Ib qho kev zam rau txoj cai no yog tias tus neeg siv admin tuaj yeem hloov tus password rau lub neej ntawd lo lus zais txawm tias nws yog ib qho ntawm 5 tus lej siv yav dhau los.
Txwv zaus ntawm kev sim nkag
Yog tias ib tus phooj ywg nyob deb tau tso cai nkag mus rau qhov tsis pub dhau lub sijhawm, nws yuav nws thiaj li tuaj yeem kwv yees cov ntawv pov thawj nkag los ntawm brute force. Txij li cov kab lus feem ntau yooj yim los twv, qhov no yog qhov kev tawm tsam ntau. Los ntawm kev txwv tus nqi ntawm cov phooj ywg tuaj yeem sim nkag mus, peb tiv thaiv qhov kev tawm tsam no. Peb kuj zam kev siv cov peev txheej ntawm qhov tsis tsim nyog rau kev lees paub qhov kev nkag mus rau brute-force uas tuaj yeem tsim qhov Kev Tsis Txaus Siab ntawm Kev Pabcuam nres. NFVIS tswj hwm tus neeg siv 5 feeb kaw tom qab 10 qhov kev sim nkag tsis tau.
Disable inactive user accounts
Saib xyuas cov neeg siv kev ua ub no thiab cuam tshuam cov neeg siv tsis siv lossis tsis siv nyiaj yuav pab ua kom lub kaw lus ruaj ntseg los ntawm kev tawm tsam sab hauv. Cov nyiaj tsis siv yuav tsum tau muab tshem tawm thaum kawg. Tus neeg siv tswj hwm tuaj yeem tswj hwm txoj cai los cim cov neeg siv nyiaj tsis siv neeg ua haujlwm thiab teeb tsa cov hnub tom qab uas tus neeg siv tsis tau siv tus lej cim tias tsis ua haujlwm. Thaum cim tias tsis ua haujlwm, tus neeg siv tsis tuaj yeem nkag mus rau qhov system. Txhawm rau tso cai rau tus neeg siv nkag mus rau qhov system, tus neeg siv admin tuaj yeem qhib tus neeg siv tus account.
Nco ntsoov Lub sijhawm tsis ua haujlwm thiab txoj cai los xyuas lub sijhawm tsis ua haujlwm tsis raug siv rau tus neeg siv admin.

Kev txiav txim siab txog kev nyab xeeb 6

Kev xav txog kev nyab xeeb

Activating Inactive User Account

Cov nram qab no CLI thiab API tuaj yeem siv los teeb tsa kev tswj hwm tus account tsis ua haujlwm. CLI:
configure terminal rbac authentication account-inactivity tswj qhov tseeb inactivity-hnub 30 cog lus
API:
/api/config/rbac/authentication/account-inactivity/
Tus nqi pib rau inactivity-hnub yog 35.
Activating Inactive User Account Tus neeg siv admin tuaj yeem qhib tus account ntawm tus neeg siv tsis siv neeg siv CLI thiab API hauv qab no: CLI:
configure terminal rbac authentication cov neeg siv neeg siv qhua_user qhib kev cog lus
API:
/api/operations/rbac/authentication/users/user/username/activate

Cais teeb tsa ntawm BIOS thiab CIMC Passwords

Table 1: Feature Keeb Kwm Table

Lub npe feature

Tshaj tawm cov ntaub ntawv

Tswj Kev teeb tsa ntawm BIOS thiab CIMC NFVIS 4.7.1 Passwords

Kev piav qhia
Qhov tshwj xeeb no yuam tus neeg siv hloov pauv tus lej password rau CIMC thiab BIOS.

Kev txwv rau Kev Ua Haujlwm ntawm BIOS thiab CIMC Passwords
· Cov yam ntxwv no tsuas yog txhawb nqa ntawm Cisco Catalyst 8200 UCPE thiab Cisco ENCS 5400 platforms.
· Cov yam ntxwv no tsuas yog txhawb nqa ntawm kev teeb tsa tshiab ntawm NFVIS 4.7.1 thiab tom qab tso tawm. Yog tias koj hloov kho los ntawm NFVIS 4.6.1 mus rau NFVIS 4.7.1, qhov no tsis txaus siab thiab koj tsis raug ceeb toom kom rov pib dua BIOS thiab CIMS passwords, txawm tias BIOS thiab CIMC passwords tsis tau teeb tsa.

Cov ntaub ntawv hais txog kev tswj hwm kev teeb tsa ntawm BIOS thiab CIMC Passwords
Qhov no feature hais txog qhov sib txawv ntawm kev ruaj ntseg los ntawm kev tswj hwm qhov rov pib dua ntawm BIOS thiab CIMC passwords tom qab kev teeb tsa tshiab ntawm NFVIS 4.7.1. Lub neej ntawd CIMC password yog lo lus zais thiab lub neej ntawd BIOS lo lus zais tsis muaj lo lus zais.
Txhawm rau txhim kho qhov sib txawv ntawm kev nyab xeeb, koj raug yuam kom teeb tsa BIOS thiab CIMC passwords hauv ENCS 5400. Thaum lub sijhawm nruab tshiab ntawm NFVIS 4.7.1, yog tias BIOS thiab CIMC passwords tsis tau hloov pauv thiab tseem muaj.

Kev txiav txim siab txog kev nyab xeeb 7

Configuration Examples for Enforced Resetting of BIOS and CIMC Passwords

Kev xav txog kev nyab xeeb

lub neej ntawd lo lus zais, ces koj raug ceeb toom kom hloov ob lub BIOS thiab CIMC passwords. Yog tias tsuas yog ib qho ntawm lawv yuav tsum tau pib dua, koj raug ceeb toom kom rov pib dua tus password rau tsuas yog cov khoom ntawd. Cisco Catalyst 8200 UCPE tsuas yog xav tau BIOS lo lus zais nkaus xwb thiab yog li tsuas yog BIOS lo lus zais rov pib dua raug ceeb toom, yog tias nws tsis tau teeb tsa.
Nco ntsoov Yog tias koj hloov kho los ntawm ib qho kev tso tawm yav dhau los rau NFVIS 4.7.1 lossis tom qab tso tawm, koj tuaj yeem hloov pauv BIOS thiab CIMC passwords siv lub hostaction hloov-bios-password newpassword lossis hostaction hloov-cimc-password newpassword commands.
Yog xav paub ntxiv txog BIOS thiab CIMC passwords, saib BIOS thiab CIMC Password.
Configuration Examples for Enforced Resetting of BIOS and CIMC Passwords
1. Thaum koj nruab NFVIS 4.7.1, koj yuav tsum xub pib dua lub neej ntawd admin lo lus zais.
Cisco Network Function Virtualization Infrastructure Software (NFVIS)
NFVIS Version: 99.99.0-1009
Copyright (c) 2015-2021 los ntawm Cisco Systems, Inc. Cisco, Cisco Systems, thiab Cisco Systems logo yog cov cim lag luam ntawm Cisco Systems, Inc. thiab/los yog nws cov koom tes hauv Teb Chaws Asmeskas thiab lwm lub teb chaws.
Cov ntawv tso cai rau qee yam haujlwm uas muaj nyob rau hauv cov software no yog muaj los ntawm lwm tus neeg thib peb thiab siv thiab muab faib raws li daim ntawv tso cai thib peb. Qee yam ntawm cov software no tau tso cai raws li GNU GPL 2.0, GPL 3.0, LGPL 2.1, LGPL 3.0 thiab AGPL 3.0.
admin txuas los ntawm 10.24.109.102 siv ssh ntawm nfvis admin nkag nrog cov ntawv pov thawj tsis raug Thov muab tus password uas txaus siab rau cov hauv qab no:
1.Tseem tsawg kawg ib tug me me cim 2.Tsawg ib tug uppercase cim 3.Tsawg ib tug naj npawb 4.Tsawg ib tug tshwj xeeb cim los ntawm # _ – * ? 5.Length yuav tsum nyob nruab nrab ntawm 7 thiab 128 cim Thov rov pib dua tus password: Thov rov sau tus password:
Rov pib dua tus password admin
2. Ntawm Cisco Catalyst 8200 UCPE thiab Cisco ENCS 5400 platforms thaum koj ua ib qho tshiab nruab NFVIS 4.7.1 los yog tom qab tso tawm, koj yuav tsum hloov lub neej ntawd BIOS thiab CIMC passwords. Yog tias BIOS thiab CIMC passwords tsis tau teeb tsa ua ntej, lub kaw lus ceeb toom koj rov pib dua BIOS thiab CIMC passwords rau Cisco ENCS 5400 thiab tsuas yog BIOS lo lus zais rau Cisco Catalyst 8200 UCPE.
Tus password tshiab tau teeb tsa
Thov muab lub BIOS lo lus zais uas ua tau raws li cov txheej txheem hauv qab no: 1. Tsawg kawg ib tus lej me 2. Tsawg kawg ib tus lej loj 3. Tsawg kawg ib tus lej 4. Tsawg kawg ib tus cim tshwj xeeb los ntawm #, @ lossis _ 5. Ntev yuav tsum nyob nruab nrab ntawm 8 thiab 20 cim 6. Yuav tsum tsis txhob muaj ib qho ntawm cov hlua hauv qab no (case sensitive): bios 7. Thawj tus cim tsis tuaj yeem yog #

Kev txiav txim siab txog kev nyab xeeb 8

Kev xav txog kev nyab xeeb

Txheeb xyuas BIOS thiab CIMC Passwords

Thov rov pib dua BIOS lo lus zais : Thov rov nkag BIOS lo lus zais : Thov muab CIMC lo lus zais uas ua tau raws li cov hauv qab no:
1. Yam tsawg kawg ib tus tsiaj ntawv me 2. Tsawg kawg ib tus tsiaj ntawv loj 3. Tsawg kawg ib tus lej 4. Tsawg kawg ib tus cim tshwj xeeb los ntawm #, @ lossis _ 5. Ntev yuav tsum nyob nruab nrab ntawm 8 thiab 20 tus cim 6. Yuav tsum tsis txhob muaj ib qho ntawm cov hlua hauv qab no (cov ntaub ntawv nkag siab): admin Thov rov pib dua CIMC lo lus zais : Thov rov sau tus password CIMC :

Txheeb xyuas BIOS thiab CIMC Passwords
Txhawm rau txheeb xyuas yog tias BIOS thiab CIMC passwords raug hloov pauv ua tiav, siv lub cim qhia nfvis_config.log | suav nrog BIOS lossis qhia cav nfvis_config.log | suav nrog CIMC cov lus txib:

nfvis# show log nfvis_config.log | suav nrog BIOS

2021-11-16 15:24:40,102 INFO

[hostaction:/system/settings] [] BIOS password hloov

ua tiav

Koj tuaj yeem rub tawm nfvis_config.log file thiab xyuas seb cov passwords puas tau rov pib dua.

Kev koom ua ke nrog lwm tus AAA servers
Cov neeg siv nkag mus rau NFVIS los ntawm ssh lossis cov Web UI. Nyob rau hauv txhua rooj plaub, cov neeg siv yuav tsum tau authenticated. Ntawd yog, tus neeg siv yuav tsum tau nthuav tawm cov ntaub ntawv pov thawj tus password txhawm rau nkag mus.
Thaum tus neeg siv tau lees paub, tag nrho cov haujlwm ua los ntawm tus neeg siv yuav tsum tau tso cai. Ntawd yog, qee cov neeg siv yuav raug tso cai ua qee yam haujlwm, thaum lwm tus tsis yog. Qhov no hu ua kev tso cai.
Nws raug nquahu kom siv lub hauv paus AAA server los tswj hwm ib tus neeg siv, AAA-raws li kev lees paub rau kev nkag mus rau NFVIS. NFVIS txhawb nqa RADIUS thiab TACACS raws tu qauv los kho kom haum xeeb kev nkag mus rau hauv lub network. Ntawm AAA server, tsuas yog cov cai nkag mus tsawg kawg nkaus xwb yuav tsum tau tso cai rau cov neeg siv khoom pov thawj raws li lawv cov kev xav tau tshwj xeeb. Qhov no txo qhov cuam tshuam rau ob qho tib si ua phem thiab tsis txhob xav txog kev nyab xeeb.
Yog xav paub ntxiv txog kev txheeb xyuas sab nraud, saib Configuring RADIUS thiab Configuring a TACACS+ Server.

Authentication Cache rau External Authentication Server

Lub npe feature

Tshaj tawm cov ntaub ntawv

Authentication Cache rau Sab Nraud NFVIS 4.5.1 Authentication Server

Kev piav qhia
Qhov no txhawb nqa TACACS kev lees paub los ntawm OTP ntawm NFVIS portal.

Lub NFVIS portal siv tib lub Ib Sijhawm Password (OTP) rau txhua qhov kev hu API tom qab qhov kev lees paub thawj zaug. API hu tsis tau sai li sai tau thaum OTP tas sij hawm. Qhov no txhawb nqa TACACS OTP authentication nrog NFVIS portal.
Tom qab koj tau ua tiav authenticated los ntawm TACACS neeg rau zaub mov siv OTP, NFVIS tsim ib qho hash nkag siv tus username thiab OTP thiab khaws cov nqi hash no hauv zos. Qhov no hauv zos khaws cia tus nqi hash muaj

Kev txiav txim siab txog kev nyab xeeb 9

Lub luag haujlwm raws li Kev Tswj Xyuas Kev Nkag Mus

Kev xav txog kev nyab xeeb

lub sij hawm tas sij hawm stamp txuam nrog nws. Lub sijhawm stamp muaj tus nqi zoo ib yam li SSH qhov kev sib kho tsis siv sijhawm uas yog 15 feeb. Txhua qhov kev thov authencation txuas ntxiv nrog tib lub npe siv tau lees paub tiv thaiv tus nqi hash hauv zos ua ntej. Yog tias qhov kev lees paub tsis raug nrog cov hash hauv zos, NFVIS txheeb xyuas qhov kev thov no nrog TACACS server thiab tsim cov hash nkag tshiab thaum qhov kev lees paub tiav. Yog tias muaj hash nkag lawm, nws lub sijhawm stamp rov pib dua rau 15 feeb.
Yog tias koj raug tshem tawm ntawm TACACS neeg rau zaub mov tom qab nkag mus rau hauv lub portal tiav, koj tuaj yeem txuas ntxiv siv lub portal kom txog thaum lub hash nkag hauv NFVIS tas sijhawm.
Thaum koj qhia meej tawm ntawm NFVIS lub portal lossis raug rho tawm vim lub sijhawm tsis ua haujlwm, lub portal hu rau API tshiab kom ceeb toom rau NFVIS backend kom yaug cov hash nkag. Cov ntawv pov thawj pov thawj thiab tag nrho nws cov kev nkag tau raug tshem tawm tom qab NFVIS reboot, Hoobkas pib dua, lossis hloov kho dua tshiab.

Lub luag haujlwm raws li Kev Tswj Xyuas Kev Nkag Mus

Kev txwv kev nkag mus rau hauv lub network yog qhov tseem ceeb rau cov koom haum uas muaj ntau tus neeg ua haujlwm, ntiav cov neeg ua haujlwm cog lus lossis tso cai rau cov neeg thib peb, xws li cov neeg siv khoom thiab cov neeg muag khoom. Hauv qhov xwm txheej zoo li no, nws tsis yooj yim los saib xyuas kev nkag mus rau lub network kom zoo. Hloov chaw, nws yog qhov zoo dua los tswj cov khoom siv tau yooj yim, txhawm rau kom ruaj ntseg cov ntaub ntawv thiab cov ntawv thov tseem ceeb.
Lub luag haujlwm-raws li kev tswj hwm (RBAC) yog ib txoj hauv kev txwv kev nkag mus rau hauv lub network raws li lub luag haujlwm ntawm tus neeg siv khoom hauv ib lub lag luam. RBAC cia cov neeg siv nkag mus tsuas yog cov ntaub ntawv lawv xav tau, thiab tiv thaiv lawv los ntawm kev nkag mus rau cov ntaub ntawv uas tsis cuam tshuam rau lawv.
Ib tus neeg ua haujlwm lub luag haujlwm hauv kev lag luam yuav tsum tau siv los txiav txim siab txog kev tso cai, txhawm rau kom ntseeg tau tias cov neeg ua haujlwm uas muaj cai qis dua tuaj yeem nkag tsis tau cov ntaub ntawv rhiab lossis ua cov haujlwm tseem ceeb.
Cov neeg siv lub luag haujlwm thiab cov cai hauv qab no tau txhais hauv NFVIS

Tus neeg siv lub luag haujlwm

Muaj cai

Cov thawj coj

Muaj peev xwm teeb tsa tag nrho cov yam ntxwv muaj thiab ua txhua yam haujlwm nrog rau kev hloov pauv ntawm tus neeg siv lub luag haujlwm. Tus thawj coj tsis tuaj yeem tshem tawm cov txheej txheem yooj yim uas yog qhov tseem ceeb rau NFVIS. Tus Admin tus neeg siv lub luag haujlwm tsis tuaj yeem hloov pauv; nws ib txwm yog "administrator".

Cov neeg ua haujlwm

Yuav Pib thiab nres VM, thiab view txhua yam ntaub ntawv.

Cov kws tshuaj xyuas

Lawv yog cov neeg siv tsawg kawg nkaus. Lawv muaj kev tso cai nyeem nkaus xwb thiab yog li ntawd, tsis tuaj yeem hloov kho ib qho kev teeb tsa.

Cov txiaj ntsig ntawm RBAC
Muaj ntau cov txiaj ntsig rau kev siv RBAC txwv tsis pub nkag mus rau hauv lub network raws li tib neeg lub luag haujlwm hauv ib lub koom haum, suav nrog:
· Txhim kho kev ua haujlwm zoo.
Muaj lub luag haujlwm tau hais ua ntej hauv RBAC ua rau nws yooj yim kom suav nrog cov neeg siv tshiab nrog cov cai tsim nyog lossis hloov lub luag haujlwm ntawm cov neeg siv uas twb muaj lawm. Nws kuj txo qis qhov muaj peev xwm ua yuam kev thaum cov neeg siv kev tso cai raug tso cai.
· Txhim kho kev ua raws cai.

Kev txiav txim siab txog kev nyab xeeb 10

Kev xav txog kev nyab xeeb

Lub luag haujlwm raws li Kev Tswj Xyuas Kev Nkag Mus

Txhua lub koom haum yuav tsum ua raws li cov cai hauv zos, xeev thiab tseem fwv. Cov tuam txhab feem ntau nyiam siv RBAC cov txheej txheem kom ua tau raws li kev tswj hwm thiab kev cai lij choj rau kev ceev ntiag tug thiab kev ceev ntiag tug vim tias cov thawj coj thiab IT cov tuam haujlwm tuaj yeem tswj hwm cov ntaub ntawv nkag mus thiab siv tau zoo dua li cas. Qhov no yog qhov tseem ceeb tshwj xeeb rau cov tuam txhab nyiaj txiag thiab cov tuam txhab kho mob uas tswj hwm cov ntaub ntawv rhiab heev.
· Txo cov nqi. Los ntawm kev tsis tso cai rau cov neeg siv nkag mus rau qee cov txheej txheem thiab cov ntawv thov, cov tuam txhab yuav txuag lossis siv cov peev txheej xws li network bandwidth, nco thiab khaws cia kom muaj txiaj ntsig zoo.
· Txo kev pheej hmoo ntawm kev ua txhaum cai thiab cov ntaub ntawv tawm. Kev siv RBAC txhais tau tias txwv tsis pub nkag mus rau cov ntaub ntawv rhiab, yog li txo cov peev txheej ntawm cov ntaub ntawv ua txhaum cai lossis cov ntaub ntawv tawm.
Cov kev coj ua zoo tshaj plaws rau kev tswj hwm kev siv lub luag haujlwm · Raws li tus thawj tswj hwm, txiav txim siab cov npe ntawm cov neeg siv thiab muab cov neeg siv rau lub luag haujlwm ua ntej. Rau example, tus neeg siv "networkadmin" tuaj yeem tsim thiab ntxiv rau pawg neeg siv "administrators".
configure terminal rbac authentication cov neeg siv tsim-tus neeg siv lub npe networkadmin password Test1_pass lub luag haujlwm cov thawj coj ua txhaum
Nco ntsoov Cov pab pawg neeg siv lossis lub luag haujlwm yog tsim los ntawm qhov system. Koj tsis tuaj yeem tsim lossis hloov kho pawg neeg siv. Txhawm rau hloov tus password, siv rbac authentication cov neeg siv cov neeg siv hloov-password hais kom ua hauv hom kev teeb tsa thoob ntiaj teb. Txhawm rau hloov tus neeg siv lub luag haujlwm, siv rbac authentication cov neeg siv cov neeg siv hloov pauv lub luag haujlwm hais kom ua hauv hom kev teeb tsa thoob ntiaj teb.
· Tshem tawm cov nyiaj rau cov neeg siv uas tsis xav tau kev nkag mus ntxiv lawm.
configure terminal rbac authentication cov neeg siv rho tawm-tus neeg siv lub npe xeem1
· Ib ntus ua kev tshuaj xyuas los ntsuam xyuas lub luag haujlwm, cov neeg ua haujlwm uas tau muab rau lawv thiab kev nkag tau uas tau tso cai rau txhua lub luag haujlwm. Yog tias tus neeg siv pom tias muaj qhov tsis tsim nyog nkag mus rau qee qhov system, hloov tus neeg siv lub luag haujlwm.
Yog xav paub ntxiv, saib, Cov Neeg Siv, Lub Luag Haujlwm, thiab Kev lees paub
Granular Role-Based Access Control Pib los ntawm NFVIS 4.7.1, Granular Role-Based Access Control feature tau qhia. Qhov tshwj xeeb no ntxiv ib txoj cai tshiab pab pawg neeg tswj hwm VM thiab VNF thiab tso cai rau koj muab cov neeg siv rau ib pab pawg tswj hwm VNF nkag mus, thaum lub sijhawm VNF xa mus. Yog xav paub ntxiv, saib Granular Role-Based Access Control.

Kev txiav txim siab txog kev nyab xeeb 11

Txwv tsis pub nkag mus siv tau

Kev xav txog kev nyab xeeb

Txwv tsis pub nkag mus siv tau
Cov neeg siv tau rov raug ntes tsis paub los ntawm kev tawm tsam cov yam ntxwv uas lawv tsis tau tiv thaiv vim lawv tsis paub tias cov yam ntxwv no tau qhib. Cov kev pabcuam uas tsis siv yuav raug tso tseg nrog cov kev teeb tsa uas tsis muaj kev nyab xeeb ib txwm muaj. Cov kev pabcuam no kuj tseem yuav siv cov passwords qub. Qee qhov kev pabcuam tuaj yeem muab tus neeg tawm tsam nkag tau yooj yim rau cov ntaub ntawv ntawm lub server tab tom ua haujlwm lossis teeb tsa lub network li cas. Cov ntu hauv qab no piav qhia txog yuav ua li cas NFVIS zam kev pheej hmoo kev nyab xeeb:

Attack vector txo
Txhua daim software tuaj yeem muaj qhov tsis zoo rau kev nyab xeeb. Ntau software txhais tau tias ntau txoj hauv kev rau kev tawm tsam. Txawm hais tias tsis muaj qhov tsis zoo rau pej xeem paub thaum lub sijhawm suav nrog, qhov tsis zoo yuav raug tshawb pom lossis nthuav tawm yav tom ntej. Txhawm rau zam cov xwm txheej zoo li no, tsuas yog cov pob software uas tseem ceeb rau NFVIS kev ua haujlwm raug teeb tsa. Qhov no yuav pab txo qis qhov tsis zoo ntawm software, txo cov peev txheej siv, thiab txo cov haujlwm ntxiv thaum pom muaj teeb meem nrog cov pob ntawd. Tag nrho cov software thib peb suav nrog hauv NFVIS tau sau npe rau ntawm lub hauv paus database hauv Cisco kom Cisco muaj peev xwm ua tau raws li lub tuam txhab cov lus teb (Txoj Cai, Kev Ruaj Ntseg, thiab lwm yam). Cov pob khoom software tau raug kho raws sijhawm nyob rau hauv txhua qhov kev tso tawm kom paub txog Kev Tiv Thaiv Kev Tiv Thaiv thiab Tiv Thaiv (CVEs).

Ua kom tsuas yog cov chaw nres nkoj tseem ceeb los ntawm lub neej ntawd

Tsuas yog cov kev pabcuam uas tsim nyog rau kev teeb tsa thiab tswj NFVIS yog muaj los ntawm lub neej ntawd. Qhov no tshem tawm cov neeg siv dag zog uas xav tau los teeb tsa firewalls thiab tsis kam nkag mus rau cov kev pabcuam tsis tsim nyog. Cov kev pabcuam nkaus xwb uas tau qhib los ntawm lub neej ntawd tau teev tseg hauv qab no nrog rau cov chaw nres nkoj uas lawv qhib.

Qhib Chaw nres nkoj

Kev pabcuam

Kev piav qhia

22 / TSO

SSH

Secure Socket Plhaub rau tej thaj chaw deb command-line nkag mus rau NFVIS

80 / TSO

HTTP

Hypertext Transfer Protocol rau NFVIS portal nkag. Txhua HTTP tsheb tau txais los ntawm NFVIS raug xa mus rau chaw nres nkoj 443 rau HTTPS

443 / TSO

HTTPS

Hypertext Transfer Protocol Secure kom ruaj ntseg NFVIS portal nkag

830 / TSO

NETCONF-ssh

Chaw nres nkoj qhib rau Network Configuration Protocol (NETCONF) dhau SSH. NETCONF yog cov txheej txheem siv rau kev teeb tsa ntawm NFVIS thiab tau txais cov ntawv ceeb toom asynchronous tshwm sim los ntawm NFVIS.

161/ PAB

SNMP

Yooj Yim Network Management Protocol (SNMP). Siv los ntawm NFVIS los sib txuas lus nrog tej thaj chaw deb network-saib daim ntawv thov. Yog xav paub ntxiv mus saib, Taw Qhia txog SNMP

Kev txiav txim siab txog kev nyab xeeb 12

Kev xav txog kev nyab xeeb

Txwv tsis pub nkag mus rau Kev Tso Cai Network Rau Cov Kev Pabcuam Tso Cai

Tsuas yog cov neeg tsim khoom tau tso cai yuav tsum tau tso cai rau txawm tias sim tswj cov cuab yeej siv, thiab kev nkag yuav tsum tsuas yog rau cov kev pabcuam uas lawv tau tso cai siv. NFVIS tuaj yeem teeb tsa xws li kev nkag mus tau txwv rau cov paub paub, ntseeg siab thiab xav tau kev tswj hwm kev tsheb khiav profiles. Qhov no yuav txo tau qhov kev pheej hmoo ntawm kev nkag mus tsis raug cai thiab raug rau lwm yam kev tawm tsam, xws li brute force, phau ntawv txhais lus, lossis DoS tawm tsam.
Txhawm rau tiv thaiv NFVIS kev tswj hwm kev cuam tshuam los ntawm qhov tsis tsim nyog thiab muaj peev xwm ua rau muaj kev phom sij, tus neeg siv admin tuaj yeem tsim Access Control Lists (ACLs) rau cov tsheb khiav hauv network uas tau txais. Cov ACLs no qhia txog qhov chaw IP chaw nyob / network los ntawm cov tsheb thauj mus los, thiab hom tsheb uas tau tso cai lossis tsis lees paub los ntawm cov peev txheej no. Cov kev lim dej IP no tau siv rau txhua qhov kev tswj xyuas ntawm NFVIS. Cov kev txwv hauv qab no tau teeb tsa hauv IP tau txais Daim Ntawv Tswj Xyuas Kev Ruaj Ntseg (ip-receive-acl)

Parameter

Tus nqi

Kev piav qhia

Qhov chaw network / Netmask

Network/netmask. Rau example: 0.0.0.0/0
172.39.162.0/24

Daim teb no qhia txog tus IP chaw nyob / network los ntawm cov tsheb thauj mus los

Kev Ua Haujlwm

https icmp netconf scpd snmp ssh lees txais tsis lees paub

Hom kev khiav tsheb los ntawm qhov chaw teev tseg.
Kev nqis tes ua yuav tsum tau ua ntawm kev khiav tsheb los ntawm lub hauv paus network. Nrog kev lees txais, kev sim tshiab txuas yuav raug tso cai. Nrog kev tsis lees paub, kev sim sib txuas yuav tsis raug lees txais. Yog tias txoj cai yog rau TCP raws li kev pabcuam xws li HTTPS, NETCONF, SCP, SSH, qhov chaw yuav tau txais TCP rov pib dua (RST) pob ntawv. Rau cov kev cai tsis-TCP xws li SNMP thiab ICMP, pob ntawv yuav raug muab tso tseg. Nrog kev poob, tag nrho cov pob ntawv yuav poob tam sim ntawd, tsis muaj cov ntaub ntawv xa mus rau qhov chaw.

Kev txiav txim siab txog kev nyab xeeb 13

Muaj cai Debug Access

Kev xav txog kev nyab xeeb

Qhov tseem ceeb Parameter

Tus nqi A tus nqi tus lej

Kev piav qhia
Qhov tseem ceeb yog siv los tswj kev txiav txim ntawm cov cai. Cov cai uas muaj tus lej ntau dua rau qhov tseem ceeb yuav raug ntxiv rau hauv cov saw hlau. Yog tias koj xav kom paub tseeb tias txoj cai yuav raug ntxiv tom qab lwm tus, siv tus lej tseem ceeb qis rau thawj zaug thiab tus lej tseem ceeb dua rau cov hauv qab no.

Cov nram qab no sample configurations qhia txog qee qhov xwm txheej uas tuaj yeem hloov kho rau qee qhov kev siv tshwj xeeb.
Configuring tus IP txais ACL
Qhov kev txwv ntau dua ACL, ntau qhov txwv tsis pub nkag mus rau qhov tsis tau tso cai. Txawm li cas los xij, ACL txwv ntau tuaj yeem tsim kev tswj hwm nyiaj siv ua haujlwm, thiab tuaj yeem cuam tshuam kev nkag mus rau kev daws teeb meem. Yog li ntawd, muaj qhov sib npaug los txiav txim siab. Ib qho kev cuam tshuam yog txwv tsis pub nkag mus rau cov chaw nyob hauv tuam txhab IP nkaus xwb. Txhua tus neeg siv khoom yuav tsum ntsuas qhov kev siv ntawm ACLs cuam tshuam nrog lawv tus kheej txoj cai kev nyab xeeb, kev pheej hmoo, raug, thiab kev lees paub ntawm qhov ntawd.
Tsis lees txais ssh kev khiav tsheb los ntawm subnet:

nfvis(config)# system settings ip-receive-acl 171.70.63.0/24 kev pabcuam ssh kev txiav txim tsis lees txais qhov tseem ceeb 1

Tshem tawm ACLs:
Thaum ib qho nkag raug rho tawm ntawm ip-receive-acl, tag nrho cov kev teeb tsa rau qhov chaw raug tshem tawm vim qhov chaw nyob IP yog tus yuam sij. Txhawm rau rho tawm ib qho kev pabcuam, teeb tsa lwm cov kev pabcuam dua.

nfvis(config)# tsis muaj kev teeb tsa ip-receive-acl 171.70.63.0/24
Yog xav paub ntxiv saib, Configuring IP Txais ACL
Muaj cai Debug Access
Tus super-user account ntawm NFVIS yog neeg xiam oob qhab los ntawm lub neej ntawd, txhawm rau tiv thaiv txhua yam tsis muaj kev txwv, muaj feem cuam tshuam, kev hloov pauv thoob ntiaj teb thiab NFVIS tsis nthuav tawm lub plhaub rau tus neeg siv.
Txawm li cas los xij, rau qee qhov nyuaj rau kev daws teeb meem ntawm NFVIS system, Cisco Technical Assistance Center team (TAC) lossis pab pawg txhim kho yuav xav tau lub plhaub nkag mus rau cov neeg siv khoom NFVIS. NFVIS muaj kev ruaj ntseg qhib kev ruaj ntseg los xyuas kom meej tias muaj cai debug nkag mus rau ib lub cuab yeej hauv thaj teb raug txwv rau cov neeg ua haujlwm tso cai Cisco. Txhawm rau nkag mus rau lub plhaub Linux kom ruaj ntseg rau hom kev sib tham sib debugging no, qhov kev sib tw- teb kev lees paub qhov tseeb yog siv los ntawm NFVIS thiab Interactive debugging server tswj los ntawm Cisco. Tus neeg siv tus password tseem xav tau ntxiv rau qhov kev sib tw- teb nkag mus kom paub meej tias cov cuab yeej nkag tau nrog tus neeg siv khoom pom zoo.
Cov kauj ruam nkag mus rau lub plhaub rau kev sib tham sib Debugging:
1. Tus neeg siv admin pib cov txheej txheem no siv cov lus txib zais.

nfvis# system shell-access

Kev txiav txim siab txog kev nyab xeeb 14

Kev xav txog kev nyab xeeb

Ruaj ntseg Interfaces

2. Lub vijtsam yuav qhia txoj hlua sib tw, piv txwv liample:
Challenge String (Thov luam txhua yam ntawm cov kab hnub qub tshwj xeeb):
******************************************************************************** SPH//wkAAABORlZJU0VOQ1M1NDA4L0s5AQAAABt+dcx+hB0V06r9RkdMMjEzNTgw RlHq7BxeAAA= DONE. ********************************************************************************
3. Tus tswvcuab Cisco nkag mus rau txoj hlua sib tw ntawm kev sib tham sib Debug server tswj los ntawm Cisco. Cov neeg rau zaub mov no txheeb xyuas tias cov neeg siv Cisco tau tso cai rau debug NFVIS siv lub plhaub, thiab tom qab ntawd rov qab cov lus teb.
4. Nkag mus rau txoj hlua teb ntawm qhov screen hauv qab no qhov kev ceeb toom: Nkag mus rau koj cov lus teb thaum npaj:
5. Thaum prompted, tus neeg siv yuav tsum sau tus password admin. 6. Koj tau txais lub plhaub nkag yog tias tus password siv tau. 7. Kev tsim kho lossis pab pawg TAC siv lub plhaub los ua qhov kev debugging. 8. Txhawm rau tawm lub plhaub-txiav hom Exit.
Ruaj ntseg Interfaces
NFVIS kev tswj xyuas kev nkag tau raug tso cai siv cov interfaces qhia hauv daim duab. Cov ntu hauv qab no piav qhia txog kev coj ua zoo tshaj plaws ntawm kev nyab xeeb rau cov kev cuam tshuam no rau NFVIS.

Console SSH

Qhov chaw nres nkoj console yog qhov chaw nres nkoj asynchronous uas tso cai rau koj txuas mus rau NFVIS CLI rau kev teeb tsa thawj zaug. Tus neeg siv tuaj yeem nkag mus rau lub console nrog lub cev nkag mus rau NFVIS lossis kev nkag mus rau thaj chaw deb los ntawm kev siv lub davhlau ya nyob twg server. Yog tias console nkag nkag mus tau los ntawm lub davhlau ya nyob twg server, teeb tsa cov npe nkag rau ntawm lub davhlau ya nyob twg server kom tso cai nkag tau tsuas yog los ntawm qhov chaw nyob xav tau.
Cov neeg siv tuaj yeem nkag mus rau NFVIS CLI los ntawm kev siv SSH raws li kev ruaj ntseg ntawm kev nkag mus rau tej thaj chaw deb. Kev ncaj ncees thiab tsis pub leej twg paub ntawm NFVIS kev tswj xyuas tsheb yog qhov tseem ceeb rau kev ruaj ntseg ntawm kev tswj hwm network txij li cov txheej txheem tswj hwm nquag nqa cov ntaub ntawv uas tuaj yeem siv los nkag lossis cuam tshuam lub network.

Kev txiav txim siab txog kev nyab xeeb 15

CLI Session timeout

Kev xav txog kev nyab xeeb

NFVIS siv SSH version 2, uas yog Cisco's thiab Internet's de facto tus qauv raws tu qauv rau kev sib tham sib nkag mus thiab txhawb nqa muaj zog encryption, hash, thiab qhov tseem ceeb pauv algorithms pom zoo los ntawm Security thiab Trust Organization nyob rau hauv Cisco.

CLI Session timeout
Los ntawm kev nkag mus ntawm SSH, tus neeg siv tsim kev sib tham nrog NFVIS. Thaum tus neeg siv nkag mus rau hauv, yog tias tus neeg siv tawm hauv qhov kev sib tham tsis muaj kev saib xyuas, qhov no tuaj yeem ua rau lub network muaj kev pheej hmoo nyab xeeb. Session kev ruaj ntseg txwv qhov kev pheej hmoo ntawm kev tawm tsam sab hauv, xws li ib tus neeg siv sim siv lwm tus neeg siv kev sib kho.
Txhawm rau txo qhov kev pheej hmoo no, NFVIS ncua sijhawm CLI ntu tom qab 15 feeb ntawm kev tsis ua haujlwm. Thaum lub sij hawm kev sib kho yog mus txog, tus neeg siv yuav txiav tawm.

NETCONF

Network Configuration Protocol (NETCONF) yog Network Management raws tu qauv tsim thiab qauv tsim los ntawm IETF rau kev teeb tsa ntawm cov khoom siv hauv network.
NETCONF raws tu qauv siv Extensible Markup Language (XML) raws li cov ntaub ntawv encoding rau cov ntaub ntawv configuration nrog rau cov lus raws tu qauv. Cov kab lus raws tu qauv tau sib pauv nyob rau sab saum toj ntawm cov txheej txheem thauj khoom ruaj ntseg.
NETCONF tso cai rau NFVIS nthuav tawm XML-raws li API uas tus neeg siv lub network tuaj yeem siv los teeb tsa thiab tau txais cov ntaub ntawv teeb tsa thiab cov ntawv ceeb toom xwm txheej ruaj ntseg ntawm SSH.
Yog xav paub ntxiv mus saib, NETCONF Kev Ceeb Toom Txog Kev Ceeb Toom.

REST API

NFVIS tuaj yeem teeb tsa siv RESTful API dhau HTTPS. REST API tso cai rau cov kev thov kom nkag mus thiab tswj hwm NFVIS kev teeb tsa los ntawm kev siv cov txheej txheem tsis sib xws thiab tau teev ua ntej ntawm kev ua haujlwm tsis muaj neeg nyob. Cov ntsiab lus ntawm txhua qhov REST APIs tuaj yeem pom nyob rau hauv NFVIS API Reference phau ntawv qhia.
Thaum tus neeg siv teeb tsa REST API, kev sib kho tau tsim nrog NFVIS. Txhawm rau txwv tsis pub muaj kev pheej hmoo cuam tshuam txog kev tsis lees txais kev pabcuam kev tawm tsam, NFVIS txwv tag nrho cov kev sib koom ua ke REST rau 100.

NFVIS Web Portal
NFVIS portal yog a web-based Graphical User Interface uas qhia cov ntaub ntawv hais txog NFVIS. Lub portal nthuav qhia tus neeg siv nrog txoj kev yooj yim los teeb tsa thiab saib xyuas NFVIS dhau HTTPS yam tsis tas yuav paub NFVIS CLI thiab API.

Session Management
Qhov xwm txheej tsis muaj lub xeev ntawm HTTP thiab HTTPS yuav tsum muaj ib txoj hauv kev los taug qab cov neeg siv los ntawm kev siv cov cim ID thiab cov ncuav qab zib.
NFVIS encrypts tus neeg siv lub sijhawm. AES-256-CBC cipher yog siv los encrypt cov ntsiab lus sib tham nrog HMAC-SHA-256 authentication tag. Ib qho random 128-ntsis Initialization Vector yog tsim rau txhua txoj haujlwm encryption.
Cov ntaub ntawv txheeb xyuas tau pib thaum lub rooj sib tham portal raug tsim. Cov ntaub ntawv Session raug tshem tawm thaum tus neeg siv tawm lossis thaum lub sijhawm sib kho.
Lub sijhawm ua haujlwm tsis ua haujlwm rau lub sijhawm portal yog 15 feeb. Txawm li cas los xij, qhov no tuaj yeem teeb tsa rau qhov kev sib kho tam sim no rau tus nqi ntawm 5 thiab 60 feeb ntawm nplooj ntawv Chaw. Auto-logout yuav pib tom qab qhov no

Kev txiav txim siab txog kev nyab xeeb 16

Kev xav txog kev nyab xeeb

HTTPS

lub sij hawm. Ntau qhov kev sib tham tsis raug tso cai hauv ib lub browser. Qhov siab tshaj plaws ntawm cov kev sib ntsib sib tham yog teem rau 30. NFVIS portal siv cov ncuav qab zib los koom nrog cov ntaub ntawv nrog tus neeg siv. Nws siv cov khoom qab zib hauv qab no txhawm rau txhim kho kev ruaj ntseg:
· ephemeral los xyuas kom meej lub ncuav qab zib tas sij hawm thaum lub browser kaw · httpTsuas yog ua kom cov ncuav qab zib nkag tsis tau los ntawm JavaScript · secureProxy kom paub meej tias cov ncuav qab zib tsuas yog xa mus rau SSL.
Txawm tias tom qab kev lees paub tseeb, kev tawm tsam xws li Hla-Site Request Forgery (CSRF) tuaj yeem ua tau. Hauv qhov xwm txheej no, tus neeg siv kawg tuaj yeem ua tsis tau raws li qhov xav tau ntawm ib qho web daim ntawv thov uas lawv nyob nraum tam sim no authenticated. Txhawm rau tiv thaiv qhov no, NFVIS siv CSRF tokens kom siv tau txhua REST API uas tau thov thaum txhua qhov kev sib tham.
URL Redirection nyob rau hauv typical web servers, thaum ib nplooj ntawv tsis pom ntawm lub web server, tus neeg siv tau txais 404 cov lus; rau nplooj ntawv uas muaj, lawv tau txais nplooj ntawv nkag. Qhov cuam tshuam txog kev nyab xeeb ntawm qhov no yog tias tus neeg tawm tsam tuaj yeem ua qhov brute force scan thiab yooj yim txheeb xyuas cov nplooj ntawv twg thiab cov folders muaj nyob. Txhawm rau tiv thaiv qhov no ntawm NFVIS, txhua yam tsis muaj nyob URLs prefixed nrog lub cuab yeej IP raug xa mus rau nplooj ntawv nkag mus rau nplooj ntawv nrog 301 cov xwm txheej teb chaws. Qhov no txhais tau tias tsis hais txog ntawm URL thov los ntawm tus neeg tawm tsam, lawv yuav ib txwm tau txais nplooj ntawv nkag mus rau kev lees paub lawv tus kheej. Txhua HTTP server thov raug xa mus rau HTTPS thiab muaj cov hauv qab no teeb tsa:
· X-Cov ntsiab lus-Type-Options · X-XSS-Kev Tiv Thaiv · Cov Ntsiab Lus-Kev Ruaj Ntseg-Txoj Cai · X-Frame-Options · Kev Thauj Mus Los-Security · Cache-Control
Disabling lub Portal Lub NFVIS portal nkag tau los ntawm lub neej ntawd. Yog tias koj tsis npaj siv lub portal, nws raug nquahu kom lov tes taw portal siv cov lus txib no:
Configure terminal System portal access disabled commit
Txhua HTTPS cov ntaub ntawv mus rau thiab los ntawm NFVIS siv Transport Layer Security (TLS) los sib txuas lus thoob plaws lub network. TLS yog tus ua tiav rau Secure Socket Layer (SSL).

Kev txiav txim siab txog kev nyab xeeb 17

HTTPS

Kev xav txog kev nyab xeeb
Kev tuav tes TLS suav nrog kev lees paub thaum lub sijhawm tus neeg siv khoom tshawb xyuas tus neeg rau zaub mov SSL daim ntawv pov thawj nrog rau daim ntawv pov thawj txoj cai uas muab nws. Qhov no lees paub tias tus neeg rau zaub mov yog leej twg nws hais tias nws yog, thiab tus neeg siv khoom cuam tshuam nrog tus tswv ntawm tus sau. Los ntawm lub neej ntawd, NFVIS siv daim ntawv pov thawj tus kheej kos npe los ua pov thawj nws tus kheej rau nws cov neeg siv khoom. Daim ntawv pov thawj no muaj 2048-ntsis tus yuam sij rau pej xeem kom muaj kev ruaj ntseg ntawm TLS encryption, vim hais tias lub zog encryption yog ncaj qha ntsig txog tus yuam sij loj.
Certificate Management NFVIS tsim ib daim ntawv pov thawj SSL tus kheej kos npe thaum xub thawj. Nws yog qhov kev nyab xeeb zoo tshaj plaws los hloov daim ntawv pov thawj no nrog daim ntawv pov thawj siv tau kos npe los ntawm Daim Ntawv Pov Thawj Ua Haujlwm (CA). Siv cov kauj ruam hauv qab no los hloov daim ntawv pov thawj tus kheej kos npe tsis zoo: 1. Tsim Daim Ntawv Pov Thawj Kos Npe Thov (CSR) ntawm NFVIS.
Daim ntawv thov kos npe (CSR) yog a file nrog ib qho thaiv ntawm cov ntawv encoded uas tau muab rau Certificate Authority thaum thov rau SSL Certificate. Qhov no file muaj cov ntaub ntawv uas yuav tsum tau muab tso rau hauv daim ntawv pov thawj xws li lub koom haum lub npe, hom npe (npe npe), thaj chaw, thiab lub teb chaws. Cov file kuj muaj tus yuam sij pej xeem uas yuav tsum tau muab tso rau hauv daim ntawv pov thawj. NFVIS siv 2048-ntsis tus yuam sij rau pej xeem txij li lub zog encryption siab dua nrog qhov loj dua qhov tseem ceeb. Txhawm rau tsim CSR ntawm NFVIS, khiav cov lus txib hauv qab no:
nfvis# system daim ntawv pov thawj kos npe-thov [hom-lub npe lub teb chaws-code cheeb tsam lub koom haum koom haum-unit-name xeev] Lub CSR file yog khaws cia li /data/intdatastore/download/nfvis.csr. . 2. Tau txais daim ntawv pov thawj SSL los ntawm CA siv CSR. Los ntawm tus tswv tsev sab nraud, siv cov lus txib scp mus rub tawm Daim Ntawv Pov Thawj Sau Npe Thov.
[myhost:/tmp] > scp -P 22222 admin@ :/data/intdatastore/download/nfvis.csrfile-npe>
Hu rau daim ntawv pov thawj txoj cai los muab daim ntawv pov thawj SSL server tshiab siv CSR no. 3. Nruab daim ntawv pov thawj CA Signed.
Los ntawm ib tus neeg rau zaub mov sab nraud, siv cov lus txib scp los upload daim ntawv pov thawj file rau hauv NFVIS rau cov ntaub ntawv / intdatastore/uploads/ phau ntawv.
[myhost:/tmp] > scp -P 22222 file> admin@ :/data/intdatastore/uploads
Nruab daim ntawv pov thawj hauv NFVIS siv cov lus txib hauv qab no.
nfvis# system certificate install-cert path file///data/intdatastore/uploads/<certificate file>
4. Hloov mus siv daim ntawv pov thawj CA Signed. Siv cov lus txib hauv qab no kom pib siv daim ntawv pov thawj CA kos npe tsis yog daim ntawv pov thawj tus kheej kos npe.

Kev txiav txim siab txog kev nyab xeeb 18

Kev xav txog kev nyab xeeb

SNMP Access

nfvis(config)# daim ntawv pov thawj system siv-cert cert-type ca-signed

SNMP Access

Yooj Yim Network Management Protocol (SNMP) yog Internet Standard raws tu qauv rau kev sau thiab teeb tsa cov ntaub ntawv hais txog cov cuab yeej tswj hwm ntawm IP tes hauj lwm, thiab hloov kho cov ntaub ntawv los hloov cov cwj pwm ntawm cov cuab yeej.
Peb qhov tseem ceeb ntawm SNMP tau tsim. NFVIS txhawb nqa SNMP version 1, version 2c thiab version 3. SNMP versions 1 thiab 2 siv cov hlua hauv zej zog rau kev lees paub, thiab cov no raug xa mus rau hauv cov ntawv dawb. Yog li, nws yog qhov kev nyab xeeb zoo tshaj plaws los siv SNMP v3 hloov.
SNMPv3 muab kev ruaj ntseg nkag mus rau cov khoom siv los ntawm kev siv peb yam: - cov neeg siv, kev lees paub, thiab kev nkag mus. SNMPv3 siv USM (User-based Security Module) los tswj kev nkag mus rau cov ntaub ntawv muaj nyob ntawm SNMP. Tus neeg siv SNMP v3 tau teeb tsa nrog hom kev lees paub, hom kev ceev ntiag tug nrog rau cov lus hla. Txhua tus neeg siv sib koom ib pab pawg siv tib lub SNMP version, txawm li cas los xij, qhov tshwj xeeb kev ruaj ntseg theem teeb tsa (password, encryption type, thiab lwm yam) tau teev tseg rau ib tus neeg siv.
Cov lus hauv qab no qhia txog cov kev xaiv kev nyab xeeb hauv SNMP

Qauv

Qib

Kev lees paub tseeb

Encyption

Qhov tshwm sim

noAuthNoPriv

Community String No

Siv lub zej zog

txoj hlua match rau

kev lees paub.

v2c ua

noAuthNoPriv

Community String No

Siv cov hlua khi hauv zej zog rau kev lees paub.

noAuthNoPriv

Tus neeg siv lub npe

Tsis muaj

Siv tus username

phim rau

kev lees paub.

authNoPriv

Message Digest 5 No

Muab

(MD5)

authentication raws

ntawm HMAC-MD5-96 los yog

Ruaj ntseg Hash

HMAC-SHA-96

Algorithm (SHA)

algorithms.

Kev txiav txim siab txog kev nyab xeeb 19

Cov ntawv ceeb toom kev cai lij choj

Kev xav txog kev nyab xeeb

Qauv v3

Level authPriv

Authentication MD5 los yog SHA

Encyption

Qhov tshwm sim

Cov ntaub ntawv encryption muab

Standard (DES) los yog authentication raws li

Advanced

ntawm

Encryption Standard HMAC-MD5-96 los yog

(AES)

HMAC-SHA-96

algorithms.

Muab DES Cipher algorithm hauv Cipher Block Chaining Hom (CBC-DES)

AES encryption algorithm siv hauv Cipher FeedBack Hom (CFB), nrog 128-ntsis qhov tseem ceeb loj (CFB128-AES-128)

Txij li thaum nws tau txais los ntawm NIST, AES tau dhau los ua qhov tseem ceeb encryption algorithm thoob plaws hauv kev lag luam. Txhawm rau ua raws li kev lag luam kev tsiv teb tsaws chaw deb ntawm MD5 thiab mus rau SHA, nws yog qhov kev nyab xeeb zoo tshaj plaws los teeb tsa SNMP v3 authentication raws tu qauv raws li SHA thiab kev ceev ntiag tug raws li AES.
Yog xav paub ntxiv txog SNMP saib, Taw qhia txog SNMP

Cov ntawv ceeb toom kev cai lij choj
Nws raug pom zoo tias daim ntawv ceeb toom kev cai lij choj muaj nyob rau hauv txhua qhov kev sib tham sib tham kom ntseeg tau tias cov neeg siv tau ceeb toom txog txoj cai tswj hwm kev nyab xeeb thiab lawv raug. Hauv qee qhov kev txiav txim siab, kev foob pej xeem thiab / lossis kev foob txhaum cai ntawm tus neeg tawm tsam uas cuam tshuam rau hauv lub kaw lus yooj yim dua, lossis txawm tias yuav tsum tau, yog tias daim ntawv ceeb toom kev cai lij choj tau nthuav tawm, qhia rau cov neeg siv tsis tau tso cai tias lawv siv qhov tseeb tsis raug tso cai. Hauv qee lub tebchaws, nws kuj tseem yuav raug txwv tsis pub saib xyuas cov haujlwm ntawm tus neeg siv tsis tau tso cai tshwj tsis yog lawv tau ceeb toom txog lub hom phiaj ua li ntawd.
Kev ceeb toom kev cai lij choj yog qhov nyuaj thiab sib txawv hauv txhua qhov kev txiav txim siab thiab qhov xwm txheej. Txawm nyob hauv txoj cai lij choj, kev xav txog kev cai lij choj sib txawv. Sib tham txog qhov teeb meem no nrog koj tus kws lij choj kom paub meej tias daim ntawv ceeb toom banner ua tau raws li lub tuam txhab, hauv zos, thiab thoob ntiaj teb cov cai. Qhov no feem ntau yog qhov tseem ceeb rau kev ruaj ntseg tsim nyog thaum muaj kev ua txhaum cai ruaj ntseg. Hauv kev koom tes nrog lub tuam txhab kws lij choj, cov lus hais uas tuaj yeem suav nrog hauv daim ntawv ceeb toom kev cai lij choj suav nrog:
· Kev ceeb toom tias kev nkag mus thiab siv yog tso cai los ntawm cov neeg ua haujlwm tshwj xeeb, thiab tej zaum cov ntaub ntawv hais txog leej twg yuav tso cai siv.
· Kev ceeb toom tias kev nkag mus thiab siv tsis raug cai yog txhaum cai, thiab tej zaum yuav raug nplua rau pej xeem thiab/lossis raug nplua.
· Kev ceeb toom tias kev nkag mus thiab siv lub kaw lus yuav raug kaw lossis saib xyuas yam tsis muaj kev ceeb toom ntxiv, thiab cov ntaub ntawv tshwm sim tuaj yeem raug siv los ua pov thawj hauv tsev hais plaub.
· Cov ntawv ceeb toom tshwj xeeb ntxiv uas yuav tsum tau muaj los ntawm cov cai hauv zos tshwj xeeb.

Kev txiav txim siab txog kev nyab xeeb 20

Kev xav txog kev nyab xeeb

Factory Default Reset

Los ntawm kev ruaj ntseg es tsis yog ib qho kev cai lij choj ntawm view, daim ntawv ceeb toom kev cai lij choj yuav tsum tsis muaj cov ntaub ntawv tshwj xeeb txog lub cuab yeej, xws li nws lub npe, qauv, software, qhov chaw, tus neeg teb xov tooj lossis tus tswv vim tias cov ntaub ntawv zoo li no yuav muaj txiaj ntsig zoo rau tus neeg tawm tsam.
Cov hauv qab no yog raws liample txoj cai ceeb toom banner uas tuaj yeem tshwm sim ua ntej nkag mus:
TSIS TXAUS SIAB RAU HAUV DAIM NTAWV THOV TSIS TXAUS SIAB Koj yuav tsum muaj kev tso cai meej, tso cai nkag mus lossis teeb tsa lub cuab yeej no. Tsis tso cai sim thiab ua kom nkag los yog siv
cov kab ke no yuav ua rau muaj kev nplua rau pej xeem thiab/lossis raug nplua. Tag nrho cov dej num uas tau ua nyob rau hauv lub cuab yeej no raug kaw thiab saib xyuas

Nco ntsoov nthuav tawm daim ntawv ceeb toom kev cai lij choj pom zoo los ntawm tuam txhab kws lij choj.
NFVIS tso cai rau kev teeb tsa ntawm banner thiab Message of the Day (MOTD). Lub banner tau tshwm sim ua ntej tus neeg siv nkag rau hauv. Thaum tus neeg siv nkag rau hauv NFVIS, lub system-txhais chij muab cov ntaub ntawv pov thawj txog NFVIS, thiab cov lus-ntawm-lub-hnub (MOTD), yog teeb tsa, yuav tshwm sim, ua raws li. cov kab hais kom ua los yog portal view, nyob ntawm tus txheej txheem nkag.
Nws raug nquahu kom siv lub login banner los xyuas kom meej tias daim ntawv ceeb toom kev cai lij choj tau nthuav tawm ntawm txhua qhov kev tswj hwm kev nkag mus rau ntu ua ntej nkag mus rau qhov qhia. Siv cov lus txib no los teeb tsa tus chij thiab MOTD.
nfvis(config)# banner-motd banner lus motd
Yog xav paub ntxiv txog cov lus txib banner, saib Configure Banner, Message of the day and System Time.

Factory Default Reset
Factory Reset tshem tawm tag nrho cov neeg siv khoom tshwj xeeb cov ntaub ntawv uas tau ntxiv rau lub cuab yeej txij li lub sijhawm xa khoom. Cov ntaub ntawv erased muaj xws li configurations, log files, VM cov duab, cov ntaub ntawv sib txuas, thiab cov ntaub ntawv pov thawj ntawm tus neeg siv.
Nws muab ib qho kev hais kom rov pib dua lub cuab yeej rau lub Hoobkas-thawj chaw, thiab muaj txiaj ntsig zoo hauv cov xwm txheej hauv qab no:
· Daim Ntawv Tso Cai Xa Rov Qab (RMA) rau ib lub cuab yeej-Yog tias koj yuav tsum xa rov qab ib lub cuab yeej rau Cisco rau RMA, siv Factory Default reset kom tshem tawm tag nrho cov ntaub ntawv tshwj xeeb rau cov neeg siv khoom.
· Rov qab tau ib lub cuab yeej raug cuam tshuam – Yog tias cov khoom tseem ceeb lossis cov ntaub ntawv pov thawj khaws cia rau ntawm lub cuab yeej raug cuam tshuam, rov pib lub cuab yeej rau lub Hoobkas teeb tsa thiab tom qab ntawd rov kho lub cuab yeej.
· Yog tias tib lub cuab yeej yuav tsum tau rov siv dua ntawm qhov chaw sib txawv nrog kev teeb tsa tshiab, ua Factory Default reset kom tshem tawm cov kev teeb tsa uas twb muaj lawm thiab coj mus rau lub xeev huv.

NFVIS muab cov kev xaiv hauv qab no nyob rau hauv Hoobkas rov pib dua:

Factory Reset Option

Cov ntaub ntawv Erased

Cov ntaub ntawv khaws cia

tag nrho

Tag nrho cov configuration, uploaded duab Tus admin account yog khaws cia thiab

files, VMs thiab logs.

tus password yuav raug hloov mus rau qhov

Kev sib txuas rau lub cuab yeej yuav yog lub Hoobkas pib lo lus zais.

poob.

Kev txiav txim siab txog kev nyab xeeb 21

Infrastructure Management Network

Kev xav txog kev nyab xeeb

Factory Reset Option tag nrho-tsuas yog-duab
tag nrho-tsuas yog-cov duab-kev sib txuas
kev tsim khoom

Cov ntaub ntawv Erased

Cov ntaub ntawv khaws cia

Tag nrho cov configuration tsuas yog duab Duab configuration, sau npe

configuration, VMs, thiab uploaded dluab thiab cav

duab files.

Tus account admin tau khaws cia thiab

Kev sib txuas rau lub cuab yeej yuav yog tus password yuav raug hloov mus rau

poob.

Hoobkas default password.

Tag nrho cov kev teeb tsa tshwj tsis yog duab, Duab, network thiab kev sib txuas

network thiab kev sib txuas

hais txog configuration, sau npe

configuration, VMs, thiab uploaded dluab, thiab cav.

duab files.

Tus account admin tau khaws cia thiab

Kev sib txuas rau lub cuab yeej yog

yav tas los configured admin

muaj.

password yuav raug khaws cia.

Txhua qhov kev teeb tsa tshwj tsis yog kev teeb tsa duab, VMs, upload duab files, thiab log.
Kev sib txuas rau lub cuab yeej yuav ploj.

Duab hais txog configuration thiab sau npe dluab
Tus account admin tau khaws cia thiab tus password yuav raug hloov mus rau lub Hoobkas default password.

Tus neeg siv yuav tsum xaiv qhov kev xaiv tsim nyog ua tib zoo raws li lub hom phiaj ntawm Factory Default rov pib dua. Yog xav paub ntxiv, saib Resetting to Factory Default.

Infrastructure Management Network
Ib qho kev tswj hwm kev lag luam yog hais txog lub network nqa kev tswj thiab tswj lub dav hlau khiav tsheb (xws li NTP, SSH, SNMP, syslog, thiab lwm yam) rau cov khoom siv hauv vaj tse. Cov cuab yeej siv tau tuaj yeem dhau los ntawm console, nrog rau los ntawm Ethernet interfaces. Qhov kev tswj hwm thiab kev tswj hwm lub dav hlau no yog qhov tseem ceeb rau kev ua haujlwm hauv network, muab kev pom zoo rau hauv thiab tswj lub network. Yog li ntawd, ib tug zoo-tsim thiab ruaj ntseg infrastructure tswj network yog ib qho tseem ceeb rau tag nrho cov kev ruaj ntseg thiab kev khiav hauj lwm ntawm ib tug network. Ib qho ntawm cov lus pom zoo tseem ceeb rau kev tswj hwm kev ruaj ntseg network yog kev sib cais ntawm kev tswj hwm thiab cov ntaub ntawv kev khiav tsheb txhawm rau txhawm rau xyuas kom muaj kev tswj xyuas chaw taws teeb txawm tias nyob rau hauv kev thauj khoom siab thiab kev tsheb loj. Qhov no tuaj yeem ua tiav nrog kev tswj hwm kev tswj hwm tshwj xeeb.
Cov hauv qab no yog Infrastructure tswj network kev siv txoj hauv kev:
Kev tswj tsis pub dhau
Ib qho Kev Tswj Xyuas Tawm Tawm (OOB) kev tswj hwm network muaj lub network uas muaj kev ywj pheej thiab lub cev sib txawv ntawm cov ntaub ntawv network uas nws pab tswj. Qhov no kuj qee zaum hu ua Data Communications Network (DCN). Cov khoom siv network tuaj yeem txuas rau OOB network hauv ntau txoj hauv kev: NFVIS txhawb nqa kev tswj hwm kev sib txuas uas tuaj yeem siv los txuas rau OOB network. NFVIS tso cai rau kev teeb tsa ntawm lub cev sib txuas ua ntej, MGMT chaw nres nkoj ntawm ENCS, raws li kev tswj hwm kev sib koom tes. Kev txwv kev tswj cov pob ntawv rau kev xaiv interfaces muab kev tswj hwm ntau dua rau kev tswj hwm lub cuab yeej, yog li muab kev ruaj ntseg ntau dua rau cov cuab yeej ntawd. Lwm cov txiaj ntsig suav nrog kev txhim kho kev ua tau zoo rau cov ntaub ntawv pob khoom ntawm kev tswj tsis tau cuam tshuam, kev txhawb nqa rau kev sib txuas hauv network,

Kev txiav txim siab txog kev nyab xeeb 22

Kev xav txog kev nyab xeeb

Pseudo tawm-ntawm-band Management

xav tau tsawg dua cov npe tswj hwm (ACLs) txhawm rau txwv kev nkag mus rau lub cuab yeej, thiab tiv thaiv cov pob ntawv tswj dej nyab los ntawm kev ncav cuag CPU. Cov khoom siv network kuj tseem tuaj yeem txuas rau OOB network ntawm cov ntaub ntawv tshwj xeeb interfaces. Hauv qhov no, ACLs yuav tsum tau siv los xyuas kom meej tias kev tswj xyuas kev khiav tsheb tsuas yog ua haujlwm los ntawm kev sib koom tes. Yog xav paub ntxiv, saib Configuring IP Txais ACL thiab Chaw nres nkoj 22222 thiab Management Interface ACL.
Pseudo tawm-ntawm-band Management
Lub pseudo out-of-band tswj network siv tib lub cev kev tsim kho raws li cov ntaub ntawv network tab sis muab kev sib cais sib cais los ntawm kev sib cais virtual ntawm kev khiav tsheb, los ntawm kev siv VLANs. NFVIS txhawb nqa tsim VLANs thiab txuas txuas virtual los pab txheeb xyuas cov chaw sib txawv ntawm cov tsheb khiav thiab sib cais ntawm VMs. Muaj cov choj sib cais thiab VLANs cais lub tshuab virtual network cov ntaub ntawv kev khiav tsheb thiab kev tswj xyuas network, yog li muab kev sib faib tsheb khiav ntawm VMs thiab tus tswv tsev. Yog xav paub ntxiv mus saib Configuring VLAN rau NFVIS Management Traffic.
In-band Management
Ib qho kev tswj hwm hauv-band siv tib lub cev thiab cov kev xav tau raws li cov ntaub ntawv khiav. Thaum kawg, qhov kev tsim network no xav tau kev txheeb xyuas ib tus neeg siv khoom ntawm kev pheej hmoo piv rau cov txiaj ntsig thiab cov nqi. Qee qhov kev txiav txim siab dav dav suav nrog:
· Ib qho kev tswj hwm OOB nyob ib puag ncig ua kom pom kev pom thiab tswj hwm lub network txawm tias muaj xwm txheej cuam tshuam.
· Kev xa xov hluav taws xob hauv xov tooj los ntawm OOB network txo txoj hauv kev rau kev cuam tshuam ntawm cov ntaub ntawv tseem ceeb uas muab qhov tseem ceeb rau kev pom.
· In-band tswj kev nkag mus rau hauv network infrastructure, hosts, thiab lwm yam yog yooj yim los ua kom tiav thaum lub network teeb meem, tshem tawm tag nrho cov network visibility thiab tswj. Tsim nyog QoS tswj yuav tsum tau muab tso rau hauv qhov chaw kom txo tau qhov tshwm sim no.
· NFVIS nta interfaces uas muaj nplooj siab rau kev tswj cov cuab yeej, suav nrog serial console ports thiab Ethernet tswj interfaces.
· Ib qho kev tswj hwm OOB feem ntau tuaj yeem siv los ntawm tus nqi tsim nyog, txij li kev tswj hwm kev sib txuas hauv network tsis feem ntau xav tau cov bandwidth siab lossis cov cuab yeej ua haujlwm siab, thiab tsuas yog xav tau qhov chaw nres nkoj txaus los txhawb kev sib txuas rau txhua qhov khoom siv hauv tsev.
Kev Tiv Thaiv Cov Ntaub Ntawv Hauv Zos
Tiv thaiv cov ntaub ntawv rhiab heev
NFVIS khaws qee cov ntaub ntawv rhiab hauv zos, suav nrog cov passwords thiab zais cia. Cov passwords feem ntau yuav tsum tau khaws cia thiab tswj los ntawm lub hauv paus AAA server. Txawm li cas los xij, txawm tias lub hauv paus AAA server raug xa mus, qee qhov chaw khaws cov password hauv zos yuav tsum muaj rau qee qhov xwm txheej xws li kev poob hauv zos hauv cov ntaub ntawv ntawm AAA servers tsis muaj, tshwj xeeb-siv usernames, thiab lwm yam. Cov passwords hauv zos no thiab lwm yam rhiab heev.

Kev txiav txim siab txog kev nyab xeeb 23

File Hloov

Kev xav txog kev nyab xeeb

cov ntaub ntawv raug khaws cia rau ntawm NFVIS raws li hashes kom nws tsis tuaj yeem rov qab tau cov ntaub ntawv pov thawj qub los ntawm lub kaw lus. Hashing yog qhov kev lag luam lees paub dav dav.

File Hloov
Files uas tej zaum yuav tsum tau xa mus rau NFVIS li muaj xws li VM duab thiab NFVIS upgrade files. Kev ruaj ntseg hloov ntawm files yog qhov tseem ceeb rau kev ruaj ntseg network infrastructure. NFVIS txhawb nqa Secure Copy (SCP) kom muaj kev ruaj ntseg ntawm file hloov. SCP tso siab rau SSH kom muaj kev lees paub thiab kev thauj mus los, ua kom muaj kev nyab xeeb thiab muaj pov thawj ntawm kev luam tawm. files.
Ib daim qauv ruaj ntseg los ntawm NFVIS yog pib los ntawm scp hais kom ua. Cov ntawv luam ruaj ntseg (scp) cov lus txib tso cai rau tus neeg siv tsuas yog tus neeg siv los luam kom ruaj ntseg files los ntawm NFVIS mus rau ib qho chaw sab nraud, lossis los ntawm ib qho chaw sab nraud rau NFVIS.
Lub syntax rau scp hais kom ua yog:
scp
Peb siv chaw nres nkoj 22222 rau NFVIS SCP server. Los ntawm lub neej ntawd, qhov chaw nres nkoj no raug kaw thiab cov neeg siv tsis tuaj yeem ruaj ntseg luam files rau hauv NFVIS los ntawm tus neeg siv khoom sab nraud. Yog xav tau SCP a file los ntawm tus neeg siv khoom sab nraud, tus neeg siv tuaj yeem qhib qhov chaw nres nkoj siv:
kev teeb tsa ip-receive-acl (chaw nyob) / (mask lenth) kev pabcuam scpd qhov tseem ceeb (tus lej) kev lees txais
cog lus
Txhawm rau tiv thaiv cov neeg siv los ntawm kev nkag mus rau cov npe ntawm cov kab ke, cov ntawv luam ruaj ntseg tuaj yeem ua rau lossis los ntawm intdatastore:, extdatastore1:, extdatastore2:, usb: thiab nfs:, yog tias muaj. Kev ruaj ntseg daim ntawv kuj tseem tuaj yeem ua los ntawm cov cav: thiab techsupport:

Kev sau npe

NFVIS nkag mus thiab teeb tsa kev hloov pauv tau nkag mus rau hauv cov ntawv txheeb xyuas los sau cov ntaub ntawv hauv qab no: · Leej twg nkag mus rau lub cuab yeej · Thaum twg tus neeg siv nkag mus · Tus neeg siv tau ua dab tsi ntawm tus tswv tsev teeb tsa thiab VM lub neej voj voog · Thaum twg tus neeg siv teev npe off · nkag tsis tau tejyam · thov tsis tau authentication thov · tsis tau ntawv tso cai thov
Cov ntaub ntawv no yog qhov muaj txiaj ntsig zoo rau kev soj ntsuam kev tshawb fawb hauv qhov xwm txheej tsis tau tso cai los yog nkag mus, nrog rau cov teeb meem kev hloov pauv thiab los pab npaj cov kev hloov pauv hauv pab pawg. Nws kuj tseem tuaj yeem siv lub sijhawm tiag tiag los txheeb xyuas cov haujlwm tsis zoo uas yuav qhia tau tias muaj kev tawm tsam. Qhov kev txheeb xyuas no tuaj yeem cuam tshuam nrog cov ntaub ntawv los ntawm lwm qhov chaw sab nraud, xws li IDS thiab cov ntawv teev hluav taws xob.

Kev txiav txim siab txog kev nyab xeeb 24

Kev xav txog kev nyab xeeb

Kev ruaj ntseg tshuab Virtual

Tag nrho cov xwm txheej tseem ceeb ntawm NFVIS raug xa mus raws li cov xwm txheej ceeb toom rau NETCONF cov neeg siv khoom thiab ua syslogs rau cov kev teeb tsa hauv nruab nrab kev nkag mus rau servers. Yog xav paub ntxiv txog syslog cov lus thiab cov ntawv ceeb toom tshwm sim, saib Cov Ntawv Ntxiv.
Kev ruaj ntseg tshuab Virtual
Tshooj lus no piav qhia txog kev ruaj ntseg yam ntxwv ntsig txog kev tso npe, xa tawm thiab kev ua haujlwm ntawm Virtual Machine ntawm NFVIS.
VNF ruaj ntseg khau raj
NFVIS txhawb nqa Open Virtual Machine Firmware (OVMF) kom pab UEFI ruaj ntseg khau raj rau Virtual Machines uas txhawb kev ruaj ntseg khau raj. VNF Ruaj Ntseg khau raj txheeb xyuas tias txhua txheej ntawm VM khau raj software tau kos npe, suav nrog bootloader, lub operating system kernel, thiab cov tsav tsheb khiav haujlwm.

Yog xav paub ntxiv mus saib, Secure Boot of VNFs.
VNC Console Access Protection
NFVIS tso cai rau tus neeg siv los tsim Virtual Network Computing (VNC) kev sib ntsib kom nkag mus rau VM lub chaw taws teeb desktop. Txhawm rau ua qhov no, NFVIS dynamically qhib qhov chaw nres nkoj uas tus neeg siv tuaj yeem txuas tau siv lawv web browser. Qhov chaw nres nkoj no tsuas yog qhib rau 60 vib nas this rau tus neeg rau zaub mov sab nraud los pib kev sib tham rau VM. Yog tias tsis pom kev ua haujlwm nyob rau lub sijhawm no, qhov chaw nres nkoj raug kaw. Tus naj npawb chaw nres nkoj tau muab dynamically thiab yog li tso cai tsuas yog ib zaug nkag mus rau VNC console.
nfvis# vncconsole pib deployment-name 1510614035 vm-name ROUTER vncconsole-url :6005/vnc_auto.html
taw tes koj tus browser mus rau https:// :6005/vnc_auto.html yuav txuas rau ROUTER VM's VNC console.
Kev txiav txim siab txog kev nyab xeeb 25

Encrypted VM config cov ntaub ntawv sib txawv

Kev xav txog kev nyab xeeb

Encrypted VM config cov ntaub ntawv sib txawv
Thaum lub sij hawm VM xa mus, tus neeg siv muab ib hnub-0 configuration file rau VM. Qhov no file tuaj yeem muaj cov ntaub ntawv tseem ceeb xws li passwords thiab cov yuam sij. Yog tias cov ntaub ntawv no tau dhau los ua cov ntawv ntshiab, nws tshwm hauv lub cav files thiab cov ntaub ntawv hauv cov ntaub ntawv hauv cov ntawv ntshiab. Cov yam ntxwv no tso cai rau tus neeg siv tuaj yeem chij cov ntaub ntawv hloov pauv hloov pauv raws li qhov xav tau kom nws cov txiaj ntsig tau encrypted siv AES-CFB-128 encryption ua ntej nws khaws cia lossis dhau mus rau hauv subsystems.
Yog xav paub ntxiv mus saib, VM Deployment Parameters.
Checksum pov thawj rau Remote Image Registration
Txhawm rau sau npe VNF duab nyob deb, tus neeg siv qhia nws qhov chaw. Cov duab yuav tsum tau rub tawm los ntawm ib qho chaw sab nraud, xws li NFS server lossis HTTPS server chaw taws teeb.
Kom paub yog tias downloaded file muaj kev ruaj ntseg rau nruab, nws yog ib qho tseem ceeb los sib piv cov file's checksum ua ntej siv nws. Kev txheeb xyuas cov checksum pab xyuas kom meej tias cov file tsis tau corrupted thaum lub sij hawm network kis tau tus mob, los yog hloov los ntawm ib tug phem thib peb tog ua ntej koj downloaded nws.
NFVIS txhawb nqa cov checksum thiab checksum_algorithm xaiv rau cov neeg siv los muab cov kev xav tau checksum thiab checksum algorithm (SHA256 lossis SHA512) siv los txheeb xyuas cov checksum ntawm cov duab rub tawm. Cov duab tsim ua tsis tiav yog tias cov checksum tsis phim.
Certification Validation rau Remote Image Registration
Txhawm rau sau npe VNF duab nyob rau ntawm HTTPS server, cov duab yuav tsum tau rub tawm los ntawm cov chaw taws teeb HTTPS server. Txhawm rau rub tawm cov duab no kom ruaj ntseg, NFVIS txheeb xyuas daim ntawv pov thawj SSL ntawm server. Tus neeg siv yuav tsum tau qhia txog txoj kev mus rau daim ntawv pov thawj file los yog PEM hom ntawv pov thawj cov ntsiab lus los pab kom qhov kev nyab xeeb download no.
Cov ntsiab lus ntxiv tuaj yeem nrhiav tau ntawm Tshooj ntawm daim ntawv pov thawj validation rau kev sau npe duab
VM Isolation thiab Resource provisioning
Network Function Virtualization (NFV) architecture muaj xws li:
· Virtualized network functions (VNFs), uas yog Virtual Machines khiav software applications uas xa network functionality xws li router, firewall, load balancer, thiab hais txog.
· Network functions virtualization infrastructure, uas muaj xws li infrastructure Cheebtsam – xam, nco, cia, thiab networking, nyob rau hauv ib tug platform uas yuav tsum tau cov software thiab hypervisor.
Nrog NFV, network functions yog virtualized kom ntau lub zog tuaj yeem khiav ntawm ib tus neeg rau zaub mov. Yog li ntawd, yuav tsum muaj tsawg dua cov cuab yeej siv lub cev, tso cai rau kev sib sau ua ke. Nyob rau hauv ib puag ncig no, nws yog qhov tseem ceeb los simulate cov peev txheej rau ntau VNFs los ntawm ib qho, lub cev kho vajtse. Siv NFVIS, VMs tuaj yeem xa mus rau hauv kev tswj hwm xws li txhua VM tau txais cov peev txheej uas nws xav tau. Cov peev txheej tau muab faib raws li xav tau los ntawm lub cev ib puag ncig mus rau ntau qhov chaw virtual. Tus kheej VM tus thawj tswj hwm raug cais tawm yog li lawv sib cais, sib txawv, thiab muaj kev nyab xeeb ib puag ncig, uas tsis sib cav sib ceg rau cov peev txheej sib koom.
VMs tsis tuaj yeem siv cov peev txheej ntau dua li qhov muab. Qhov no zam qhov Kev Tsis Pom Zoo ntawm Kev Pabcuam los ntawm ib tus VM siv cov peev txheej. Raws li qhov tshwm sim, CPU, nco, network thiab khaws cia raug tiv thaiv.

Kev txiav txim siab txog kev nyab xeeb 26

Kev xav txog kev nyab xeeb
Kev rho tawm CPU

Kev rho tawm CPU

NFVIS system reserves cores rau cov software infrastructure khiav ntawm tus tswv tsev. Lwm cov cores yog muaj rau kev xa tawm VM. Qhov no tau lees paub tias VM qhov kev ua tau zoo tsis cuam tshuam rau NFVIS tus tswv tsev ua haujlwm. Tsawg-latency VMs NFVIS qhia meej meej muab cov cores tshwj xeeb rau qis latency VMs uas tau xa mus rau nws. Yog tias VM xav tau 2 vCPUs, nws tau muab 2 cores tshwj xeeb. Qhov no tiv thaiv kev sib koom thiab oversubscription ntawm cores thiab lav qhov ua tau zoo ntawm VMs qis. Yog tias tus naj npawb ntawm cov cores muaj tsawg dua li cov vCPUs thov los ntawm lwm qhov qis-latency VM, kev xa tawm raug tiv thaiv vim peb tsis muaj peev txheej txaus. Tsis tshua muaj latency VMs NFVIS muab cov CPUs sib koom rau cov tsis tshua muaj latency VMs. Yog tias VM xav tau 2 vCPUs, nws tau muab 2 CPUs. Cov 2 CPUs no tau sib koom nrog lwm yam tsis muaj latency VMs. Yog tias tus naj npawb ntawm cov CPUs muaj tsawg dua li cov vCPUs thov los ntawm lwm qhov tsis tshua muaj latency VM, kev xa tawm tseem raug tso cai vim tias VM no yuav qhia CPU nrog cov uas twb muaj lawm uas tsis muaj latency VMs.
Kev faib Memory
NFVIS Infrastructure xav tau qee qhov kev nco. Thaum VM raug xa mus, muaj ib qho kev kuaj xyuas kom ntseeg tau tias lub cim xeeb muaj tom qab khaws cia lub cim xeeb xav tau rau kev tsim kho vaj tse thiab yav tas los siv VMs, txaus rau VM tshiab. Peb tsis pub lub cim xeeb oversubscription rau VMs.
Kev txiav txim siab txog kev nyab xeeb 27

Kev rho tawm cia
VMs tsis raug tso cai nkag ncaj qha rau tus tswv tsev file system thiab cia.
Kev rho tawm cia

Kev xav txog kev nyab xeeb

Lub ENCS platform txhawb ib qho chaw khaws ntaub ntawv sab hauv (M2 SSD) thiab sab nraud disks. NFVIS tau teeb tsa rau ntawm qhov chaw khaws ntaub ntawv sab hauv. VNFs kuj tuaj yeem xa mus rau ntawm qhov chaw khaws ntaub ntawv sab hauv. Nws yog qhov kev nyab xeeb zoo tshaj plaws los khaws cov neeg siv khoom cov ntaub ntawv thiab xa cov neeg siv khoom siv Virtual Machine rau sab nraud disks. Muaj lub cev cais disks rau lub system files vs daim ntawv thov files pab tiv thaiv cov ntaub ntawv kaw lus los ntawm kev noj nyiaj txiag thiab teeb meem kev nyab xeeb.
·
Interface Isolation
Ib qho hauv paus I/O Virtualization lossis SR-IOV yog qhov tshwj xeeb uas tso cai rau kev sib cais ntawm PCI Express (PCIe) cov peev txheej xws li Ethernet chaw nres nkoj. Siv SR-IOV ib qho chaw nres nkoj Ethernet tuaj yeem ua kom pom ntau yam, cais, lub cev lub cev hu ua Virtual Functions. Tag nrho cov khoom siv VF ntawm lub adapter ntawd qhia tib lub cev lub cev chaw nres nkoj. Ib tus qhua tuaj yeem siv ib lossis ntau dua ntawm Cov Haujlwm Virtual. Lub Virtual Function tshwm rau tus qhua raws li daim npav network, tib yam li daim npav network ib txwm yuav tshwm sim rau lub operating system. Virtual Functions muaj qhov ua tau zoo nyob ze thiab muab kev ua tau zoo dua li cov tsav tsheb sib tw thiab kev nkag mus rau emulated. Virtual Functions muab cov ntaub ntawv tiv thaiv ntawm cov qhua ntawm tib lub cev neeg rau zaub mov raws li cov ntaub ntawv raug tswj thiab tswj los ntawm cov khoom siv. NFVIS VNFs tuaj yeem siv SR-IOV tes hauj lwm los txuas rau WAN thiab LAN Backplane chaw nres nkoj.
Kev txiav txim siab txog kev nyab xeeb 28

Kev xav txog kev nyab xeeb

Kev Ruaj Ntseg Kev Txhim Kho Lub Neej

Txhua tus VM no muaj lub vev xaib virtual thiab nws cov peev txheej cuam tshuam ua tiav cov ntaub ntawv tiv thaiv ntawm VMs.
Kev Ruaj Ntseg Kev Txhim Kho Lub Neej
NFVIS ua raws li Kev Ruaj Ntseg Kev Txhim Kho Lub Neej (SDL) rau software. Qhov no yog cov txheej txheem rov ua dua, ntsuas tau tsim los txo qhov tsis zoo thiab txhim kho kev nyab xeeb thiab rov ua haujlwm ntawm Cisco cov kev daws teeb meem. Cisco SDL siv cov kev coj ua hauv kev lag luam thiab thev naus laus zis los tsim cov kev daws teeb meem uas ntseeg siab uas muaj tsawg dua kev tshawb pom cov khoom lag luam kev nyab xeeb. Txhua NFVIS tso tawm mus dhau cov txheej txheem hauv qab no.
· Ua raws li Cisco-sab hauv thiab kev lag luam-raws li Cov Khoom Siv Kev Ruaj Ntseg · Sau npe 3rd tog software nrog lub hauv paus repository ntawm Cisco rau qhov tsis zoo taug qab · Periodically patching software nrog paub kho rau CVEs. · Tsim software nrog Kev Ruaj Ntseg hauv siab · Ua raws li kev nyab xeeb coding xws li kev siv cov kev ruaj ntseg zoo xws li CiscoSSL, khiav
Kev soj ntsuam zoo li qub thiab siv cov ntaub ntawv pov thawj rau kev tiv thaiv kev txhaj tshuaj, thiab lwm yam

Kev txiav txim siab txog kev nyab xeeb 29

Kev Ruaj Ntseg Kev Txhim Kho Lub Neej

Kev xav txog kev nyab xeeb

Kev txiav txim siab txog kev nyab xeeb 30

Cov ntaub ntawv / Cov ntaub ntawv

CISCO Enterprise Network Function Virtualization Infrastructure Software [ua pdf] Cov neeg siv phau ntawv qhia
Enterprise Network Function Virtualization Infrastructure Software, Enterprise, Network Function Virtualization Infrastructure Software, Virtualization Infrastructure Software, Infrastructure Software

Cov ntaub ntawv

Cov neeg siv phau ntawv

Enterprise Network Function Virtualization Infrastructure Software

Cov ntaub ntawv khoom

Specifications

Kev xav txog kev nyab xeeb

Kev teeb tsa

Ruaj ntseg khau raj

Kev Ruaj Ntseg Cim Ntaus Ntaus Ntaus (SUDI)

FAQ

Q: NFVIS yog dab tsi?

Q: Kuv tuaj yeem txheeb xyuas qhov tseeb ntawm NFVIS ISO duab lossis
upgrade duab?

Q: Puas yog kev ruaj ntseg khau raj qhib los ntawm lub neej ntawd ntawm ENCS?

Q: Lub hom phiaj ntawm SUDI hauv NFVIS yog dab tsi?

Cov ntaub ntawv / Cov ntaub ntawv

Cov ntaub ntawv

Cia ib saib

Ncua tseg teb

Enterprise Network Function Virtualization Infrastructure Software

Cov ntaub ntawv khoom

Specifications

Kev xav txog kev nyab xeeb

Kev teeb tsa

Ruaj ntseg khau raj

Kev Ruaj Ntseg Cim Ntaus Ntaus Ntaus (SUDI)

FAQ

Q: NFVIS yog dab tsi?

Q: Kuv tuaj yeem txheeb xyuas qhov tseeb ntawm NFVIS ISO duab lossis upgrade duab?

Q: Puas yog kev ruaj ntseg khau raj qhib los ntawm lub neej ntawd ntawm ENCS?

Q: Lub hom phiaj ntawm SUDI hauv NFVIS yog dab tsi?

Cov ntaub ntawv / Cov ntaub ntawv

Cov ntaub ntawv

Related Posts

Cia ib saib

Ncua tseg teb

Q: Kuv tuaj yeem txheeb xyuas qhov tseeb ntawm NFVIS ISO duab lossis
upgrade duab?