Isolation of corporate local area networks using server virtualization

Abstract

Secure enterprises have Local Area Networks (LANs) that store and process sensitive data that should not be accessed from outside. At the same time, no modern enterprise can successfully function without a LAN which provides the Internet access for the computers of the sales department, technical support service and E-mail server. In order to ensure information security, these two network segments are usually physically isolated from each other by means of exception of any cable interconnections. Enterprises with high demands for server uptime use server virtualization, which requires connecting physical servers to disk storage of virtual server image files. When highly reliable servers are needed only in one of two independent corporate network segments, the cost of creating such a server cluster is reasonable and fast paying off. But when a company encounters the need to place a small but highly reliable server into another network segment, the following problem arises: only server cluster with expensive components can provide the required reliability, but to solve the tasks assigned to the new server, the cluster computing capacity would be too high, and deploying of a cluster would be extremely costly and economically unjustified. On the other hand, the required computing capacity for a new server would be taken from the existing server cluster by creating a new virtual server without any expenses. However, in such case it is necessary to ensure isolation of the new virtual server from the network segment the physical hosts servers are connected to. The article examines the methods of configuring the LAN that allow to isolate virtual and physical servers at the network level. The authors also consider the episode when it is necessary to transfer files between the two computers located in the LAN segments isolated from each other and gives the appropriate solution.