TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 137
be members of different security zones on a single TMS zl Module. The traffic that the
module was designed to control would already have traversed the transoceanic links
before the TMS zl Module security controls could examine or enforce any protection
policies. Therefore, to properly protect the traffic, a TMS zl Module would be required at
the edge of each continental geographical region’s network in order to accomplish the
intention of the security control design. This high-level design is illustrated in Figure12.
11.3 High Availability
Multiple TMS zl Modules are inherent within the definition of High Availability (HA).
The current release supports two TMS zl Modules clustered together in Active-Standby
configuration. It is not necessary for the two modules forming the HA cluster to be
contained within the same chassis as they use multicasting to maintain their intra-cluster
network communications.
The clear advantage of an HA configuration is to provide for automated failover of a
module in the event of a hardware problem with the module itself or the host chassis.
This can ensure high performance and operational continuity of the TMS zl Module
provided security functions with minimal downtime.
Although specific HA design are not included in this document, it is important to present
some topics for consideration that should be included when performing a TMS zl Module
HA cluster design or implementation. More detailed discussion on HA design and
implementation can be found in Section 8 of the HP ProCurve Threat Management
Services zl Module Management and Configuration Guide.
High Availability is only supported for modules that operate in routing mode. It is not
supported for monitor mode. If you require redundancy for monitor mode TMS zl
Modules, simply mirror the same traffic to two modules.
Performance Considerations - Because all traffic must go through the master session
manager, the firewall throughput of the cluster is the same as the master throughput.
However, the cluster throughput for IPS is increased due to the sharing between the
members.
HA VLAN - When HA is enabled, the module’s internal port 2 becomes an untagged
member of the HA VLAN and is dedicated to HA traffic. All messages such as HA
control protocol, synchronization, and HA management messages are communicated
through this interface. It is highly recommended that you change the HA VLAN to a
dedicated VLAN that does not carry general data traffic, even if you are not
implementing HA.
When you remove the master from an active-standby cluster, it will lose all of its TMS
VLAN IP addresses. (The IP addresses fail over to the participant.) You will then need to
use the CLI to configure at least one new TMS VLAN IP address in a management-
access zone before you can use the Web browser interface to reconfigure other TMS
VLAN IP addresses on the removed module. All other settings will be intact, such as
management-access zones.