TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 60
9.2.6 Ensuring Management Access Under Heavy Load
Under certain heavy load operating conditions, it is possible for the in-band
management traffic of the module to be “starved out,” leading effectively to
loss of the management interface. This section highlights the value of
prioritizing the management interface traffic as soon as possible.
As with any network implementation, it is important to identify a VLAN to be
used only for switch management traffic. This allows for improved
management access security and also for isolating management traffic from
other network traffic that could potentially cause interference in performing
important configuration or monitoring tasks. To follow best security practices,
the management VLAN should not be the default VLAN (which is VLAN 1).
On the TMS zl Module, it is also important to assign VLAN priority handling
to the management VLAN so that it will process traffic from this VLAN before
handling traffic from other VLANs. This will ensure that the secure Web
browser and SNMP interfaces are always accessible, even if the TMS zl
Module is handling an extremely high volume of traffic. High resource
utilization of the TMS zl Module is a real possibility when many of its security
capabilities are enabled and highly utilized.
To configure VLAN 2 as the priority VLAN which will carry TMS
management traffic, you would type this command:
ProCurve Switch 5406zltms-module-D:config)# management priority-vlan 2
This step IS performed as part of Section 10.3 where we configure the
management VLAN and zone.