SEC04-01 Partitioning the Network
Network partitioning splits a network into separate areas to isolate sensitive traffic and resources, enhancing overall security.
- Risk level
High
- Key strategies
Network partitioning can:
- Isolate sensitive data: Sensitive data and applications are isolated in independent network partitions to reduce the risk of unauthorized access.
- Provide scalability: Partitioning and layering help manage and scale complex network architectures, making maintenance and expansion easy.
- Limit network traffic: Controlling communication traffic between different network partitions ensures that only authorized traffic can flow.
- Improve performance and availability: Network partitioning helps optimize network performance and availability, and avoid network congestion and single points of failure (SPOFs).
Define the border of each partition and allocate addresses to each network partition for easy management and control. For example, for a web workload, you can create a web area, an app area, and a data area. The most important border lies between the public network (Internet) and your internal applications. This border is the first line of defense for your workloads. Huawei Cloud VPCs and subnets can be used to establish borders for each network partition.
- VPC planning: Specify a proper CIDR range for a VPC to determine its IP address range.
- Subnet planning: Create multiple subnets in a VPC and deploy different resources in different subnets.
- Related cloud services and tools
Virtual Private Cloud (VPC)
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot