hello and welcome to firewall management
201 I'm Professor wool and today we're
going to be talking about the challenges
of migrating servers to a new virtual
data center so what are we talking about
assume we have an old existing physical
data center in black over here and we
have this one server that we want to
migrate to our new virtual environment
in a private cloud how would we go about
doing that well the first steps are easy
enough the IT department will create a
clone of the old server in the new
virtualized environment and they would
give it a new IP address and now all we
need to do is make sure that all the
traffic that came to that old server is
now going to go to the new server and
we're good to go
the trouble is that that's easier said
than done what are the problems
well most organizations don't keep very
very good records of what every server
does it's not even obvious what
applications really use that old server
and what types of traffic have to reach
that server or exit from it maybe there
is some information but it might be
inaccurate out-of-date or maybe it's
non-existent entirely so how do we go
about making sure that all the necessary
traffic is really allowed to go where it
needs to go to the new clone well here's
one idea how we could achieve that task
we can use the firewall rules themselves
as a form of documentation after all any
application that relied on the old
physical server is working just fine
which means that all the traffic that it
needs either reaching the old server or
emanating from the old server all that
old traffic is allowed by the firewall
policies already so there are rules in
the firewalls that support precisely the
types of traffic that we care about when
we're migrating this one server once
we've made that observation we have a
blue
for a solution what what we can do is we
can search the firewall policies across
the whole estate and discover all the
rules where the server that we are
migrating is being referenced here for
instance we can we can see that there's
a rule allowing traffic from these green
desktops on the left to reach the server
that we care about through firewall
number one so this is traffic going this
way and there's also traffic on set that
is allowed by some other firewall
firewall number two and it's allowing
traffic to go from that old server to a
database like this once we've identified
these relevant rules what we can do is
we can take the IP address of the
virtualized copy and write it right next
to all the references to the old server
and over here as well we can modify
these firewalls policies so that
wherever the old IP address is written
we have another IP address right next to
it of the virtualized copy once these
changes are applied to the firewall
policies we are assured that all the
traffic that used to travel to and from
the old physical server is now going to
be allowed when it tries to reach the
new virtualized copy and when that's the
case when that's done we can tell the IT
department to reconfigure all the other
end points such as the databases and the
desktops to refer to the new virtualized
copy and start communicating this way
and this way and once the application is
tested and everything functions normally
we can declare victory and we have in
fact migrated the server once we've done
that we can go ahead and decommission
the old server and we can eliminate all
reference to the old IP addresses from
the firewall rules and we can move on to
our next tab
that's it for what we have today thank
you for your attention and see you all
next time in the next class
