Implementation of GlobalProtect and Data Centre Interconnect
Le, Duc (2020)
Le, Duc
2020
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2020060416910
https://urn.fi/URN:NBN:fi:amk-2020060416910
Tiivistelmä
The goal of this project was to provide RELEX, the client company, a good VPN architecture that can be scaled when the number of users increase. In addition, the project also aimed to implement Data Centre Interconnection between two data centres and a fail-over mechanism to the VPN tunnel in case of links being down.
This thesis presents the current routing protocols – OSPF and BGP – together with the firewall product from Palo Alto. These technologies were used as the base for the implementation of the project.
Details on how to configure VPN services and build a Data Centre Interconnect solution at RELEX are also discussed in the thesis. The project started from implementing a new VPN architecture at RELEX. This included building a GlobalProtect service and implementing a dynamic routing protocol using OSPF over IPsec tunnels to provide connectivity between data centres. Then DWDM links were introduced to interconnect two data centres in Finland to provide high bandwidth and low delay connections. Furthermore, IPsec tunnels were utilised as a third backup link for traffic between data centres.
The project has been done successfully and both the GlobalProtect service and the Data Centre Interconnect solution are now used in production at RELEX. The thesis discusses several improvements for GlobalProtect that have been done after the implementation of the service and solution. Furthermore, future ideas for improving the services are presented.
This thesis presents the current routing protocols – OSPF and BGP – together with the firewall product from Palo Alto. These technologies were used as the base for the implementation of the project.
Details on how to configure VPN services and build a Data Centre Interconnect solution at RELEX are also discussed in the thesis. The project started from implementing a new VPN architecture at RELEX. This included building a GlobalProtect service and implementing a dynamic routing protocol using OSPF over IPsec tunnels to provide connectivity between data centres. Then DWDM links were introduced to interconnect two data centres in Finland to provide high bandwidth and low delay connections. Furthermore, IPsec tunnels were utilised as a third backup link for traffic between data centres.
The project has been done successfully and both the GlobalProtect service and the Data Centre Interconnect solution are now used in production at RELEX. The thesis discusses several improvements for GlobalProtect that have been done after the implementation of the service and solution. Furthermore, future ideas for improving the services are presented.