Technical data

Deploying VSX
Check Point VSX Administration Guide NGX R67 | 176
Data Centers
Data center providers supply external hosting services for Domain servers and databases. The service
typically includes infrastructure, connectivity, and security for multiple Domains.
For example, you can have a scenario such as:
Multiple Domain networks sharing a common physical infrastructure.
Backbone that provides connectivity between each Domain and the data center.
Domain A connects to its web hosting servers.
Domain B connects to its mail servers.
Domain C connects to its database servers.
To provide network security and management, the data center provider deploys a VSX gateway with one
Virtual System for each Domain.
This scenario offers a cost effective scalability solution for network expansion by means of remote
connectivity. In this example, a VPN connection between a Domain Virtual System and a UTM-1 Edge
device protecting a remote network, integrates that network into the MPLS core. Similarly, a Virtual System
can provide access for individual remote users who connect intermittently.
Data Centers in an Enterprise
This example scenario illustrates how VSX provides security management for enterprise data centers. By
assigning layer-2 connections to Virtual Systems, VSX reduces the number of physically managed devices
within a data center while providing the same high level of security.
In the figure below, a VSX gateway allows authorized users to access data center resources. The objective
here is to protect shared resources with differing access permissions and security requirements, while
implementing network granularity.
Figure 11-44 Enterprise data center
For example, one Virtual System protects databases against SQL vulnerabilities. Another Virtual System
protects Web Servers using IPS. When new applications and services are added to the enterprise data
center, new Virtual Systems are easily created to secure them according to their specific requirements.