Datacenter 防火牆概觀Datacenter Firewall Overview

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

Datacenter 防火牆是與 Windows Server 2016 包含新的服務。Datacenter Firewall is a new service included with Windows Server 2016. 它是網路層級 5-有序元組通訊協定,來源和目的地的連接埠號碼([來源和目的地的 IP 位址)、狀態、multitenant 防火牆。It is a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant firewall. 當部署,即服務提供者服務提供承租人系統管理員可以安裝,並設定防火牆原則,以協助保護其 virtual 垃圾流量來自網際網路的網路及內部網路。When deployed and offered as a service by the service provider, tenant administrators can install and configure firewall policies to help protect their virtual networks from unwanted traffic originating from Internet and intranet networks.

Datacenter 防火牆網路堆疊中

服務提供者系統管理員或承租人系統管理員可以管理透過網路控制器和 northbound Api Datacenter 防火牆原則。The service provider administrator or the tenant administrator can manage the Datacenter Firewall policies via the network controller and the northbound APIs.

Datacenter 防火牆的雲端服務提供者提供下列優點:The Datacenter Firewall offers the following advantages for cloud service providers:

  • 可以提供 tenants 高度延展性,可管理及 diagnosable 軟體防火牆方案A highly scalable, manageable, and diagnosable software-based firewall solution that can be offered to tenants

  • 移至不同運算主機的承租人虛擬電腦,而不會中斷承租人防火牆原則自由Freedom to move tenant virtual machines to different compute hosts without breaking tenant firewall policies

    • 部署 vSwitch 主機連接埠代理程式防火牆為Deployed as a vSwitch port host agent firewall

    • 承租人虛擬電腦取得指派給其 vSwitch 主機代理程式防火牆原則Tenant virtual machines get the policies assigned to their vSwitch host agent firewall

    • 免中每個 vSwitch 連接埠,獨立執行一樣的實際主機設定Firewall rules are configured in each vSwitch port, independent of the actual host running the virtual machine

  • 提供承租人虛擬機器獨立承租人來賓作業系統的保護Offers protection to tenant virtual machines independent of the tenant guest operating system

Datacenter 防火牆的 tenants 提供下列優點:The Datacenter Firewall offers the following advantages for tenants:

  • 定義來協助保護網際網路面對工作負載 virtual 網路上的免功能Ability to define firewall rules to help protect Internet facing workloads on virtual networks

  • 定義免來協助保護虛擬相同 L2 virtual 子網路,以及例如虛擬不同 L2 virtual 子網路上的電腦上的電腦間的流量的能力Ability to define firewall rules to help protect traffic between virtual machines on the same L2 virtual subnet as well as between virtual machines on different L2 virtual subnets

  • 定義免,以協助保護並找出承租人間網路流量的能力先網路與他們 virtual 網路的服務提供者。Ability to define firewall rules to help protect and isolate network traffic between tenant on-premises networks and their virtual networks at the service provider