Zyxel Nebula supernova cloud - an economical way to safety?
This article opens the Zyxel Nebula series of publications. It will be told about promising opportunities, application options and some features of the new equipment management system from Zyxel.
Network infrastructure in tasks and solutions
From the very beginning it is worth noting the dependence of the network infrastructure in most enterprises on external management. This feature is typical for both large and small organizations.
Take for example a small firm at the very beginning of development. For such a tiny business, there is enough a sticker with a phone to call "computer repair wizards" who can be trusted to prepare a laptop for work or set up a Wi-Fi router.
If the business has grown a bit, then you can hire a "coming sysadmin." That is, go to the outsourcing, but in the person of one person. For example, on Fridays, an “incoming IT dad” appears in the office and asks what needs to be done. And doing the right thing over the weekend. Everyone is comfortable, everyone is happy.
As the organization grows, they hire a system administrator with a general qualification (“multi-handed Shiva”) or even a small IT department, which may include: a system administrator for server hardware, a user support engineer, a DBMS programmer (who also performs the role of DBA) and so on.
But the services of a network administrator are usually used either as part of a remote service or as part of a temporary work under a one-time contract (to configure, change the configuration, install, and so on). The fact is that network infrastructure management is a very specific area. And to download a network administrator with a job strictly in his specialty, so that he not only performs familiar mechanical actions, but also develops it is quite difficult. The result is that even one network administrator is a lot for an average Russian organization at the rate of 100+ employees.
The exception is made by specialized IT companies, for example, system integrators, developers of specialized security solutions, and so on.
Another option is to immediately conclude an agreement with an outsourcing company, to which you can shift not only to ensure the operability of the network, but also office telephony, servers, services and services, and even timely delivery of accounting reports.
Note that in the examples above, one way or another, the management of the network infrastructure is in “alien hands”.
On the one hand, there are few alternative options. You can take a highly paid specialist for a limited range of tasks. In his spare time from the basic duties he can indulge in affordable entertainment. But here we must understand that if there is no place for a professional to develop, then either after some time he ceases to be a professional, or he has to change his employer and choose a company with the prospect of personal growth.
You can still try to stay longer at the level of a primitive network and at the same time develop all other parts of the IT infrastructure. But sooner or later, such a policy will bring its bitter rewards in the form of expenses for deep modernization, with partial or complete shutdown of equipment, interruption of business processes and other unpleasant surprises.
And if everything is easier to do?
You can go the other way. Simplify the installation, configuration and maintenance of network equipment. The good news is that you can make some general recommendations on the organization of network infrastructure.
For example, use a single control center for setting up access points. Similar simplified methods can be worked out when solving most of the tasks relevant to modern business.
You can create tools to perform a large number of settings in semi-automatic mode on a particular pattern (algorithm).
Then it remains only to add to these tools a single user-friendly interface and place it on a secure resource available in 24/7 mode.
All that has been described above has already been implemented in the form of a cloud platform that allows you to perform most of the general settings of network equipment.
In this case, most of the routine can be shifted in the framework of the combination of duties on other employees of the IT service. And the services of network gurus should be used only as part of individual completed turnkey projects, for example, during the initial deployment of network infrastructure, modernization, preparation of an organization for a security audit, and so on.
Zyxel Nebula as an example of a cloud approach
This is a single cloud solution that allows you to create network infrastructures that are easy to manage, with flexible adaptation to existing needs.
Today, Zyxel has two areas of development: hardware specifically designed for use with Nebula, and equipment with traditional control via a local web interface.
Note. Zyxel Nebula cloud is not a step to terra incognita. Other vendors have similar systems. Zyxel builds its solutions based on well-established methods.
One important detail needs to be noted. All cloud devices of the same type are configured on the same principle. Knowing the principles of work in Nebula, the administrator can configure a whole range of equipment: switches, access points, routers, and so on. You do not need to know the nuances of the web interface, minor differences in the CLI commands, and so on.
As an illustration, take for example the configuration of the physical port on the switch.
Access to the service is available at: nebula.zyxel.com
After passing the authentication procedure, the user enters the Dashboard panel.
Before it opens information about all connected devices. To go to the switch settings, click on the Switch area with the mouse (see Figure 1)
Figure 1. Zyxel Nebula Dashboard.
In the window that opens, select the desired switch, and click on it with the mouse.
In the window that opens, go to port management, using the active element Configure Ports.
Figure 2. Switch management in Zyxel Nebula.
In the window that appears, select the desired port and press the Edit button at the top.
Figure 3. Selecting a port for management A
window for editing port settings will appear.
Figure 4. Window for changing the physical port settings on the switch in the Zyxel Nebula.
As you can see, everything is very simple.
In order to completely dispel the doubts that the Zyxel cloud interface is simple and safe, the most popular questions and answers to them are listed below.
Questions and Answers on the Move to Nebula
How is the policy of monetization of services Zyxel Nebula? What are the differences for paid and free subscribers?
To work with Zyxel Nebula requires the presence of devices with the appropriate firmware.
After the cloud account has been created for the organization and the device has been added to the cloud, the client receives the year of the Enterprise maximum subscription. After a year, he can choose between paying for the continuation of an Enterprise subscription or the free version of Zyxel Nebula.
Note. The difference between the versions can be read here .
Is customer traffic going through the cloud?
Not. Network traffic goes where it is prescribed by the routing table that the client specifies. In principle, it cannot reach the cloud, because it is closed from the transfer of data of this kind.
But is something copied anyway?
The cloud reflects the network settings and statistics collected. The identifiers of the connected devices are also saved. This information is required to configure, manage, and monitor equipment status.
And what, nobody spies behind this information?
What for? Of course, if a client turns to his specialist for help and asks to look after the network, then it would be logical to give this specialist access to the cloud. For unauthorized people, access to the Zyxel Nebula is closed.
Client lost password. And now what i can do?
The situation is much simpler than with a “non-cloud” device. For equipment that is controlled exclusively locally, you must perform a password reset procedure. Sometimes for this you have to sacrifice the settings or the procedure itself is quite complicated and not everyone is able to perform it.
In the case when the equipment is connected to the Zyxel Nebula, the password can be restored via the e-mail registered in the system. Such a solution is particularly well suited for cases where there is no network administrator in the client organization that can perform a password reset operation.
If a person with such systems has never worked, how to learn the fastest?
You can take a course. Similar seminars are regularly held at the Zyxel Center in Russia.
What is safer cloud or outsourcing?
This is a rather lengthy question that cannot be answered immediately. Of course, much, very much depends on specific conditions.
But, taking into account the fact that most security problems occur through the fault of specific individuals (the notorious "human factor") - it can be argued that in this aspect the cloud management system looks safer.
Do not forget that the network administrator is also a person. And he can get sick, go in an unknown direction or experience many other turns of fate.
Sometimes when working with an outsourcing company there is a conflict, and you may need to quickly switch to another service provider.
In all the cases described, it is necessary to urgently look for a new person (natural or legal) in order to pick up the maintenance of the system and first of all eliminate possible security problems.
With Zyxel Nebula, these problems are minimized. Simply change the password on a cloud resource.
Again, the Zyxel Nebula cloud does not drink beer with friends and does not tell stories about who set up what equipment, what equipment, does not use the client’s infrastructure as a platform for their own laboratory work for personal purposes, and, in general, is not seen in “discrediting” .
What other security benefits are there?
Having a single cloud is easier to keep track of multiple devices. You have to agree that, in addition to logins and passwords, there is still a lot of detail regarding individual settings - it may not be so easy.
Modern methods of setting up equipment involve the use of templates, policies, pre-written scripts, but it is much easier to work if all this is already consolidated into a single control center than to create or customize such a control structure yourself.
It is worth noting that in the case of working with an outsourcing company, the client cannot influence the internal processes in the outsourcer’s company. And the Zyxel Nebula works automatically and depends less on the “human factor”.
As part of this article, the reader became familiar with the cloud option of managing network infrastructure using the example of Zyxel Nebula.
The next article on this topic will discuss how to organize support for the branch infrastructure using the cloud management system Zyxel Nebula.
1. A section on the Zyxel.ru website dedicated to Zyxel Nebula
2. Information about Zyxel switches with PoE and control from the cloud