Walkthrough: Creating Logical Datacenter Diagrams
This walkthrough explains how to create a basic logical datacenter diagram that includes a zone, logical servers, and connections. In this example, we are creating a security zone, which is a zone with defined restrictions on the logical servers hosted in the zones and the communication that occurs into and out of the zone. The specific type of security zone we will create is a perimeter network. You will learn how to configure this zone in the next walkthrough, Walkthrough: Creating a Security Zone Part 1.
To create a logical datacenter diagram
Create a logical datacenter diagram. For more information, see How to: Create Logical Datacenter Diagrams.
Using the logical datacenter diagram, you can design a logical representation of the server layout and settings in your datacenter.
The next step is to add zones to the diagram. Zones are commonly used to represent communication boundaries, but they can be used to represent any kind of boundary.
To create a zone named "PerimeterNetwork"
Open the Toolbox and drag a Zone to the diagram. For more information, see How to: Define Zones on Logical Datacenter Diagrams.
By default, zones contain two endpoints — one for communication into the zone and one for communication out of the zone. All communication within or outside the zone must pass through a zone endpoint. You can add as many inbound, outbound, or bidirectional zone endpoints as you want. For more information, see Communication with Zones and Logical Servers.
Select the inbound zone endpoint (ZoneEndpoint1) and view the properties window.
Change the name property to "Internet". For more information, see How to: Add Endpoints to Zones and Logical Servers.
Select the outbound zone endpoint, right-click and choose Show Label.
Note
The name of the outbound zone endpoint does not display by default.
Change the name of the outbound zone endpoint to "Intranet".
Double-click the zone name ("Zone1") and change the name to be "PerimeterNetwork". This name cannot contain any spaces.
The next step is to add logical servers to the diagram.
To add logical servers to a logical datacenter diagram
Open the Toolbox and drag an IISWebServer to the diagram and outside the PerimeterNetwork zone.
With the IISWebServer selected, choose Move To Zone and then choose "PerimeterNetwork" from the Diagram menu.
The server is moved inside the PerimeterNetwork zone. If the diagram contained more than one zone, you would have had the option of moving the logical server to other zones. You can also move servers by dragging and dropping. For more information, see How to: Move Logical Servers on Logical Datacenter Diagrams.
Name the logical server "HardenedIIS".
Add another IISWebServer outside the zone and name it "InternetServer".
Select the consumer endpoint on InternetServer (this is the unnamed endpoint), press ALT, and drag to connect it to the inbound zone endpoint, "Internet".
Using the same approach, connect the "Internet" zone endpoint to WebSiteEndpoint1 on Hardened IIS.
By making this connection, you are indicating that InternetServer and HardenedIIS communicate with one another across the PerimeterNetwork zone. In the next walkthrough, you will learn how to apply constraints to the zone endpoint that configure the kind of communication that is allowed through this connection and into the zone.
Server connections that cross zones must be made through zone endpoints. Zone endpoints have many of the policies of the zone, including the types of protocols that can pass through the zone.
Next Steps
In the next walkthrough, Walkthrough: Creating a Security Zone Part 1, you will learn how to do the following:
Add a database server to the zone.
Specify user-defined constraints and zone endpoint constraints to create specific requirements for logical servers being hosted within the zone.
Create a reusable prototype of the configured perimeter network zone that you can access from the Toolbox and share with other in your organization. In the Distributed System Designers, many Toolbox items are referred to as "prototypes". For more information, see Distributed System Designers Terminology Overview.