Every time I have been asked what kind of security recommendations are required for data center access layer? Let’s understand what does Access Layer in data center is used for first.
The data center access layer provides Layer-2 connectivity for server farms. In most cases the primary role of the access layer is to provide port density for scaling the server farm or a network segment; it could be Physical or Virtual. Security at the access layer is primarily focused on securing Layer-2 flows and communication within the sites.
Recommendations for this layer are:
Use VLANs to segment and isolate traffic where it’s needed. This is the very basic stuff used in almost every data centers but always not consider it as security. Deploy private VLANs (PVLANs) after confirming that traffic flows will not be affected once they are deployed. It is best to ensure that hosts that need to communicate are placed in the same community while hosts that don’t require such connectivity are isolated. Communication of host matrix must be given by customer by clearly defines the traffic flows.
The following layer 2 security mechanisms should be enabled at the access layer :