MDM Architecture – Part IV

After seeing the new MDS environment my brain is just spinning

One thing I was thinking is that now that the backend is in SQL, why limit to global/local? Why can’t you have user based hierarchical?
DOMAIN GLOBAL-
       DOMAIN North America
                DOMAIN – Midwest
                       ENFORCMENTPOINT- St. Paul
                DOMAIN – NY
        DOMAIN ASIA
        DOMAIN EU
DOMAIN PCI
        DOMAIN PCI-NorthAmerica
That way ENFORCMENTPOINT can inheret all the DOMAINS rules and objects along with its own local ones.
If you migrate St. Paul to a new domain, the migration can just work with local objects named “DOMAINX_DOMAINY_migrated_host_server_1.2.3.4” and its IP address.  Put a search function in so one can search and replace where the migrated objects were localized.
UPDATE 6/1/2013:
The new management environment is suppose to support millions of objects which is great. But managing them has me worried. MDS has average support for large numbers of objects (rules, admins, network objects, services, etc).
I feel there should be several group and scoping templates that allow us to group, search, execute on groups of objects. Off the top of my head I feel there should be hierarchical and relational groups, folder hierarchies, labels and label hierarchies. You may consider using inheritance in these hierarchies. To search these objects it should be like google – indexed fuzzy searches. Then you can click and drag them into a new folder for example or execute a command on them.
THis way WE control our scoping rules and CP does not force us into a global/local decision. Large enterprises are not that simple.
dreez
Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

  • cheese  On September 9, 2014 at 6:23 am

    Thanks for any other great post. The place else may anyone get that type of information in such an ideal manner of writing?

    I have a presentation next week, and I am on the look for such information.

    • Dreezman  On September 9, 2014 at 5:45 pm

      No sorry I don’t see other posts like this. Thanks for interest.

  • Carlo  On October 1, 2014 at 9:42 am

    I couldn’t refгɑin from commenting. Exceptionally well written!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: