Walkthrough: Creating Logical Datacenter Diagrams
This walkthrough explains how to create a basic logical datacenter diagram that includes a zone, logical servers, and connections. In this example, we are creating a security zone, which is a zone with defined restrictions on the logical servers hosted in the zones and the communication that occurs into and out of the zone. The specific type of security zone we will create is a perimeter network. You will learn how to configure this zone in the next walkthrough, Walkthrough: Creating a Security Zone Part 1.
To create a blank logical datacenter diagram
Create a new solution with a blank logical datacenter diagram. For more information, see How to: Create Logical Datacenter Diagrams.
Using the logical datacenter diagram, you can design a logical representation of the server layout and settings in your datacenter.
The next step is to add zones to the diagram. Zones are commonly used to represent communication boundaries, but they can be used to represent any kind of boundary.
To create a perimeter network zone
From the Toolbox, drag a Zone to the diagram.
For more information, see How to: Define Zones on Logical Datacenter Diagrams.
By default, zones contain two endpoints. One is for communication into the zone and the other is for communication out of the zone. All communication within or outside the zone must pass through a zone endpoint. You can add as many inbound, outbound, or bidirectional zone endpoints as you want. For more information, see Communication with Zones and Logical Servers.
Click the inbound zone endpoint (ZoneEndpoint1) and view the Properties window.
Change the Name property to Internet.
For more information, see How to: Add Endpoints to Zones and Logical Servers.
Right-click the outbound zone endpoint, and click Show Label.
Note
The name of the outbound zone endpoint does not display by default.
Change the name of the outbound zone endpoint to Intranet.
Double-click the zone name (Zone1) to change the name to PerimeterNetwork.
This name cannot contain any spaces.
The next step is to add logical servers to the diagram.
To add logical servers to a logical datacenter diagram
From the Toolbox, drag an IISWebServer to the diagram and place it outside the PerimeterNetwork zone.
Click the IISWebServer on the diagram.
On the Diagram menu, point to Move To Zone, and choose PerimeterNetwork.
The server is moved inside the PerimeterNetwork zone. If the diagram contained more than one zone, you could choose to move the logical server to other zones. You can also move servers by dragging and dropping. For more information, see How to: Move Logical Servers on Logical Datacenter Diagrams.
Name the logical server HardenedIIS.
Add another IISWebServer outside the zone and name it InternetServer.
While holding the ALT key, drag the consumer endpoint on InternetServer to connect it to the inbound zone endpoint Internet.
Note
The consumer endpoint is the unnamed endpoint on InternetServer.
Using the same approach, connect the Internet zone endpoint to WebSiteEndpoint1 on HardenedIIS.
By making this connection, you are indicating that InternetServer and HardenedIIS communicate with one another across the PerimeterNetwork zone.
Server connections that cross zones must be made through zone endpoints. Zone endpoints have many of the policies of the zone, including the types of protocols that can pass through the zone.
In the next walkthrough, you will learn how to apply constraints to the zone endpoint that configure the kind of communication that is allowed through this connection and into the zone.
Next Steps
In the next walkthrough, Walkthrough: Creating a Security Zone Part 1, you will learn how to do the following:
Add a database server to the zone.
Specify user-defined constraints and zone endpoint constraints to create specific requirements for logical servers being hosted within the zone.
Create a reusable prototype of the configured perimeter network zone that you can access from the Toolbox and share with other in your organization. In the Distributed System Designers, many Toolbox items are referred to as "prototypes". For more information, see Distributed System Designers Terminology Overview.