VMware NSX A Perspective for Service Providers part 2

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "VMware NSX A Perspective for Service Providers part 2"

Transcription

1 VMware NSX A Perspective for Service Providers part 2 Using Software Defined Networking to harden DC security controls Trevor Gerdes Strategic Architect Security and Networks

2 NSX for SPs Part 2 - Agenda 1 Case Studies 2 Data Centre Security 3 Distributed Firewall Use Cases 4 Current SDN Technologies 5 NSX Service Composer 6 Building a Zero Trust Model 2

3 Case Studies CONFIDENTIAL 3

4 Australian MSP Existing vsphere customer Using 3 rd party orchestration system (non-vmware) Wanted to improve service delivery times Looking at hybrid virtual solution using elements from Juniper, Cisco and VMware

5 Australian MSP Implemented NSX into new cloud offering inside 3 months Reduced service delivery time from 6 weeks to 3 days Brought forward revenue billing by 5 weeks Selected NSX over hybrid Cisco, VMware and Juniper solution due to all in one package of logical L2 networking, L3 routing and perimeter gateway services including VPN and LB services. Integrated NSX via API into 3 rd party cloud solution inside 1 week using python scripts. Looking for next wave of feature integration and value add using NSX distributed FW and security partners.

6 First Problem VM Conversion required X Customer Data Centre Cloud Hosting Service CONFIDENTIAL 6

7 P Customer Data Centre Cloud Hosting Service CONFIDENTIAL 7

8 What about a partial move? Customer Data Centre Cloud Hosting Service CONFIDENTIAL 8

9 NSX Providing Stretch Layer 2 (over Layer 3) NSX Customer Data Centre Cloud Hosting Service Currently in use by a large Sydney-based Hosting Provider CONFIDENTIAL 9

10 SDDC Micro-Segmentation Business Case - Sample Data Center Environment Firewall Throughput Required for Micro-Segmentation Number of VMs 1,000 Average Application Throughput per Host 7 Gbps Number of VMs per CPU 5 Throughput Required to Support All VMs 700 Gbps Number of CPUs per Host 2 Segmentation Ratio (% of VMs requiring FW controls) 40% Number of Hosts 100 Effective Firewall Throughput Requirement 280 Gbps Firewalls Required (20Gbps each x2 for HA) 28 Firewalls Firewall Cost List Price of 20Gbps Firewalls $150,000 Total CAPEX for Firewalls $4,200,000 Note: Operationally Infeasible NSX Cost List Cost for NSX Platform ~$1,300,000 Note: Operationally Easy to Deploy 3x Difference in CAPEX Cost 10 Confidential

11 Large US Financial 25,000 VM deployment $10m investment in NSX $50m savings over 5 years NSX improved host utilisation from 9:1 to 14:1 NSX helped avoid hardware refresh on ESX hosts, Load Balancers, Network hardware SDDC helped reduce labour costs by $8m 15 month PoC which morphed into full SDDC PoC (vcac, vco, vcops, LogInsight) 11 Confidential

12 Rackspace Deliver enterprise-class private networking in a public, multi-tenant cloud. NVP, combined with OpenStack is a game changer. Together we are bringing enterprise private networking to the cloud. LEW MOORMAN PRESIDENT, RACKSPACE Rackspace Cloud Networks $15-$20 million a year savings by not overprovisioning servers

13 Improved Server Utilization less overprovisioning of servers Without Network Virtualization 60% Asset Utilization With Network Virtualization 90% Asset Utilization

14 Data Centre Security A Better Way CONFIDENTIAL 14

15 Yesterday s Model for DC Security Hard Shell on the Outside Physical Workloads Soft on the Inside

16 Secure Micro-Segmentation in the Data Center Uncontrolled Communication

17 Secure Micro-Segmentation in the Data Center Operationally Infeasible

18 Secure Micro-Segmentation with VMware NSX Controlled Communication Scale-Out Performance Automated Operational Model

19 NSX Distributed Firewall Overview Hypervisor Kernel Embedded Firewall: Built directly in to the Hypervisor Near Line-Rate Performance Removes dependence on Guest based Firewall L2-4 Stateful East/West Firewalling Distributed to Every VM: No Choke Point Policy independent of VM location Enforcement closest to VM Removes Tromboning

20 Distributed Firewall - Use Cases

21 Isolation Segmentation Service Insertion Dev Web Web Test App App Production DB DB No Communication Path Controlled Communication Path Advanced Services Controlled Communication Path 21

22 NSX Distributed Firewall for vmotion Hypervisor-based, in kernel distributed firewalling Platform-based automated provisioning and workload adds/moves/changes Security Policy Cloud Management Platform Internet Perimeter Firewalls 22

23 NSX Distributed Firewall: Better Load Distribution PCI Non-PCI Private CONFIDENTIAL 23

24 Automated Security in a Software Defined Data Center Data Center Micro-Segmentation CONFIDENTIAL 24

25 Network-Segmentation or Micro-Segmentation Web VM VM VM NSX Load Balancer Multi-Tier, Multi-subnet App Database VM VM VM NSX Distributed Router Or Multi-Tier, Single-subnet Web App DB VM VM VM VM VM VM NSX Load Balancer CONFIDENTIAL 25

26 Current SDN Technologies CONFIDENTIAL 26

27 Data Plane Control Plane Management Consumption Software Defined Networking - Layers How an end user consumes SDN Build Networks and security services via WebUI, REST API (XML, JSON), Python Scripts etc e.g. vrealize Automation, CloudForms, ServiceMesh, CloudFoundry Configuration interface REST XML API or WebUI e.g. vcenter, NSX manager, APIC, Openstack Programs Data Plane Provides: API North side, Openflow or Proprietary Southbound e.g. NSX Controller, ACI N9K Spine sw., Contrail, OpenDaylight Forwards Packets Provides: workload connectivity & services processing e.g. hypervisors, physical switches and appliances 27

28 Hardware-based SDN H DN? CONFIDENTIAL 28

29 VMware NSX CONFIDENTIAL 29

30 The anatomy of the most agile & efficient data centers is SDDC Google / Facebook / Amazon Data Centers Custom Application Software / Hardware Abstraction Custom Platform Software / Hardware Abstraction Facebook 6-pack : the first open hardware modular switch. 12 switching elements, 1.28Tbits/s each Any x86 Any Storage Any IP network

31 New IT will be SDDC Software Defined Data Center (SDDC) Any Application SDDC Platform Data Center Virtualization Public Data Center Any Application Hybrid- Data Center Any Application Any x86 Any x86 Any x86 Any Storage Any Storage Any Storage Any IP network Any IP network Any IP network

32 NSX Service Composer CONFIDENTIAL 32

33 NSX Service Composer Security services are consumed more efficiently in a software-defined datacenter Apply Deploy Automate Security Groups Security Policies Service Insertion Security Tags VMware Network and Security Platform Extensibility CONFIDENTIAL 33

34 NSX Service Composer Canvas View

35 NSX Service Composer Security Group Security Group (SG) - Container of VMs by IP, Security tag, switch etc Defines what you want to protect. e.g. PCI DSS Zone, DMZ, Quarantine Zone Included Security Groups - Nested containers e.g. Quarantine Zone is a sub group within PCI DSS Zone Security Policies collection of Security Policy Objects (SPOs) assigned to this Security Group. How you want to protect this container Can have multiples with weighting e.g. PCI Compliance Policy Guest Introspection Anti-virus Vulnerability Management Data Loss Prevention (DLP) Firewall Rules Inbound, Outbound, Intra-Zone Allow, Deny, and Log Virtual Machines that belong to this container. e.g. Apache-Web-VM, Exchange Server-vM Network Introspection 3 rd party services integrated via NetX Intrusion Prevention (IPS), Nextgen F/W WAN optimization, load balancing services.

36 Automated Security in a Software Defined Data Center Quarantine Vulnerable Systems until Remediated Security Group = Virtual_Desktops Members = {Connected to VDI-01-Logical- Switch} Policy = Standard Desktop Security Group = Quarantine Zone Members = {Tag = ANTI_VIRUS.VirusFound } Policy = Quarantine Zone Policy Standard Desktop Anti-Virus Scan Policy Quarantine Zone Firewall Permit remediation, deny all Anti-Virus Scan and remediate 36

37 Building a Zero-Trust Model CONFIDENTIAL 37

38 Forrester Zero Trust Model In short, Zero Trust flips the mantra "trust but verify" into "verify and never trust."

39 Zero-Trust with NSX Stage 1 CONFIDENTIAL 39

40 Zero-Trust with NSX Stage 2 CONFIDENTIAL 40

41 Zero-Trust with NSX Stage 3 CONFIDENTIAL 41

42 Zero-Trust with NSX Stage 4 CONFIDENTIAL 42

43 Resulting Policy CONFIDENTIAL 43

44 Layer 4 7 Advanced Services Insertion NSX and Palo Alto Networks VM Series Firewall NSX Mgr Internet Optimal Traffic Steering Web Tier Rule1: Any to Web PAN Insertion Rule2: Web to App DFW Permit App Distributed Firewall DB Rule3: Web to Web DFW Deny VM VM Web 44 VM VM

45 Real-world Example of Firewall Sprawl 22 Firewalls!

46 North/South Complexity driven by applications / E-W traffic flows East-West traffic hairpins across the perimeter Firewall Complex static inter zone routing Requires punching holes across security zones Internal security zones exposed on perimeter devices East/West

47 Zero-Trust Model Implementation with NSX Any devices over any networks App gateways and perimeter devices Admin jump points Edge Transport Routing and AV/AS 443 Client Access Client connectivity Web services 389, 3268, 88, 53, 135 To AD RPC Hub Transport Routing and policy 135 Mailbox Storage of mailbox items 5060, , dynamic Unified Messaging Voice mail and voice access 808 Exchange Applications Common Services EDS AD DB

48 In Summary A Good Security Approach Requires Zero-Trust: Don t Trust Anyone, Verify Always Control at the Perimeter alone is not enough NSX with Distributed Firewall Provides Easy Enforcement of East/West Policy Security Policy that Follows the Workload Enforcement at the Smallest Unit of Trust Easy Hardening of Data Centre Core through Micro-segmentation Integration with Best-of-Breed Security Vendors CONFIDENTIAL 48

49 Thankyou!

How Network Virtualization can improve your Data Center Security

How Network Virtualization can improve your Data Center Security How Network Virtualization can improve your Data Center Security Gilles Chekroun SDDC, NSX Team EMEA gchekroun@vmware.com 2014 VMware Inc. All rights reserved. Security IT spending Security spending is

More information

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security Software Defined Data Centers Network Virtualization & Security Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security 1 My business and its IT organization are being engulfed by a torrent

More information

Delivering the Software Defined Data Center

Delivering the Software Defined Data Center Delivering the Software Defined Data Center Georgina Schäfer Sr. Product Marketing Manager VMware Calvin Rowland, VP, Business Development F5 Networks 2014 VMware Inc. All rights reserved. F5 & Vmware

More information

Business Values of Network and Security Virtualization

Business Values of Network and Security Virtualization Business Values of Network and Security Virtualization VMware NSX in the context of the Software Defined Data Center Klaus Jansen Virtual Networks Sales Specialist VMware NSBU 2014 VMware Inc. All rights

More information

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved. Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security

More information

Netzwerkvirtualisierung? Aber mit Sicherheit!

Netzwerkvirtualisierung? Aber mit Sicherheit! Netzwerkvirtualisierung? Aber mit Sicherheit! Markus Schönberger Advisory Technology Consultant Trend Micro Stephan Bohnengel Sr. Network Virtualization SE VMware Agenda Background and Basic Introduction

More information

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of

More information

Data Center Micro-Segmentation

Data Center Micro-Segmentation Data Center Micro-Segmentation A Software Defined Data Center Approach for a Zero Trust Security Strategy W H I T E P A P E R Table of Contents Executive Summary... 3 The Software Defined Data Center is

More information

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN

More information

Palo Alto Networks. Security Models in the Software Defined Data Center

Palo Alto Networks. Security Models in the Software Defined Data Center Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling

More information

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms A Trend Micro Technical White Paper June 2015 Advanced Security Services with Trend Micro and VMware NSX Platforms >> This document is targeted at virtualization, security, and network architects interested

More information

CHECK POINT & VMWARE NSX AUTOMATING ADVANCED SECURITY FOR THE SOFTWARE-DEFINED DATACENTER

CHECK POINT & VMWARE NSX AUTOMATING ADVANCED SECURITY FOR THE SOFTWARE-DEFINED DATACENTER CHECK POINT & VMWARE NSX AUTOMATING ADVANCED SECURITY FOR THE SOFTWARE-DEFINED DATACENTER Micki Boland Virtual and Cloud Cyber Security Architect mboland@checkpoint.com 2015 Check Point Software Technologies

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

Software Defined Environments

Software Defined Environments November 2015 Software Defined Environments 2015 Cloud Lecture, University of Stuttgart Jochen Breh, Director Architecture & Consulting Cognizant Global Technology Office Agenda Introduction New Requirements

More information

Advancing Security with Software Defined Datacenter. Karen Law Senior Systems Consultant VMware Hong Kong Ltd

Advancing Security with Software Defined Datacenter. Karen Law Senior Systems Consultant VMware Hong Kong Ltd Advancing Security with Software Defined Datacenter Karen Law Senior Systems Consultant VMware Hong Kong Ltd AGENDA Why Micro-segmentation? Understanding SDDC Network Virtualization Why Network Hypervisor?

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

Software Defined Network (SDN)

Software Defined Network (SDN) Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario

More information

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com 1 Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com Agenda Cloud Computing VMware and Security Network Security Use Case Securing View Deployments Questions 2 IT consumption

More information

Securing the Virtualized Data Center With Next-Generation Firewalls

Securing the Virtualized Data Center With Next-Generation Firewalls Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks

More information

Security in the Software Defined Data Center

Security in the Software Defined Data Center Security in the Software Defined Data Center Francesco Vigo Senior Systems Engineer, VMware fvigo@vmware.com Ugo Piazzalunga Technical Manager, SafeNet ugo.piazzalunga@safenet-inc.com Agenda Software Defined

More information

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015 Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?

More information

Itex VMware NSX Network Virtualization Presentation

Itex VMware NSX Network Virtualization Presentation Itex VMware NSX Network Virtualization Presentation Gabriel Maciel VCP3, VCP4/5-DCV, Security+, Project+ Sr. Systems Engineer Canadian Federal Government @gmaciel_ca 2014 VMware Inc. All rights reserved.

More information

Microsegmentation Using NSX Distributed Firewall: Getting Started

Microsegmentation Using NSX Distributed Firewall: Getting Started Microsegmentation Using NSX Distributed Firewall: VMware NSX for vsphere, release 6.0x REFERENCE PAPER Table of Contents Microsegmentation using NSX Distributed Firewall:...1 Introduction... 3 Use Case

More information

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT SECURING YOUR MODERN DATA CENTER WITH CHECK POINT Javier Hijas Security Architect Check Point Europe 1 Agenda 1 2 3 4 What Questions is a modern / Answers datacenter Datacenter protection evolution Security

More information

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security Today s data centers are transitioning into software-defined data centers (SDDC). In the SDDC, the core elements

More information

Softverski definirani data centri - 2. dio

Softverski definirani data centri - 2. dio Softverski definirani data centri - 2. dio Vmware NSX To Deliver a Software Defined Data Center Implementation Automated Operational Model Programmatically Create, Snapshot, Store, Move, Delete, Restore

More information

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service

More information

(R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure

(R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure (R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure David Kernahan Senior Systems Engineer VMware Switzerland GmbH 2014 VMware Inc. All rights reserved. Agenda 1 VMware Strategy

More information

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014 Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow

More information

Data Center Virtualization and Cloud QA Expertise

Data Center Virtualization and Cloud QA Expertise Data Center Virtualization and Cloud QA Expertise Highlights Broad Functional QA Experience Deep understanding of Switching and Routing Protocols Strong hands on experience in multiple hyper-visors like

More information

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future

More information

Designing Virtual Network Security Architectures Dave Shackleford

Designing Virtual Network Security Architectures Dave Shackleford SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined

More information

SOFTWARE DEFINED NETWORKING

SOFTWARE DEFINED NETWORKING SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology

More information

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based

More information

VMware vcloud Networking and Security

VMware vcloud Networking and Security VMware vcloud Networking and Security Efficient, Agile and Extensible Software-Defined Networks and Security BROCHURE Overview Organizations worldwide have gained significant efficiency and flexibility

More information

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service

More information

SDDC: A New Architecture for a New Era of Ed IT

SDDC: A New Architecture for a New Era of Ed IT Welcome MEEC Members! SDDC: A New Architecture for a New Era of Ed IT PRESENTED BY Chuck Kiessling Data Networks Solutions Architect Dan Radke VMware Network and Security Specialist M E E C M E M B E R

More information

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack Dave Tucker Hewlett-Packard April 2013 1 About Me Dave Tucker WW Technical Marketing HP Networking dave.j.tucker@hp.com Twitter:

More information

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks Palo Alto Networks Cyber Security Platform for the Software Defined Data center Zekeriya Eskiocak Security Consultant Palo Alto Networks Evolution towards a software defined data center Server Virtualiza-on

More information

Cloud, SDN and the Evolution of

Cloud, SDN and the Evolution of Cloud, SDN and the Evolution of Enterprise Networks Neil Rickard Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form

More information

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain SESSION ID: ANF-T08 Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain Sean Doherty VP Technology Partnerships and Alliances Symantec @SeandDInfo Deb Banerjee Chief Architect,

More information

Set Up a VM-Series NSX Edition Firewall

Set Up a VM-Series NSX Edition Firewall Set Up a VM-Series NSX Edition Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA

More information

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer

More information

vcloud Suite Architecture Overview and Use Cases

vcloud Suite Architecture Overview and Use Cases vcloud Suite Architecture Overview and Use Cases vcloud Suite 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

1518 Best Practices in Virtualization & Cloud Security with Symantec

1518 Best Practices in Virtualization & Cloud Security with Symantec 1518 Best Practices in Virtualization & Cloud Security with Symantec Tues May 6, 11:00 Kevin Stultz Symantec Product Management Chip Epps Symantec Product Marketing 1 Agenda 1 2 Trends in Virtualization

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

More information

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers Why it s unique The Nuage Networks VSP is the only enterprise and service provider-grade SDN platform that:

More information

Enabling Application Aware Networks The Next Generation Data Centre with Citrix NetScaler & Cisco Nexus. Ralph W. Lorkins Lead Systems Engineer

Enabling Application Aware Networks The Next Generation Data Centre with Citrix NetScaler & Cisco Nexus. Ralph W. Lorkins Lead Systems Engineer Enabling Application Aware Networks The Next Generation Data Centre with Citrix NetScaler & Cisco Nexus Ralph W. Lorkins Lead Systems Engineer Orchestration and virtualization Automation and orchestration

More information

VMware vcloud Networking and Security Overview

VMware vcloud Networking and Security Overview VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility

More information

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions

More information

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services

More information

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Cloud Management Software can coordinate and automate server, network, and storage operations within the modern datacenter. This brief describes how

More information

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION At many enterprises today, end users are demanding a powerful yet easy-to-use Private

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

Software Defined Networking (SDN) Software Defined Security

Software Defined Networking (SDN) Software Defined Security Software Defined Networking (SDN) Software Defined Security Kurt Knochner Fortinet Senior Systems Engineer kknochner@fortinet.com Copyright Fortinet Inc. All rights reserved. How to describe the (IT) world

More information

Tufin Orchestration Suite

Tufin Orchestration Suite Tufin Orchestration Suite Security Policy Orchestration across Physical Networks & Hybrid Cloud Environments The Network Security Challenge In today s world, enterprises face considerably more network

More information

Set Up a VM-Series NSX Edition Firewall

Set Up a VM-Series NSX Edition Firewall Set Up a VM-Series NSX Edition Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA

More information

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

Shifting Roles for Security in the Virtualized Data Center: Who Owns What? Shifting Roles for Security in the Virtualized Data Center: Who Owns What? SESSION ID: CSV-T07 Rob Randell, CISSP Director Systems Engineering Principal Security Architect VMware / NSBU Malcolm Rieke Director

More information

Expert Reference Series of White Papers. Five Reasons VMware vsphere 6.0 is a Game Changer. 0118 912 3456 www.globalknowledge.co.

Expert Reference Series of White Papers. Five Reasons VMware vsphere 6.0 is a Game Changer. 0118 912 3456 www.globalknowledge.co. Expert Reference Series of White Papers Five Reasons VMware vsphere 6.0 is a Game Changer 0118 912 3456 www.globalknowledge.co.uk Five Reasons VMware vsphere 6.0 is a Game Changer Bill Ferguson, MCT Alumni,

More information

Spotlight On Backbone Technologies

Spotlight On Backbone Technologies Spotlight On Backbone Technologies Shawn Stevens Technical Lead, Data Center Technologies CCIE #4618 shawn.stevens@cdw.com CDW.com/network 800.800.4239 Agenda Overview of Software-Defined Networking (SDN)

More information

Set Up a VM-Series NSX Edition Firewall

Set Up a VM-Series NSX Edition Firewall Set Up a VM-Series NSX Edition Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA

More information

Software Defined Networking A quantum leap for Devops?

Software Defined Networking A quantum leap for Devops? Software Defined Networking A quantum leap for Devops? TNG Technology Consulting GmbH, http://www.tngtech.com/ Networking is bottleneck in today s devops Agile software development and devops is increasing

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc. White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3

More information

2013 ONS Tutorial 2: SDN Market Opportunities

2013 ONS Tutorial 2: SDN Market Opportunities 2013 ONS Tutorial 2: SDN Market Opportunities SDN Vendor Landscape and User Readiness Jim Metzler, Ashton, Metzler & Associates Jim@ashtonmetzler.com April 15, 2013 1 1 Goals & Non-Goals Goals: Describe

More information

Limiting the Spread of Threats: A Data Center for Every User

Limiting the Spread of Threats: A Data Center for Every User SESSION ID: SPO1-R03 Limiting the Spread of Threats: A Data Center for Every User Geoff Huang Director Product Marketing VMware Tony Paikeday Senior Product Marketing Manager VMware Why do breaches still

More information

Cloud and VM Based Security

Cloud and VM Based Security Cloud and Based Security Supoj Aram-ekkalarb Network Security Consultant 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED]

More information

Vyatta Network OS for Network Virtualization

Vyatta Network OS for Network Virtualization Complete Security and Compliance for Virtual Environments Vyatta takes the concept of virtualization beyond just applications and operating systems and allows enterprise IT to also virtualize network components

More information

White Paper. SDN 102: Software Defined Networks and the Role of Application Delivery Network Services. citrix.com

White Paper. SDN 102: Software Defined Networks and the Role of Application Delivery Network Services. citrix.com White Paper SDN 102: Software Defined Networks and the Role of Application Delivery Network Services In the competitive business world IT organizations need to respond rapidly to the ever-changing needs

More information

SDN/Virtualization and Cloud Computing

SDN/Virtualization and Cloud Computing SDN/Virtualization and Cloud Computing Agenda Software Define Network (SDN) Virtualization Cloud Computing Software Defined Network (SDN) What is SDN? Traditional Network and Limitations Traditional Computer

More information

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network

More information

Introduction to Software Defined Networking

Introduction to Software Defined Networking Introduction to Software Defined Networking Introduction to SDN Ahmed Maged MENOG 15 Dubai April 2015 @amaged amaged@xegypt.org Agenda What is SDN and What it is not SDN Trends Getting Ready for SDN 2

More information

Automating Network Security

Automating Network Security Automating Network Security Ivan Pepelnjak (ip@ipspace.net) Network Architect ipspace.net AG Who is Ivan Pepelnjak (@ioshints) Past Kernel programmer, network OS and web developer Sysadmin, database admin,

More information

Securing the private cloud

Securing the private cloud Securing the private cloud Gary Gardiner Security Engineer 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone Top Trends of 2011 1 2 3 4 5 6 7 8 9 Virtualization & Cloud Computing

More information

SDN PARTNER INTEGRATION: SANDVINE

SDN PARTNER INTEGRATION: SANDVINE SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service

More information

Open Source Networking for Cloud Data Centers

Open Source Networking for Cloud Data Centers Open Source Networking for Cloud Data Centers Gaetano Borgione Distinguished Engineer @ PLUMgrid April 2015 1 Agenda Open Source Clouds with OpenStack Building Blocks of Cloud Networking Tenant Networks

More information

VMware NSX @SoftLayer!!

VMware NSX @SoftLayer!! A VMware@SoftLayer CookBook v1.1 April 30, 2014 VMware NSX @SoftLayer Author(s) & Contributor(s) (IBM) Shane B. Mcelligott Dani Roisman (VMware) Merlin Glynn, mglynn@vmware.com Chris Wall Geoff Wing Marcos

More information

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT BROCADE SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT Rajesh Dhople Brocade Communications Systems, Inc. rdhople@brocade.com 2012 Brocade Communications Systems, Inc. 1 Why can t you do these things

More information

How do software-defined networks enhance the value of converged infrastructures?

How do software-defined networks enhance the value of converged infrastructures? Frequently Asked Questions: How do software-defined networks enhance the value of converged infrastructures? Converged infrastructure is about giving your organization lower costs and greater agility by

More information

How the Software-Defined Data Center Is Transforming End User Computing

How the Software-Defined Data Center Is Transforming End User Computing How the Software-Defined Data Center Is Transforming End User Computing The Essentials Series sponsored by David Davis SDDC Powered Virtual Desktops and Applications... 1 Three Pillars of SDDC and Desktop/Application

More information

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure

More information

Gartner delivers the technology-related insight necessary for our clients to make the right decisions, every day.

Gartner delivers the technology-related insight necessary for our clients to make the right decisions, every day. Gartner delivers the technology-related insight necessary for our clients to make the right decisions, every day. 2008 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered

More information

SOFTWARE-DEFINED NETWORKS

SOFTWARE-DEFINED NETWORKS THE PROMISE OF SOFTWARE-DEFINED NETWORKS SDNs offer organizations a flexible solution capable of reimagining the enterprise network. The IT community is abuzz with discussions about software-defined networks

More information

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure August 2015 Table of Contents 1 Introduction... 3 Purpose... 3 Products... 3

More information

ORCHESTRATING THE CLOUD USING SDN

ORCHESTRATING THE CLOUD USING SDN ORCHESTRATING THE CLOUD USING SDN Joerg Ammon Systems Engineer Service Provider 2013-09-10 2013 Brocade Communications Systems, Inc. Company Proprietary Information 1 SDN Update -

More information

Management for the Mobile-Cloud Era

Management for the Mobile-Cloud Era Management for the Mobile-Cloud Era Sajai Krishnan VP Product Marketing Cloud Management Business Unit September 10, 2014 2014 VMware Inc. All rights reserved. Mobile-cloud Era - The CIO paradox New expectations

More information

Stanford SDN-Based Private Cloud. Johan van Reijendam (jvanreij@stanford.edu) Stanford University

Stanford SDN-Based Private Cloud. Johan van Reijendam (jvanreij@stanford.edu) Stanford University Stanford SDN-Based Private Cloud (jvanreij@stanford.edu) Stanford University Executive Summary The Web and its infrastructure continue to make phenomenal progress, allowing the creation and scaling of

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

SDN Security for VMware Data Center Environments

SDN Security for VMware Data Center Environments SOLUTION BRIEF SDN SECURITY FOR VMWARE DATA CENTER ENVIRONMENTS Purpose-built virtual security appliances will be increasingly used alongside hardware appliances to secure enterprise data centers, which

More information

VMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000

VMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000 VMware NSX Network Virtualization Design Guide Deploying VMware NSX with Cisco UCS and Nexus 7000 Table of Contents Intended Audience... 3 Executive Summary... 3 Why deploy VMware NSX on Cisco UCS and

More information

Next-Generation Datacenter Security Implementation Guidelines

Next-Generation Datacenter Security Implementation Guidelines Next-Generation Datacenter Security Implementation Guidelines March 2015 INTRODUCTION 3 DEPLOYMENT OVERVIEW 4 IMPLEMENTATION GUIDELINES 4 PA-7050 Boundary Firewalls to protect north-south traffic 5 Virtual

More information

HBC1533 - How to build your cloud - Steps to Extend your Datacenter

HBC1533 - How to build your cloud - Steps to Extend your Datacenter VMworld 2014 Page 1 HBC1533 - How to build your cloud - Steps to Extend your Datacenter Tuesday, 14 October 2014 14:00 Dave Hill, VMware 5 key steps to Hybrid DC A thing made by combining two different

More information

May 13-14, 2015. Copyright 2015 Open Networking User Group. All Rights Reserved Confiden@al Not For Distribu@on

May 13-14, 2015. Copyright 2015 Open Networking User Group. All Rights Reserved Confiden@al Not For Distribu@on May 13-14, 2015 NSV Architecture Test Architecture System Under Test Mgmt, Orch, etc. Test Solution VM VM Hypervisor Hypervisor IP Network Methodology Each individual requirement had 1 test case associated

More information

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery IT Infrastructure Services White Paper Utilizing Software Defined Network to Ensure Agility in IT Service Delivery About the Author Siddhesh Rane Siddhesh Rane is a Technical Architect and part of the

More information

Using SDN-OpenFlow for High-level Services

Using SDN-OpenFlow for High-level Services Using SDN-OpenFlow for High-level Services Nabil Damouny Sr. Director, Strategic Marketing Netronome Vice Chair, Marketing Education, ONF ndamouny@netronome.com Open Server Summit, Networking Applications

More information

Data Center Infrastructure of the future. Alexei Agueev, Systems Engineer

Data Center Infrastructure of the future. Alexei Agueev, Systems Engineer Data Center Infrastructure of the future Alexei Agueev, Systems Engineer Traditional DC Architecture Limitations Legacy 3 Tier DC Model Layer 2 Layer 2 Domain Layer 2 Layer 2 Domain Oversubscription Ports

More information

The growing importance of a secure Cloud environment

The growing importance of a secure Cloud environment The growing importance of a secure Cloud environment Jan Tiri jtiri@vmware.com System Engineer, VMware BeLux 2009 VMware Inc. All rights reserved Cloud components Enterprises Cloud Service Providers Private

More information