Transforming the Network to Seize Business Advantage
|
|
- Ross Gray
- 8 years ago
- Views:
Transcription
1 Vol.7 April 2013 Transforming the Network to Seize Business Advantage IT Security Evolves to Become Programmable - SECTION 1 Letter to IT Executives - SECTION 2 Introduction to ProgrammableFlow Software-Defined Networking - SECTION 3 Denial of Service protection in a Programmable Network - SECTION 4 Gartner: The Impact of Software-Defined Data Centers on Information Security
2 SECTION 1 Letter to IT Executives While IT has enjoyed significant innovation in the past decade in most infrastructure segments, including servers, storage and OS software, network innovation has not run a parallel course or complemented the new, highly virtualized IT environment of today. Conventional networks have grown in complexity and cost, and often serve as bottlenecks to business agility and handicaps to the cloud-enabled enterprise or solution provider. The announcement two years ago of the OpenFlow protocol marked a turning point-a disruptive network technology enabling NEC to develop and offer the first enterprise-class Software-Defined Networking solution, the NEC ProgrammableFlow Network Suite, released in May of This technology includes a centralized software controller that can program the network, separating the control plane from the data plane and managing the flow of data to hybrid and pure OpenFlow switches, creating a dynamic configuration often described as Software-Defined Networking, or SDN. NEC, as a leader in OpenFlow and SDN, is focused on offering the best-in-class SDN controller and switches, and is also proactively supporting an open source strategy. This will provide our customers alternatives based on their specific needs. Nippon Express Benefits from ProgrammableFlow figure 1 Much has been written about the automation and configuration benefits delivered by this award-winning network fabric. We have customers in production today experiencing dramatic savings in both OPEX and CAPEX. The graphs shown here in figure 1 depict the benefits an early adopter, Nippon Express, a global logistics supplier and one of the 50 largest companies in Japan, have realized. Nippon Express has used and expanded their ProgrammableFlow network since they first implemented the fabric in their back-up data center first quarter of As you can see, the customer has experienced measurable financial benefits from their implementation of 2
3 the ProgrammableFlow Network Suite, including an 80% reduction in resource usage and the elimination of outsourced programmers, no longer needed for configuration changes to their network. For Nippon Express, reconfiguring the network to respond to changes in the business formerly took 8 weeks. With ProgrammableFlow SDN in place, it now takes 10 days. We know, that provisioning a new, three-layer application can take an average of 3 working days in traditional networks. Using ProgrammableFlow SDN, as shown in figure 2, the process of bringing these new applications on board will take less than 5 minutes. But we believe the greatest benefits are yet to unfold, as customers roll out ProgrammableFlow networks with our new, RESTful northbound interface. Leveraging this interface into applications, programmers will be able to incorporate business policy and network management and control directly into the application. The resulting time savings, resource management and consistent application of business policy promises true business agility and competitive advantage. Reduces Time to Deliver Applications Time to Deliver a 3-Tier Application 3 days Conventional Network 5 minutes SDN/ ProgrammableFlow figure 2 One of the first places this L4-L7 activity is evident is with our partner, Radware, with a Denial-of-Service SDN application first demonstrated on a ProgrammableFlow network in May, 2012 at Interop Las Vegas. Radware Anti-DoS application name is DefenseFlow. The article herein describes this solution in greater detail. By integrating with NEC s programmable SDN, Radware can more rapidly provision network security resources and services. The integration is bidirectional. Radware provides applicationspecific security intelligence back to NEC that may impact network, application and security SLAs. Neil MacDonald Gartner Group Neil MacDonald of Gartner Group, in the attached research note The Impact of Software-Defined Data Centers on Information Security advises Leading edge enterprises data centers are evolving to software-defined models of IT services that are decoupled from the hardware underneath. To support these shifts, information security services must evolve to become programmable and adaptive. Neil further reports on the Radware and NEC joint SDN solution: By integrating with NEC s programmable SDN, Radware can more rapidly provision network security resources and services. The integration is bidirectional. Radware provides application-specific security intelligence back to NEC that may impact network, application and security SLAs. This Next-Generation Software-Defined Security solution is available now. Call your NEC Account Manager today to learn how you can achieve new levels of responsiveness to your business with the revolutionary OpenFlow-based ProgrammableFlow SDN. Mike Mitsch Vice President Enterprise Technology Group / IT Group NEC Corporation of America 3
4 SECTION 2 Introduction to ProgrammableFlow Software- Defined Networking Highlights of ProgrammableFlow ProgrammableFlow OpenFlow Network Fabric is a high performance, open fabric enabling enterprises to easily and cost-effectively deploy, control, monitor and manage their network infrastructure Secure multi-tenancy supports rapid, easy virtual machine migration and dramatically accelerates delivery of new applications. ProgrammableFlow SDN, featuring the first enterpriseclass OpenFlow controller, separates the network control plane from the data plane to abstract network intelligence and enable centralized management and control over both physical and virtual networks. Advanced network automation increases reliability and lowers costs. Intelligent and dynamic multipath routing is based on business policy for superior quality of service aligned with business priorities End-to-end visualization of all network flows for greater manageability, and fully redundant configuration assures reliability While the PF6800 controller is interoperable, demonstrated at Interop 2012 with multiple switches including IBM, Brocade, and Extreme Networks, NEC also offers a complete network solution including an award-winning hybrid OpenFlow switch-transitioning between conventional networks and OpenFlow, a 10GbE OpenFlow switch, and adding in 2012 the first OpenFlow-based virtual switch, the PF1000 for Microsoft Hyper-V environments. ProgrammableFlow maximizes server virtualization investments Traditional networks often act as a barrier to organizations trying to get the most from their server virtualization. ProgrammableFlow, acting as a virtual network fabric, provides seamless integration into a virtual server environment, enabling servers and VMs to be provisioned, migrated and decommissioned without requiring network reconfiguration. Network and security policies follow virtual machine migrations automatically. ProgrammableFlow Network Fabric increases the efficiency of your entire IT investment. Multipath networking uses multiple links to move traffic from a central point to a given destination. Administrators can take advantage of multiple links, as shown in figure 3, to redirect traffic to a path with more available bandwidth. This real-time network load balancing is unique to the ProgrammableFlow Controller. The multiple links can also be used to migrate traffic off specific switches to support load concentration for maintenance or power savings. 4
5 figure 3 Network Programmability for rapidly & efficiently delivering services Because OpenFlow and ProgrammableFlow decouple the data path and control path, organizations can more easily introduce changes into their network and customize it to suit their business needs. A programmable network in the future will be essential to position you for significant competitive advantage. Programmable interfaces will, as shown in figure 4, allow you to take advantage of rich development and network services that will be available. This will enable a network that is flexible enough to handle future unknowns, whether it s users of applications in support of the intelligent economy. Network Applications API ProgrammableFlow Controller Network Applications Network Applications OpenFlow Control Network Fabric figure 4 5
6 Greater Flexibility for private and public clouds ProgrammableFlow s support of multi-tenant networks, all managed from a centralized interface, provides compelling value for hosting or public cloud providers and security protection for private cloud customers. ProgrammableFlow allows multiple virtual networks, like those in figure 5, to securely share a common physical infrastructure. Because they are completely isolated and operate with different policies, each network fabric can be customized without impacting other services. NEC s Virtual Tenant Network (VTN) technology enables administrators to build multi-tenant networks that support unlimited virtual machine migration, enabling rapid scaleout of new applications, balanced workloads, and higher levels of availability. The ProgrammableFlow controller supports multi-tenancy with network path management, path health and status monitoring, and policy-based flows. Secure Virtual Tenant Network (VTN) VTN1 VTN2 PFC Physical Configuration Control figure 5 Policy Based Routing enables agility ProgrammableFlow enables the network to be fully responsive to the needs of the business: network traffic can be customized dynamically based on traffic type, including complex conditions. Examples might include managing bandwidth-intensive video based on business priorities, or ensuring key applications take priority, particularly during pivotal times. Legacy networks do not control network traffic based on business policy. With ProgrammableFlow, the final destination of a packet need not be the destination IP address but an intermediate appliance or service module such as a firewall or load balancer. Such functionalities are not available in traditional networks. With ProgrammableFlow, network restrictions do not curtail business performance and priorities. 6
7 SECTION 3 Denial of Service protection in a Programmable Network Integrated Security for Virtualized Networks A solution paper by Radware & NEC Corporation Introduction Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are assaults on a network that flood it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike single bullet intrusion attacks (such as a worm or Trojan) which cause information damage or leakage, DoS attacks disrupt the availability of network resources and can interrupt network service for a long period of time. Typical victims for DoS attacks are online businesses, carriers and service providers. DoS attacks target revenue-generating organizations by overtaxing link capacity. The security publication Dark Reading estimates damages can range from $240K per day, a figure reported by 65% of the companies surveyed, to $1M per day or more. 1 Costs could include direct and Indirect damages such as those related to business reputation, as well as increased operational expenses. The common form of DoS attacks are DDoS attacks, where hackers take advantage of bot-infected, compromised computers to launch large-scale attacks. The DoS secured Virtual Tenant Network (VTN) is a fully virtualized network solution that enables the operator to assign a virtual DoS protection service per virtual tenant network. It relies on the Radware Anti-DoS application called DefenseFlow and shared Radware s DefensePro mitigation resources that are coupled with NEC ProgrammableFlow Controller and NEC ProgrammableFlow Switches respectively. 1 Higgins, Kelly Jackson, What a DDoS can Cost, Dark Reading, May 15, Solution Architecture NEC and Radware developed an integrated SDN solution based on both vendor products to offer comprehensive and cost-effective protection against emerging DDoS attack campaigns in NEC ProgrammableFlow networks. In addition to the benefits and capabilities provided by ProgrammableFlow SDN, the DoS Secured Virtual Tenant Network (VTN) solution includes the following functions: Traffic baselines the essence of attack detection is to look for irregular trends in traffic patterns when compared to normal patterns. Attack detection an attack is detected by comparing real-time statistical information collected from tenant networks to the stored baselines, looking for traffic patterns that deviate from the norm. Traffic diversion and injection dynamically change the switching fabric so suspicious traffic is diverted to the DoS mitigation device for cleansing and then inject the clean traffic to its original destination. Attack mitigation mitigating all types of DoS & DDoS attacks using a high performing attack mitigation device that deploys cutting edge security technologies. Traffic Path Roll-over - when the solution confirms that attack traffic is non-existent, it alerts the controller to divert the traffic back to its normal path. 7
8 Virtual NEC ProgrammableFlow Controller Baselne creation Attack detection Traffic diversion Monitor Traffic Statistics Radware Anti-DoS SDN Application ProgrammableFlow Controller Control Network Path Control Customer C Application VTN C VTN B Customer B Application Customer A Application VTN A Physical NEC ProgrammableFlow Switches Attack Mitigation Radware DefensePro figure 6: DoS Secured VTN solution architecture - shielding multitenant networks, as needed on demand from DoS attacks The following Radware components, depicted in figure 6, are introduced into the NEC VTN framework to deliver DoS secured virtual tenant networks: Radware DefenseFlow responsible for DoS attack detection and conducting the track diversion and injection operation by using the ProgrammableFlow web API. Radware DefensePro performing the DoS & DDoS attack mitigation. Granular security provisioning NEC and Radware together eliminate the need for physically configuring switches in applications to provision anti-dos services. Also, this solution enables a customer to selectively pick the environments needing DoS security and even provides the flexibility to change security protection policies on demand. How it works 1. The DefenseFlow, in collaboration with the ProgrammableFlow controller, uses the OpenFlow protocol to monitor and collect packets and byte level statistics from all switches in the OpenFlow Network 2. The DefenseFlow uses the information to: a. Build the protected network traffic baselines. b. Compare real time network statistics with the stored baselines to determine abnormal traffic patterns. c. Upon anomaly detection determine if it is an attack or not. 3. Upon attack detection, the Anti-DoS Application calls the ProgrammableFlow controller to establish a traffic path that takes the suspected traffic through the DefensePro mitigation engine (path changed from [1] to [2] & [3]). 8
9 4. The DefensePro device starts immediately to clean the attack traffic using its multiple protection modules. The clean traffic only is forwarded to its destination. 5. Once the Anti-DoS Application determines the attack is over, it calls the ProgrammableFlow controller to revert the traffic path back to normal no need to divert traffic through DefensePro anymore. Fully-virtualized per-tenant Anti-DoS solution The integrated security SDN solution is a result of collaboration between NEC - delivering best of breed network virtualization and abstraction technologies; and Radware - delivering best of breed DoS & DDoS attack mitigation technologies. NEC s ProgrammableFlow Network provides VTNs a network and abstraction solution that enables business agility by aligning virtual network infrastructure with the data center virtualization trends while reducing networking costs significantly. The Anti-DoS service is a value-add service fully integrated into the ProgrammableFlow architecture. It is represented as a logical entity that is assigned per tenant network to the protected application servers. Once the DefenseFlow detects abnormal activity as an attack, it uses the ProgrammableFlow controller to divert the suspicious traffic to the DefensePro attack mitigation device to remove the attack traffic. The joint solution allows taking advantage of NEC s VTN configuration and visualization approach. The network manager can provision any VTN with a DoS protection service to select all or parts of the VTN s network objects. The Solution Advantages The Radware-NEC joint solution is the 1 st to market switch fabric infrastructure that includes an integrated DDoS protection solution. It allows the fabric itself to be secured and provision the DoS Protection service per network tenant. Shortest time to protect - By having almost near real-time packet statistics and dynamic traffic control, the solution achieves fast reaction to imminent attack traffic within seconds. High Availability - The DoS mitigation engine (DefensePro appliances) can be located in different network redundant locations in order to provide a fully redundant architecture that works in conjunction with the NEC VTNs. Scale with Traffic - Any service inserted into the network has to ensure that it can scale with ever increasing traffic volume. Diverting the suspicious traffic only to the DefensePro allows assigning multiple VTNs to the Anti-DoS service with the need to increase DefensePro capacity proportional to the aggregated traffic bandwidth of the assigned VTNs. Dynamic Service Provisioning - The DDoS attack mitigation service can be dynamically provisioned per VTN enabling operators to apply it as an on-demand service for their commercial offering. The provisioning does not require any manual configuration process and benefits from reduced complexity thanks to the abstraction of the network operations. Simplified Network Control - There are no complex requirements or additional overheads for route controls as found in other Netflow based and tunneling mechanisms. A fully Anti-DoS application integrated with ProgrammableFlow Control ensures a highly and efficiently coordinated network aware solution. Highly reduced costs the DefensePro attack mitigation device is a shared resource that is virtualized per tenant and used only when under attack. This means tremendous CapEx and OpEx savings when compared to standard inline or out-of-path DDoS mitigation solutions. In addition, using ProgrammableFlow's OpenFlow capabilities for statistics collection eliminates the need to have extra equipment as required by NetFlow based solutions. The solution provides the following unique advantages: Best DDoS protection solution - Radware s unique and field-proven DDoS protection technology together with NEC s rich experience in the server and networking markets, and its innovative first to market commercial OpenFlow products. 9
10 SECTION 4 Gartner: The Impact of Software-Defined Data Centers on Information Security Published: 16 October 2012 Analyst(s): Neil MacDonald Leading-edge enterprises' data centers are evolving to software-defined models of IT services that are decoupled from the hardware underneath. To support these shifts, information security services must evolve to become programmable and adaptive. Key Findings "Software-defined security" is the latest industry buzzword and, in reality, will involve a combination of hardware, software, APIs and automation. Security must evolve to support software-defined data centers in three areas: securing software-defined networking (SDN) initiatives, becoming SDN-aware and moving security intelligence to become softwaredefined. Security policies must shift from hardware-based attributes to logical and context-based attributes, such as applications, virtual machine (VM) identities, user or group identities, and sensitivity of content. The shift to software-defined security will favor vendors with software-based architectures that provide flexibility in where and how security policy enforcement takes place across software, hardware, virtual machines and cloud. Recommendations Enterprise security leaders: Pressure security vendors to support OpenFlow within SDN efforts and to be capable of understanding and inspecting SDN tunneling protocols. Switch to security policy architectures based on logical attributes and tags (including VM identities), and weight the ability to do this heavily as security infrastructure is replaced. Favor security vendors that open up their policy enforcement capabilities for external integration and orchestration via XML-based RESTful or JSON-based APIs, and integrate with leading cloud management platforms for orchestration. Design a security architecture that enables flexibility in the placement of policy enforcement points physical, virtual, software and cloud with a consistent architecture and policy management framework. What You Need to Know Enterprises are transforming their data centers and moving toward highly automated infrastructure support of on-demand delivery of IT services. To enable this, enterprises are decoupling IT services such as networking and storage from the hardware underneath via SDN and software-defined storage. Information security must evolve to support these initiatives, increasingly becoming software-defined, as well as to protect highly dynamic data centers and on-premises private clouds. Strategic Planning Assumptions By 2014, nine of the top 10 network security vendors will support OpenFlow. By 2017, 60% of enterprise private cloud deployments will automate the provisioning of information security controls. Analysis To speed the delivery of IT-enabled services to the business and support the shift toward cloud-based computing models, enterprises are transforming data centers into pools of dynamically allocatable compute, storage and networking resources. At the heart of this transformation is a shift to software-based management and definition of IT services (the "software-defined data center") and a decoupling from the hardware underneath for services such as compute, networking and storage. The goal is agility and speed within enterprise data centers by enabling applications to be quickly and transparently provisioned, moved and scaled as business requirements require across network segments, across data centers and potentially into the cloud without rearchitecting the network. For security, the primary goal must be to ensure that the appropriate security controls 10
11 automatically remain in place, regardless of where an application moves, whether on-premises or to public clouds, and without requiring rearchitecting security controls. The vision is not new. Software-based virtual switches in hypervisors are a proprietary (and virtual-only) precursor to software-defined networking. The evolution of the data center from virtualized workloads to private cloud infrastructure creates the same types of problems for information security. In 2010, Gartner research outlined six capabilities of information security needed to support the evolution of the data center in "From Secure Virtualization to Secure Private Clouds": 1 A set of on-demand and elastic services 2 Delivered by a programmable security infrastructure 3 Enforcing policies that are based on logical, not physical, attributes, and capable of incorporating runtime context into real-time security decisions 4 Creating adaptive trust zones that are capable of high-assurance separation of differing trust levels 5 Managed using a separately configurable security policy management and control plane 6 Supporting "federatable" security policy and identity The shift to software-defined data centers and the adoption of SDN will accelerate the need for the security capabilities above. In the short term, information security services must integrate and support this shift. Longer term, the same decoupling and shift must occur with information security services. Phase 1: Securing Software-Defined Data Centers The vision of a "software-defined data center" or "virtual data center" is one where all IT infrastructure (such as storage, networking and compute) is virtualized and delivered as a service and where the management model for these services is abstracted from being managed one box at a time to a policy-based, networkwide view. In some ways, the term "softwaredefined" is a misnomer as most IT services' intelligence has always been defined by software. The problem is that the implementation has been tied to physical infrastructure. By working with a management model that is independent of individual hardware, enterprises can configure new applications by policy to enable faster provisioning of IT services, according to business SLAs, independent of the underlying physical location of the services. This shift to software-based definitions of IT will affect all IT services delivered by hardware (networking, storage, servers and security) and can be collectively described as "SDx." SDN 1 is an example of a recent technology that is receiving a significant amount of market hype, with many networking vendors following, 2 especially those looking to use the disruption to take market share, such as HP. 3 Further, the Open Networking Foundation now has more than 70 members. 4 The hype has accelerated since VMware's reported bidding war and subsequent $1.26 billion acquisition of Nicira. The shift to SDN will involve the use of new softwarebased architectural elements (such as virtual network controllers) that must be protected, as well as the use of new protocols that must be protected and inspected (such as VXLAN). In addition, APIs to programmable infrastructure need to be protected from attack and abuse. To support Phase 1, enterprises must ensure their security infrastructure is able to: Decrypt, decode, inspect and re-encrypt, as necessary, new protocols (such as OpenFlow) and tunneling protocols (such as vcni, VXLAN, Nicira's STT and NVGRE) to provide security inspection and protection. Protect the APIs exposed by the programmable IT infrastructure for example, RESTful or JSON-based interfaces to programmable storage, network and security devices. These APIs need strong authentication and authorization, as well as protection from denial-of-service attacks, malformation, tampering and XML poisoning. Ensure trust and integrity of the communications between the controllers and the elements they control for example, authentication, authorization, and the use of digital signatures and encryption of the traffic. Enforce separation of duties at the policy orchestration consoles (typically using role-based access controls on orchestration functions) between network operations, 11
12 storage and information security as required by policy. Provide auditing, logging and monitoring of policy change events. Protect the software-based intelligent controllers, such as the controllers used in Open vswitch, 5 using a combination of network- and host-based security controls. Use encryption and digital signatures on logical objects and their associated metadata and tags as they are moved within the network, such as VMs, storage blocks and policies. Separate the security and management control plane network from the operational network to enable tighter access control restrictions. Phase 2: Integrating With the Software-Defined Infrastructure Information security controls must become aware of changes in the infrastructure around them. At its core, information security policies define connectivity what users and groups should be able to connect to which types of applications (and, likewise, which should not). Any shift to software-defined infrastructure is incomplete without the enforcement of security policy compliance in terms of connectivity. SDN defines network topology and will overlap with traditional Layer 2 and Layer 3 information security controls that define connectivity rules. Because each SDN group can have its own logical network, using routers or firewalls to enforce segmentation at Layer 3 becomes an outdated concept, since tunnel endpoints can perform the cross-subnet mapping and packet formatting. This will affect the placement of security controls and threaten basic segmentation and control services from traditional security vendors as SDN subsumes the role of creating logical separation. However, information security services perform Layer 3 to Layer 7 services that SDN will not address, such as malware inspection, application control and application firewalling the types of services that next-generation firewalls, application firewalls and secure Web gateways perform (see Note 1). Here, SDN and information security services must integrate and communicate with the network controller to: Understand which tunnels to terminate and inspect, which specific traffic streams within this to inspect, and what policies to apply to each stream. Ensure appropriate routing of network traffic streams to security policy enforcement points for inspection, and to ensure this protection is maintained as these resources move within the data center fabric. Incorporate context awareness into real-time information security decisions, such as reputation, threat context, location and time of day (see "The Future of Information Security Is Context Aware and Adaptive"). Instruct the network controller to redirect traffic, based on the security policy and current context. To enable this, enterprises should ensure that the next generation of information security services explicitly integrate with, communicate with and understand SDN. As infrastructure becomes more adaptive, information security policy enforcement must also become adaptive. For example, it could automatically reroute traffic around a quarantined VM, or automatically add an additional security control, such as intrusion prevention system (IPS) inspection, based on the context of the current threat environment. For Phase 2, ideally, the information security infrastructure would support these capabilities: Support SDN awareness and integration via protocols such as OpenFlow. Enforce context-aware security policies, such as application, identity and content awareness (see "The Future of Information Security Is Context Aware and Adaptive"). Base policies on logical, not physical, attributes. Automate and externally orchestrate policy enforcement configuration via RESTful or JSON APIs. Ensure linkages into orchestration systems, such as VMware's vcloud Director, HP's Cloud Service Automation, Citrix CloudStack, OpenStack and other emerging cloud management platforms, for automated security policy enforcement provisioning. In an earlyadopter example, Intuit reduced the time to secure a workload being provisioned from three weeks to 30 minutes. 6 12
13 Security Doesn't Have to All Move to Software (It Just Helps) A common misconception with the shift to softwaredefined security (SDSec) is that all security controls must move to software. There are cases where this makes sense, and cases where it does not. The security data plane (where packets and flows are inspected) can benefit from the processing power of hardware-based inspection. Like SDN, hardware has a role to play in SDSec, especially when high throughput is needed. However, there are cases where SDSec policy enforcement is useful, such as: To scale out (as opposed to hardware scale-up) and parallelize the enforcement of security controls. To potentially reduce the cost, as compared with the use of physical appliances (see Note 2). To speed the provisioning of security controls by making their provisioning as easy as provisioning a new VM. To enable flexible placement of security controls. For example, as most data center appliances shift to standardized hardware, the security controls may be placed onto the infrastructure platforms for example, embedded within a storage array or as a software blade in a router. Another example would be placement within the SDN controller. This was the case in the varmour Networks example, 7 where the SDSec control was placed on the Apache Floodlight OpenFlow controller, and in the case with HP, 8 where the SDSec control was placed on HP's SDN controller. To provide visibility into blind spots, such as inter-vm communications, without requiring all traffic to be routed to physical appliances. Phase 3: Evolving Into Software-Defined Security In Phase 3, information security itself will evolve to become software-defined, where, like SDN, the management model for security services is abstracted from being managed one box at a time to a policy-based, networkwide view. This enables security policies to be broadly and logically defined, such as "all Payment Card Industry (PCI)-related applications require this type of stateful inspection and this level of intrusion prevention protection," and these policies to be enforced as new PCI-related workloads are provisioned, removed, scaled out or moved without individual security appliances having to be reprogrammed. In Phase 3, these capabilities should be supported: Separation of the security management plane from the security data plane. Emergence of software-based "security controllers" 9 that optimize the protection of security flow, based on policies, bandwidth, performance and SLA requirements. Shift to managing security policies in the security management plane on a networkwide basis, not individual security policy enforcement points. Vendors providing virtual appliances at feature parity with their hardware-based counterparts to enable dynamically provisioning security controls when or where needed, as easily as a new VM is provisioned. Security policy enforcement in the security data plane to be performed in physical appliances, virtual appliances or any combination of these. The security controller makes the decision as to the number and optimal placement of security policy enforcement points, based on the current context. Bidirectional integration with other software-defined data center elements so that these become aware of the current threat environment and current attacks, and can adjust resources accordingly to ensure service levels are maintained. 10 Changes in information security skills, with a focus on aligning with the business and defining appropriate policies according to risk, not programming the security infrastructure. Like SDN, the result of SDSec is a system where the security policies can be managed holistically and enforced independent of the physical network topology, physical location of the security controls, across physical and virtual environments, and ideally as standards slowly emerge for the expression and exchange of security policy independent of the brand of the security equipment used. 13
14 Bottom Line Looking beyond the hype around "software-defined," enterprises must evolve information security to support increasingly dynamic and adaptive data centers. Even if the enterprise's virtualized data center is using only proprietary virtual switches, changes in security will be needed as applications become more mobile. If SDN initiatives are planned, information security professionals should coordinate with networking teams to securely support these initiatives, and require their security infrastructure vendors to become SDx-aware via direct protocol support and integration. Longer term, adaptive security infrastructure will become driven by models defined in software "software-defined security," providing increased protection from emerging threats and faster support of changing business and regulatory requirements. Tactical Guidelines The shift to software-defined "X" (networking, storage and security) is in its infancy. Don't overreact to the hype. Very real changes are needed in information security to support the virtualization of the data center and the shift to on-premises private cloud computing models. Use the three phases outlined in this research as a road map. Even if SDx isn't planned, require security infrastructure vendors to become virtualization-aware understanding VM tagging and virtualization events, such as live migration and integrating into virtualization management platforms. Protect the new control planes and new protocols that are introduced with software-defined data centers. Coordinate with the data center networking team on its plans for SDN specifically: Require information security vendors to protect and decode emerging tunneling protocols. Require information security vendors to implement and integrate with SDN policy communication protocols, such as OpenFlow. Plan on a phased approach to implementing softwaredefined security: Phase 1 Ensure the software-defined initiatives of other groups are properly secured. Phase 2 Look for integration between the information security infrastructure and other SDx initiatives. Phase 3 Longer term, expect further transformation of information security to become software-defined itself. The shift to SDx has the potential to generate organizational disruption. Begin to integrate server, network and storage teams, and make information security an integral part of these teams from the beginning. Recommended Reading "Addressing the Most Common Security Risks in Data Center Virtualization Projects" "From Secure Virtualization to Secure Private Clouds" "DevOpsSec: Creating the Agile Triangle" "The Future of Information Security Is Context Aware and Adaptive" "Emerging Technology Analysis: OpenFlow" "Hype Cycle for Virtualization, 2012" "Open Networking Foundation Formed; The Battle to Commoditize Network Hardware Begins" "Hype Cycle for Networking and Communications, 2012" "Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure" Evidence 1 "Software-Defined Networking: The New Norm for Networks," Open Networking Foundation, 13 April "In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralized, and the underlying network infrastructure is abstracted from the applications. As a result, enterprises and carriers gain unprecedented programmability, automation, and network control, enabling them to build highly scalable, flexible networks that readily adapt to changing business needs." 2 Many networking vendors are moving forward with SDN enablement with OpenFlow. In 2011 and 2012 at Interop and other venues, multiple vendors have demonstrated interoperable OpenFlow-based networking gear, including Extreme Networks, HP, Netgear, Pronto Networks, IBM, NEC, Juniper Networks and Citrix. Further, Big Switch Networks provides open-source firmware that helps these vendors to become OpenFlow-enabled. 3 J. Rath, "HP Launches Comprehensive SDN Portfolio," Data Center Knowledge, 3 October
15 4 Open Networking Foundation. "The Open Networking Foundation (ONF) is a non-profit consortium dedicated to the transformation of networking through the development and standardization of a unique architecture called Software- Defined Networking (SDN), which brings direct software programmability to networks worldwide. The mission of the Foundation is to commercialize and promote SDN and the underlying technologies as a disruptive approach to networking that will change how virtually every company with a network operates." 5 Open vswitch. 6 At VMworld 2012, a case study on Intuit's use of software-defined security was presented. Intuit had already moved to a "private cloud" model using a self-service user portal interface on top of a highly virtualized data center. However, while users could request a VM and have it provisioned within 30 minutes, the additional changes required for security and network infrastructure took an additional three weeks for the VM to be placed into production. To solve the problem, Intuit shifted to a model where a flat network was used to host pools of allocatable compute and storage. It used VMware's distributed virtual switch to enable an early form of a software-defined network. It used VMware's vshield App and vshield Edge for application and edge firewalling services. For the cloud management platform orchestration services, it used VMware's vcloud Director, where Intuit developed several blueprint templates that were used to automatically assign security policies to VMs as they were created. Three templates were developed one for the Web-tier workloads, one for application-tier workloads and one for database-tier workloads. Each template contained definitions (recipes) for the VM configuration, storage, access controls and network topology. As requested, VMs were deployed into a physically flat network that was automatically allocated, using a combination of SDN and software-defined security to logically carve out what customers needed, according to the policy requirements defined in the templates. 7 At the Open Networking Foundation's conference in June 2012, varmour Networks gave a demonstration of its beta OpenFlow-enabled network security offering. In the demonstration, varmour's Application Security Gateway (ASG) deep-packet-inspection-capable software was deployed as a plug-in to Apache Floodlight's OpenFlow-enabled network controller platform. As a plugin to Floodlight, the varmour ASG became part of the OpenFlow fabric. Further, by natively supporting OpenFlow, the ASG security appliance supports dynamic network topologies. In the demonstration, the ASG detected an unauthorized rogue application being sent from a Web server being monitored. As a result, the server was determined to be infected, and the ASG notified a BigSwitch controller (a network switch vendor supporting OpenFlow). The BigSwitch controller then modified the forwarding rules to place the infected server in quarantine and redirected traffic to an alternative server. This isolated the infection in real time without affecting users of the system. 8 In 2012, HP demonstrated an early release of its SDSec module, Sentinel, running as a module in its Virtual Application Networks SDN Controller. This integration has been used by the cable TV network HBO to protect users from navigating to low-reputation sites. Here, the OpenFlow-enabled HP switch receives the users' DNS query and sends the traffic to the HP Virtual Application Networks SDN Controller, based on an OpenFlow rule. Once the SDN controller receives the query, the Sentinel application service running on the SDN controller intercepts the request and checks the host name against the HP TippingPoint DVLabs Reputation Digital Vaccine (DV) reputation database. If the site has a high reputation, the query is forwarded normally across the access layer switch. If the site has a low reputation, the address is not resolved for the client, the user is prevented from accessing the threat and the action is logged with ArcSight. 10 In 2012, Radware and NEC announced a joint solution integrating Radware's Attack Mitigation System (providing denial-of-service, network behavioral analysis, IPS, reputation engine and Web application firewall protection) into NEC's ProgrammableFlow OpenFlow-based switches and controller. Combined, the integrated security and SDN capabilities deliver a network-security-aware and application-security-aware network that dynamically adapts security protection resources, based on context, such as the current threat environment and traffic volumes. By integrating with NEC's programmable SDN, Radware can more rapidly provision network security resources and services. The integration is bidirectional. Radware provides application-specific security intelligence back to NEC that may impact network, application and security SLAs. Note 1 What Types of Security Services Are Needed? Examples of the types of security services that could be provided: Separation or segmentation Basic stateful firewalling Packet inspection Flow analysis Intrusion detection Intrusion prevention Application identification Application control Identity identification Content inspection Sensitive data identification Malware detection Content detonation Content protection Encryption Tokenization Obfuscation or masking Digital signatures Certificate verification Reputation look-up services Tunnel termination Network address translation Monitoring, logging and alerting URL filtering and reputation services IP geolocation, filtering and reputation services Note 2 Example of a Software-Based Virtual Appliance An SDN pilot deployment wrote its own "security controller" application to distribute network traffic across a number of software-based Snort VMs for intrusion detection services. Even though software-based inspection is slower, by distributing and parallelizing the load, it was able to ensure inspection without performance degradation and at a lower cost, as compared with using hardware-based appliances. 9 For example, NetCitadel (currently in stealth mode) is planning a softwarebased virtual appliance that acts as a form of a security controller in early
16 Take control of your network. NEC ProgrammableFlow Network Virtualization: Enterprise-class SDN Today A more efficient and flexible network that speeds service delivery, providing: Improved network utilization and efficiencies that drive dramatic cost savings Automated network management and provisioning speed time to market Unified business and security policy applied network-wide, with granular control Backed by a 100-year history of technology innovation, NEC helps customers improve performance and solve their toughest IT challenges. See why ProgrammableFlow won Grand Prize at Interop Learn more at NEC Corporation of America. All rights reserved. NEC Corporation 7-1, Shiba 5-Chome, Minato-Ku, Tokyo , Japan Website: Contact: pflow-international@prg.jp.nec.com Companies and names of products and services shown are trademarks or registered trademarks of their respective companies. All rights reserved. Solution Force is published by NEC. Additional editorial material supplied by Gartner Inc Editorial supplied by NEC is independent of Gartner analysis and in no way should this information be construed as a Gartner endorsement of NEC products and services. Entire contents 2013 by Gartner Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.
SHARE THIS WHITEPAPER
Denial-of-Service (DoS) Secured Virtual Tenant Networks (VTN) Value-added DoS protection as a service for Software Defined Network (SDN) a solution paper by Radware & NEC Corporation of America Whitepaper
More informationFrom Secure Virtualization to Secure Private Clouds
From Secure Virtualization to Secure Private Clouds Gartner RAS Core Research Note G00208057, Neil MacDonald, Thomas J. Bittman, 13 October 2010, RV2A108222011 As enterprises move beyond virtualizing their
More information2013 ONS Tutorial 2: SDN Market Opportunities
2013 ONS Tutorial 2: SDN Market Opportunities SDN Vendor Landscape and User Readiness Jim Metzler, Ashton, Metzler & Associates Jim@ashtonmetzler.com April 15, 2013 1 1 Goals & Non-Goals Goals: Describe
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationWhat is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates
What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates 1 Goals of the Presentation 1. Define/describe SDN 2. Identify the drivers and inhibitors of SDN 3. Identify what
More informationThe Road to SDN: Software-Based Networking and Security from Brocade
WHITE PAPER www.brocade.com SOFTWARE NETWORKING The Road to SDN: Software-Based Networking and Security from Brocade Software-Defined Networking (SDN) presents a new approach to rapidly introducing network
More informationNetwork Services in the SDN Data Center
Network Services in the SDN Center SDN as a Network Service Enablement Platform Whitepaper SHARE THIS WHITEPAPER Executive Summary While interest about OpenFlow and SDN has increased throughout the tech
More informationSINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER
SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER JOINT SDN SOLUTION BY ALCATEL-LUCENT ENTERPRISE AND NEC APPLICATION NOTE EXECUTIVE SUMMARY Server
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationDebunking the Myths: An Essential Guide to Software-Defined Networking April 17, 2013
Copyright 2013 Vivit Worldwide Debunking the Myths: An Essential Guide to Software-Defined Networking April 17, 2013 Brought to you by Vivit Cloud Builders Special Interest Group (SIG) Jim Murphy Cloud
More informationSoftware-Defined Networking. Starla Wachsmann. University Of North Texas
Running head: Software-Defined Networking (SDN) Software-Defined Networking Starla Wachsmann University Of North Texas What is Software-Defined Networking? Software-Defined Networking has one consistent
More informationSDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationCloud, SDN and the Evolution of
Cloud, SDN and the Evolution of Enterprise Networks Neil Rickard Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationEmbrace SDN the Future of Networking is Here
Embrace SDN the Future of Networking is Here Chris Thompson; thompson.chris@hp.com Solution Architect, HP Networking Minneapolis, MN Jeff Dietsche Infrastructure Manager South Washington Public Schools
More informationIntroduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
More informationVirtual Application Networks Innovations Advance Software-defined Network Leadership
Virtual Application Networks Innovations Advance Software-defined Network Leadership Simplifying, Scaling and Automating the Network Bethany Mayer Senior Vice President and General Manager HP Networking
More informationADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY
ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect
More informationSOFTWARE DEFINED NETWORKING
SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology
More informationFrom Secure Virtualization to Secure Private Clouds
Research Publication Date: 13 October 2010 ID Number: G00208057 From Secure Virtualization to Secure Private Clouds Neil MacDonald, Thomas J. Bittman As enterprises move beyond virtualizing their data
More informationNew Virtual Application Networks Innovations Advance Software-defined Network Leadership
New Virtual Application Networks Innovations Advance Software-defined Network Leadership Simplifying, Scaling and Automating the Network Gartner Hype Cycle 10 Year Cycle 2008 2011 2012 2 Source: Gartner
More informationCisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments
Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer
More informationWhite Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More informationA Look at the New Converged Data Center
Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable
More informationNetwork Virtualization Solutions - A Practical Solution
SOLUTION GUIDE Deploying Advanced Firewalls in Dynamic Virtual Networks Enterprise-Ready Security for Network Virtualization 1 This solution guide describes how to simplify deploying virtualization security
More informationA Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.
A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC September 18, 2014 Charles Sun www.linkedin.com/in/charlessun @CharlesSun_ 1 What is SDN? Benefits
More informationWhite Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com
SDN 101: An Introduction to Software Defined Networking citrix.com Over the last year, the hottest topics in networking have been software defined networking (SDN) and Network ization (NV). There is, however,
More informationVMware vcloud Networking and Security
VMware vcloud Networking and Security Efficient, Agile and Extensible Software-Defined Networks and Security BROCHURE Overview Organizations worldwide have gained significant efficiency and flexibility
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R O r a c l e V i r t u a l N e t w o r k i n g D e l i v e r i n g F a b r i c
More informationCoIP (Cloud over IP): The Future of Hybrid Networking
CoIP (Cloud over IP): The Future of Hybrid Networking An overlay virtual network that connects, protects and shields enterprise applications deployed across cloud ecosystems The Cloud is Now a Critical
More informationREMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION
REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationCENTER I S Y O U R D ATA
I S Y O U R D ATA CENTER R E A DY F O R S D N? C R I T I C A L D ATA C E N T E R C O N S I D E R AT I O N S FOR SOFT WARE-DEFINED NET WORKING Data center operators are being challenged to be more agile
More informationVIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers
VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers Why it s unique The Nuage Networks VSP is the only enterprise and service provider-grade SDN platform that:
More informationSoftware-Defined Networks Powered by VellOS
WHITE PAPER Software-Defined Networks Powered by VellOS Agile, Flexible Networking for Distributed Applications Vello s SDN enables a low-latency, programmable solution resulting in a faster and more flexible
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationDesigning Virtual Network Security Architectures Dave Shackleford
SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R D e s i g n i n g a n d B u i l d i n g a D a t a c e n t e r N e t w o r k :
More informationTop 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models
G00237716 Top 10 Technology Trends, 2013: Cloud Computing and Hybrid IT Drive Future IT Models Published: 6 February 2013 Analyst(s): David W. Cearley, Donna Scott, Joe Skorupa, Thomas J. Bittman Cloud
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationSuccessfully Deploying Globalized Applications Requires Application Delivery Controllers
SHARE THIS WHITEPAPER Successfully Deploying Globalized Applications Requires Application Delivery Controllers Whitepaper Table of Contents Abstract... 3 Virtualization imposes new challenges on mission
More informationHow OpenFlow -Based SDN Transforms Private Cloud. ONF Solution Brief November 27, 2012
How OpenFlow -Based SDN Transforms Private Cloud ONF Solution Brief November 27, 2012 Table of Contents 2 Executive Summary 2 Trends in the Private Cloud 3 Network Limitations and Requirements 4 OpenFlow-Based
More informationBoosting Business Agility through Software-defined Networking
Executive Summary: Boosting Business Agility through Software-defined Networking Completing the last mile of virtualization Introduction Businesses have gained significant value from virtualizing server
More informationTesting Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES
Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...
More informationNetwork Virtualization Solutions
Network Virtualization Solutions An Analysis of Solutions, Use Cases and Vendor and Product Profiles October 2013 The Independent Community and #1 Resource for SDN and NFV Tables of Contents Introduction
More informationTesting Challenges for Modern Networks Built Using SDN and OpenFlow
Using SDN and OpenFlow July 2013 Rev. A 07/13 SPIRENT 1325 Borregas Avenue Sunnyvale, CA 94089 USA Email: Web: sales@spirent.com www.spirent.com AMERICAS 1-800-SPIRENT +1-818-676-2683 sales@spirent.com
More informationBusiness Case for Open Data Center Architecture in Enterprise Private Cloud
Business Case for Open Data Center Architecture in Enterprise Private Cloud Executive Summary Enterprise IT organizations that align themselves with their enterprise s overall goals help the organization
More informationDeliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath
Citrix NetScaler for Cisco Nexus 1000v White Paper Deliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath
More informationTransform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure
White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure
More informationTransforming the Network to Seize Business Advantage. Don Clark Director of Business Development & Strategy NEC Corporation of America
Transforming the Network to Seize Business Advantage Don Clark Director of Business Development & Strategy NEC Corporation of America 1 Focus Today Network Challenges for Data Centers and Distribution
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More informationIT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery
IT Infrastructure Services White Paper Utilizing Software Defined Network to Ensure Agility in IT Service Delivery About the Author Siddhesh Rane Siddhesh Rane is a Technical Architect and part of the
More informationRethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization
Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization Neil MacDonald VP and Gartner Fellow Gartner Information Security, Privacy and Risk Research Twitter @nmacdona
More informationUse Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION
Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Cloud Management Software can coordinate and automate server, network, and storage operations within the modern datacenter. This brief describes how
More informationSDN Security Considerations in the Data Center. ONF Solution Brief October 8, 2013
SDN Security Considerations in the Data Center ONF Solution Brief October 8, 2013 Table of Contents 2 Executive Summary 3 SDN Overview 4 Network Security Challenges 6 The Implications of SDN on Network
More informationMeeting the Challenges of Virtualization Security
Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationWedge Networks: Transparent Service Insertion in SDNs Using OpenFlow
Wedge Networks: EXECUTIVE SUMMARY In this paper, we will describe a novel way to insert Wedge Network s multiple content security services (such as Anti-Virus, Anti-Spam, Web Filtering, Data Loss Prevention,
More informationHow OpenFlow-based SDN can increase network security
How OpenFlow-based SDN can increase network security Charles Ferland, IBM System Networking Representing the ONF ferland@de.ibm.com +49 151 1265 0830 Important elements The objective is to build SDN networks
More informationBusiness Cases for Brocade Software-Defined Networking Use Cases
Business Cases for Brocade Software-Defined Networking Use Cases Executive Summary Service providers (SP) revenue growth rates have failed to keep pace with their increased traffic growth and related expenses,
More informationOracle SDN Performance Acceleration with Software-Defined Networking
Oracle SDN Performance Acceleration with Software-Defined Networking Oracle SDN, which delivers software-defined networking, boosts application performance and management flexibility by dynamically connecting
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
W H I T E P A P E R A p p l i c a t i o n D e l i v e r y f o r C l o u d S e r v i c e s : C u s t o m i z i n g S e r v i c e C r e a t i o n i n V i r t u a l E n v i r o n m e n t s Sponsored by: Brocade
More informationHow To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan
Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches
More informationSimplifying Virtual Infrastructures: Ethernet Fabrics & IP Storage
Simplifying Virtual Infrastructures: Ethernet Fabrics & IP Storage David Schmeichel Global Solutions Architect May 2 nd, 2013 Legal Disclaimer All or some of the products detailed in this presentation
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationTaking the Open Path to Hybrid Cloud with Dell Networking and Private Cloud Solutions
Taking the Open Path to Hybrid Cloud with Dell Networking and Private Cloud Solutions In This Paper Frequently, the network is the stumbling point to cloud adoption SDN offers a more dynamic, virtualized
More informationImplementing Software- Defined Security with CloudPassage Halo
WHITE PAPER Implementing Software- Defined Security with CloudPassage Halo Introduction... 2 Implementing Software-Defined Security w/cloudpassage Halo... 3 Abstraction... 3 Automation... 4 Orchestration...
More informationU s i n g S D N - and NFV-based Servi c e s to M a x i m iz e C SP Reve n u e s a n d I n c r e ase
I D C T E C H N O L O G Y S P O T L I G H T U s i n g S D N - and NFV-based Servi c e s to M a x i m iz e C SP Reve n u e s a n d I n c r e ase Operational Efficiency March 2013 Adapted from Will New SDN
More informationJuniper Solutions for Turnkey, Managed Cloud Services
Juniper Solutions for Turnkey, Managed Cloud Services Three use cases for hosting and colocation service providers looking to deliver massively scalable, highly differentiated cloud services. Challenge
More informationPluribus Netvisor Solution Brief
Pluribus Netvisor Solution Brief Freedom Architecture Overview The Pluribus Freedom architecture presents a unique combination of switch, compute, storage and bare- metal hypervisor OS technologies, and
More informationvsrx Services Gateway: Protecting the Hybrid Data Center
Services Gateway: Protecting the Hybrid Data Center Extending Juniper Networks award-winning security products to virtualized, cloud-based, and hybrid IT environments Challenge Virtualization and cloud
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationJUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service
More informationA Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks
A Coordinated Virtual Infrastructure for SDN in Enterprise Networks Software Defined Networking (SDN), OpenFlow and Application Fluent Programmable Networks Strategic White Paper Increasing agility and
More informationHow Network Virtualization can improve your Data Center Security
How Network Virtualization can improve your Data Center Security Gilles Chekroun SDDC, NSX Team EMEA gchekroun@vmware.com 2014 VMware Inc. All rights reserved. Security IT spending Security spending is
More informationHOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES
HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES Brian Levy CTO SERVICE PROVIDER SECTOR EMEA JUNIPER NETWORKS CIO DILEMA IT viewed as cost center
More informationSoftware Defined Network (SDN)
Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario
More informationSimplified Private Cloud Management
BUSINESS PARTNER ClouTor Simplified Private Cloud Management ClouTor ON VSPEX by LOCUZ INTRODUCTION ClouTor on VSPEX for Enterprises provides an integrated software solution for extending your existing
More informationHow to Plan for Network Virtualization and SDN
How to Plan for Network Virtualization and SDN Authored by Sponsored in part by Table of Contents Introduction...3 Crafting an NV and/or SDN Plan...3 Define NV and SDN... 3 Identify the Primary Opportunities...
More informationSoftware Defined Networking - a new approach to network design and operation. Paul Horrocks Pre-Sales Strategist 8 th November 2012
Software Defined Networking - a new approach to network design and operation Paul Horrocks Pre-Sales Strategist 8 th November 2012 Agenda What is Software Defined Networking What is the value of Software
More informationSmart Network. Smart Business. Alteon NG Solution Brochure
Smart Network. Smart Business. Alteon NG Solution Brochure Alteon NG, Radware s next-generation application delivery controller (ADC), is designed from the ground up to ensure predictable application
More informationSikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking
Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges
More informationSDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility
WHITEPAPER SDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility Copyright 2014 Meru Networks, Inc. All rights reserved. Table of Contents Executive summary... 3 Introduction...
More informationBRINGING NETWORKS TO THE CLOUD ERA
BRINGING NETWORKS TO THE CLOUD ERA SDN enables new business models Aruna Ravichandran VICE PRESIDENT, MARKETING AND STRATEGY ARAVICHANDRAN@JUNIPER.NET SOFTWARE DEFINED NETWORKING (SDN), JUNIPER NETWORKS
More informationSOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Disaster Recovery
SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Disaster Recovery www.citrix.com Contents Introduction... 3 Fitting Disaster Recovery to the Cloud... 3 Considerations for Disaster Recovery
More informationUse Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION
Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION At many enterprises today, end users are demanding a powerful yet easy-to-use Private
More informationSoftware Defined Networking (SDN)
Software Defined Networking (SDN) Your Route to Agility, Accuracy and Availability Bob Shaw, President and CEO, Net Optics, Inc. About the Author Bob Shaw, President and CEO, Net Optics Inc. As President
More informationAccelerating Micro-segmentation
WHITE PAPER Accelerating Micro-segmentation THE INITIAL CHALLENGE WAS THAT TRADITIONAL SECURITY INFRASTRUCTURES WERE CONCERNED WITH SECURING THE NETWORK BORDER, OR EDGE, WITHOUT BUILDING IN EFFECTIVE SECURITY
More informationWHITE PAPER. Data Center Fabrics. Why the Right Choice is so Important to Your Business
WHITE PAPER Data Center Fabrics Why the Right Choice is so Important to Your Business Introduction Data center fabrics are emerging as the preferred architecture for next-generation virtualized data centers,
More informationSecure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
More informationDelivering Managed Services Using Next Generation Branch Architectures
Delivering Managed Services Using Next Generation Branch Architectures By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Versa Networks Executive Summary Network architectures for the WAN
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More informationRadware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical
Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation
More informationMock RFI for Enterprise SDN Solutions
Mock RFI for Enterprise SDN Solutions Written By Sponsored By Table of Contents Background and Intended Use... 3 Introduction... 3 Definitions and Terminology... 7 The Solution Architecture... 10 The SDN
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationSimplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015
Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?
More informationBROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK. Gustavo Barros Systems Engineer Brocade Brasil
BROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK Gustavo Barros Systems Engineer Brocade Brasil Software- Defined Networking Summary Separate control and data planes Networks are becoming: More programmatic
More informationSecuring the Virtualized Data Center With Next-Generation Firewalls
Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks
More information