Deploying Advanced Firewalls in Dynamic Virtual Networks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Deploying Advanced Firewalls in Dynamic Virtual Networks"

Transcription

1 SOLUTION GUIDE Deploying Advanced Firewalls in Dynamic Virtual Networks Enterprise-Ready Security for Network Virtualization 1

2 This solution guide describes how to simplify deploying virtualization security and network virtualization with Palo Alto Networks next-generation firewalls and the Big Virtual Switch application from Big Switch Networks. The combination of Dynamic Address Objects and the XML Management API in the Palo Alto Networks operating system (PAN-OS), and the northbound API exposed by Big Network Controller and Big Virtual Switch, enable network engineers and security administrators to automate the definition and management of security policies. This solution reduces the complexity of data center configuration, avoids repetitive and manual configuration changes and enables staff to become more productive by automating the tasks required to roll out new workloads or to secure existing deployments. The solution leverages programmability available in next-generation firewalls and the Network Application platform from Big Switch Networks, Big Network Controller, to make your data center network programmable: unified, flexible, and more cost effective. Table of Contents The Challenge and Promise of Cloud Networks... 3 Next Generation Firewalls in Virtual Networks... 4 RESTful Interfaces and Dynamic Objects... 5 Under The Hood... 6 Generate a Key... 6 List the current mappings... 7 Update the mapping for dynamic object... 7 Unified. Flexible. Open... 8 About Big Switch Networks

3 The Challenge and Promise of Cloud Networks Big Virtual Switch, a network virtualization application from Big Switch Networks, makes your network as agile and dynamic as your other cloud infrastructure. To extract the value of private clouds, you must embrace automation. Significant degrees of automation have been achieved in compute and storage deployment and operations. The same cannot be said of networks. Network virtualization has lagged behind other technologies in the data center and has posed a barrier to delivering a truly virtual data center. The network now poses a productivity barrier because the output of automated compute deployment tools is often held up by the need for network change orders to be completed manually. Big Virtual Switch, a network virtualization application from Big Switch Networks provides a solution to these challenges. Big Virtual Switch, a network virtualization application from Big Switch Networks, makes your network as agile and dynamic as your public cloud infrastructure. The solution supports existing physical systems, including firewall appliances, and can program both physical and virtual switches to meet the requirements of application instances. Big Virtual Switch can integrate with next generation firewalls, enabling the networking and security teams to work more efficiently. Big Virtual Switch delivers a degree of automation that was once thought impossible to achieve, enabling the use of abstractions to pool resources and providing a robust implementation for programming the network while cleanly separating the network engineering duties from other tasks. Instead of using traditional static network configuration constructs like VLANs and subnets that can t scale to the needs of private clouds, Big Virtual Switch delivers a flexible, unified, and dramatically more efficient approach to scaling data center networks for cloud deployments. The combination of Palo Alto Networks next-generation firewalls and Big Virtual Switch solves the challenges of securing virtual workloads with virtual networks, enabling enterprises to reap the benefits of a private cloud while simultaneously reducing risk and simplifying network operations. Big Virtual Switch Northbound API Open Source Core Big Network Controller Open Flow vswitches Open Flow vswitches Figure 1: Big Network Controller has at its core, the open-source SDN controller, Floodlight, which is Apache licensed. Often, to accommodate the limitations of device-oriented networks and the risk of manual change orders, traditional networks must move slowly, tracking each modification with rigorous change control and tying the network design to physical systems and their associated application workloads. For example, tying a VLAN and a subnet to an application 3

4 and then configuring those network properties directly into devices defeats the very purpose of server virtualization and cloud architectures. These designs are optimized to limit configuration errors and fix the settings to avoid an outage and to simplify the burden of maintaining compliance with regulations that require traffic isolation and other security policy enforcement. For example, in a traditional design, a VLAN is often coupled to a subnet and that subnet might be coupled to a specific rack or a set of racks and networking systems. Such configurations result in inflexible architectures that are slow to respond to business needs, slowing application ramp times due to personnel constraints or due to the costs required to build out all the systems required for an application. Big Virtual Switch solves these problems, driving the benefits of virtualization and automation into the network. With Big Virtual Switch, the underlying network can be dynamically and automatically sliced into segments according to corporate security and compliance policies. Network engineers don t have to work a task list with dozens of tasks associated with each new workload request. Application teams don t have to work within the constraints of a traditional network or learn everything it takes to engineer a truly scalable network. Next Generation Firewalls in Virtual Networks In concept, securing applications in virtual datacenters is much the same as in a traditional environment. A security policy needs to be defined taking into consideration the applications being accessed, the access control policies by user, and the appropriate threat protection framework. Compute virtualization and network virtualization, introduce some differences. The dynamic nature of virtual machines and the fact that machines and workloads with different trust levels can be co-located on the same physical servers and physical networks, introduces the need for visibility into the virtualized environment, in particular the need to inspect intra-host communications. The security solution must also support the highly dynamic nature of adds, changes, and moves within virtual data center while ensuring that the data center is protected against known and unknown threats. This means the ability to protect against known threats via IPS, anti-malware and anti-botnet support, and unknown threats via sandbox analysis of suspicious files. In addition, the ability to address remotely exploitable hypervisor vulnerabilities must be supported. Northbound API Big Network Controller App1 App2 App3 HYPERVISOR Figure 2: In a virtual data center, the updates to the network must be kept in synch with the network security policies. Updating these policies manually burdens security administrators with extra work and risks that an inconsistency could put risk a breach or cause an outage. 4

5 The Palo Alto Networks next-generation firewall addresses the network security requirements of virtual data centers while Big Virtual Switch delivers the network segmentation and workload isolation required to support network virtualization. The high rate of change in virtual networks, however, makes it difficult to integrate these systems manually. Open Software Defined Networking enables these systems to communicate and modify state based on changes in the network without requiring direct management of these systems at their respective consoles. This Open SDN integration enables the network and security policy to be as agile as the cloud systems and the applications and workloads that are deployed through systems such as OpenStack. By combining the network security systems and the network virtualization systems in a coordinated fashion, the process of provisioning the network and the required security policy can be transformed from a manual, slow and error-prone task that delays deployments into a seamless process that is simultaneously more efficient and more secure. Network virtualization and integration with next-generation firewalls via an Open SDN solution speed the response of the network to application requests and simplify security in a virtual data center. The key element of solution is the automated association of virtual network properties with security policies. As virtual machines are instantiated and moved within and across data centers, these changes need to be reflected in the security systems and enforced without requiring any manual configuration whatsoever. Automating this process protects applications and workloads from unauthorized access and from threats and enables network security systems to move as quickly as network virtualization and cloud computing systems, meeting business demands without delays and without risking non-compliance with regulatory mandates. RESTful Interfaces and Dynamic Objects Using the XML Management API available from Palo Alto Networks in conjunction with the northbound API from Big Virtual Switch and Big Network Controller, the system can discover the IP addresses associated with Virtual Network Segments, applications and workloads. As these addresses change, the solution updates a new address object type within PAN-OS, Dynamic Address Objects. Dynamic Address Objects can be updated via the XML API and can be referenced in security policies. When changes to the object occur, the update can be referenced within policies automatically. Setting and modifying these objects programmatically incorporates network security to data center orchestration processes with no additional, manual workflow. 1 Navigate to Address Objects 2 Choose and Name Dynamic Address Object Use Object within Security Policy Rules 3 Figure 3: Dynamic Address Objects are easy to set up within Panorama. Subsequent address updates can be completed programmatically, reducing administrator workload significantly. 5

6 As virtual servers are instantiated, terminated or migrated to new compute resources within or across data centers, Palo Alto Networks next-generation firewalls remain in lock-step with these changes because each event programmed within Big Virtual Switch is communicated to the firewall, and the Dynamic Address Objects are updated to ensure compliance without modifying the security policy. Northbound API Big Network Controller XML API App1 App2 App3 HYPERVISOR Under The Hood Figure 4: Open SDN integration using the PAN-OS XML API enables address objects to be updated without requiring manual work or a configuration change commit. The solution uses a Python-based integration layer that runs atop the Big Network Controller platform. This scripted module uses HTTPS to communicate with the next-generation firewalls and get the list of dynamic objects via the PAN-OS XML API. It then maintains a mapping of Virtual Network Segments and updates address changes in these segments by notifying PAN-OS. The steps required are: 1. Authenticate and generate a key 2. List the currently defined Dynamic Address Objects 3. Update the mapping of IP addresses that are associated with the object Generate a Key The first request generates a key, which is an authentication token that is used subsequently: https://firewall_host/api/?type=keygen&user=admin&password=admin 6

7 A successful request generates this response: <response status= success > <result> <key> KEY_VALUE </key> </result> </response> where KEY_VALUE is the token, such as: LUFRPT11K1BkTmpIZ1RnSHJlRHFGYkpOZTAyUDdzZmc9dEFVZHppNUlYbk54UCtmV3h6M0 6amdoVDI0SHVlczZHa2lFWkJINnZLYz0= List the current mappings The next request lists the current mappings of the available Dynamic Address Objects: https://firewall_host/api/type=op&cmd=<show><object><dynamic-address-object><all></all></ dynamic-address-object></object></show>&key=key_value A successful request generates this response: <response status= success > <result> <response cmd= status status= success ><result> <entry identifier= blue ip= name= app1 vsys= vsys1 /> <entry identifier= blue ip= 1234:5678:90ab:cdef:2234:2678:20ab:2def name= app1 vsys= vsys1 /> <entry identifier= green ip= name= app2 vsys= vsys1 /> <entry identifier= green ip= fe80::250:56ff:fea0:923 name= app2 vsys= vsys1 /> </result></response> </response> Where Dynamic Address Object named app1 is configured with a link identifier of blue and DAO named app2 is configured with a link identifier of green, and the respective IP addresses are the actual IP address of these virtual servers. Update the mapping for dynamic object The final request updates the current mappings for the Dynamic Address Objects: https://firewall_host/api/?type=user-id&key=keyvalue=&action=set&vsys=vsys1&cmd= <uid-message><version>1.0</version><type>update</type><payload><register><entry identifier= blue ip= /><entry identifier= green ip= /></ register></payload></uid-message> A successful request generates this response: <response status= success > In order to update these mappings, the module must maintain information about the current Virtual Network Segments and their associated network properties, such as the IP addresses that will be used in mappings. This information is retrieved from the controller and from Big Virtual Switch using the northbound API and, in this implementation, the Python interface to the API, which is called bsc.py. For more information on this solution or on the Python interface, please contact us at 7

8 Unified. Flexible. Open. The flexibility of this Open SDN solution overcomes the challenges of building out a significant volume of virtualized workloads by enabling automated integration with network security systems. The ability to systematically build up and change the policy objects simplifies the burden of maintaining regulatory compliance and meeting performance expectations. The onerous tasks and parades of trouble tickets associated with network change orders and traditional network security policy workflows disappear while responsibility for ensuring compliance with HIPAA, PCI, or SOX compliance is preserved. Introducing network virtualization and deploying security services by policy, without requiring manual, device-bydevice configuration can reduce a common source or delays: reconciling compliance requirements and completing the procedures of maintaining compliance. By working with existing physical systems and virtual systems and by enabling network engineers and security administrators to collaborate on a path forward to without neglecting ongoing requirements, Palo Alto Networks next-generation firewalls and Big Virtual Switch deliver a programmable network that supports software-defined network security. The combination of next-generation firewalls and Big Virtual Switch enable enterprises to realize the benefits of comprehensive shared infrastructure, optimizing the deployment and entire life cycle of applications and controlling the traffic these applications generate and process more securely. The end result is that an enterprise can reap the benefits of a private cloud while simultaneously simplifying network operations. About Big Switch Networks Big Switch Networks is the leader in open source Software-Defined Networking (SDN) products, delivering unmatched network agility, automated network provisioning, and dramatic reductions in the cost of network operations. The company s Open SDN platform offers an OpenFlow switch fabric that can run on bare metal switches and hypervisor virtual switches, and enables a wide variety of SDN network applications including data center network virtualization and network monitoring. For more information, visit 8 Headquarters 100 West Evelyn Street, Suite 110 Mountain View, CA 94041, USA Phone: or: bigswitch.com Copyright 2013 Big Switch Networks, Inc. All rights reserved. Big Switch Networks, Big Network Controller, Big Tap, Big Virtual Switch, Switch Light, Floodlight and Open SDN are trademarks or registered trademarks of Big Switch Networks, Inc. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Big Switch Networks assumes no responsibility for any inaccuracies in this document. Big Switch Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. SG03-03 July 2013

Enterprise-Ready Network Virtualization for OpenStack

Enterprise-Ready Network Virtualization for OpenStack SOLUTION GUIDE Enterprise-Ready Network Virtualization for OpenStack Automating Private Cloud Provisioning with Big Virtual Switch 1 Big Virtual Switch, a network virtualization application from Big Switch

More information

F5 Application Delivery in a Virtual Network

F5 Application Delivery in a Virtual Network SOLUTION GUIDE F5 Application Delivery in a Virtual Network Automating Server Load Balancing with Big Virtual Switch 1 This solution guide describes how to simplify application delivery and scale out with

More information

Securing the Virtualized Data Center With Next-Generation Firewalls

Securing the Virtualized Data Center With Next-Generation Firewalls Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks

More information

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER JOINT SDN SOLUTION BY ALCATEL-LUCENT ENTERPRISE AND NEC APPLICATION NOTE EXECUTIVE SUMMARY Server

More information

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc. White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3

More information

Open SDN for Network Visibility

Open SDN for Network Visibility SOLUTION GUIDE Open SDN for Network Visibility Simplifying large scale network monitoring systems with Big Tap 1 This solution guide describes how Big Tap, a network monitoring application from Big Switch

More information

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION At many enterprises today, end users are demanding a powerful yet easy-to-use Private

More information

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network

More information

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based

More information

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre Unlock the full potential of data centre virtualisation with micro-segmentation Making software-defined security (SDS) work for your data centre Contents 1 Making software-defined security (SDS) work for

More information

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security Today s data centers are transitioning into software-defined data centers (SDDC). In the SDDC, the core elements

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

Tufin Orchestration Suite

Tufin Orchestration Suite Tufin Orchestration Suite Security Policy Orchestration across Physical Networks & Hybrid Cloud Environments The Network Security Challenge In today s world, enterprises face considerably more network

More information

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R A p p l i c a t i o n D e l i v e r y f o r C l o u d S e r v i c e s : C u s t o m i z i n g S e r v i c e C r e a t i o n i n V i r t u a l E n v i r o n m e n t s Sponsored by: Brocade

More information

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks A Coordinated Virtual Infrastructure for SDN in Enterprise Networks Software Defined Networking (SDN), OpenFlow and Application Fluent Programmable Networks Strategic White Paper Increasing agility and

More information

Cisco and Red Hat: Application Centric Infrastructure Integration with OpenStack

Cisco and Red Hat: Application Centric Infrastructure Integration with OpenStack Cisco and Red Hat: Application Centric Infrastructure Integration with OpenStack Cisco and Red Hat Extend the Cisco ACI Policy Framework to Red Hat Enterprise Linux OpenStack Platform Enabled Environments

More information

Software defined networking. Your path to an agile hybrid cloud network

Software defined networking. Your path to an agile hybrid cloud network Software defined networking Your path to an agile hybrid cloud network Is your enterprise network ready for the latest business and consumer trends? Cloud How easily can your users connect to cloud resources?

More information

Learn About Security Virtualization

Learn About Security Virtualization This Learn About introduces the fundamentals of security virtualization and explains how a virtual security appliance can provide security and networking services in virtualized private or public cloud

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

VMware vcloud Networking and Security

VMware vcloud Networking and Security VMware vcloud Networking and Security Efficient, Agile and Extensible Software-Defined Networks and Security BROCHURE Overview Organizations worldwide have gained significant efficiency and flexibility

More information

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Cloud Management Software can coordinate and automate server, network, and storage operations within the modern datacenter. This brief describes how

More information

WildFire. Preparing for Modern Network Attacks

WildFire. Preparing for Modern Network Attacks WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends

More information

Implementing Software- Defined Security with CloudPassage Halo

Implementing Software- Defined Security with CloudPassage Halo WHITE PAPER Implementing Software- Defined Security with CloudPassage Halo Introduction... 2 Implementing Software-Defined Security w/cloudpassage Halo... 3 Abstraction... 3 Automation... 4 Orchestration...

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

ILLUMIO ADAPTIVE SECURITY PLATFORM TM ILLUMIO ADAPTIVE SECURITY PLATFORM TM HIGHLIGHTS Security with Intelligence Illumio ASP is powered by the breakthrough PCE. The PCE contextualizes all traffic flows, services, and processes on application

More information

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers Why it s unique The Nuage Networks VSP is the only enterprise and service provider-grade SDN platform that:

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

Virtualization Essentials

Virtualization Essentials Virtualization Essentials Table of Contents Introduction What is Virtualization?.... 3 How Does Virtualization Work?... 4 Chapter 1 Delivering Real Business Benefits.... 5 Reduced Complexity....5 Dramatically

More information

Data Center Virtualization and Cloud QA Expertise

Data Center Virtualization and Cloud QA Expertise Data Center Virtualization and Cloud QA Expertise Highlights Broad Functional QA Experience Deep understanding of Switching and Routing Protocols Strong hands on experience in multiple hyper-visors like

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

Top Ten Reasons to Transition Your IT Sandbox Environments to the Cloud

Top Ten Reasons to Transition Your IT Sandbox Environments to the Cloud Top Ten Reasons to Transition Your IT Sandbox Environments to the Cloud WHITE PAPER BROUGHT TO YOU BY SKYTAP 2 Top Ten Reasons to Transition Your IT Sandbox Environments to the Cloud Contents Executive

More information

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding www.citrix.com Contents Introduction... 3 The On- boarding Problem Defined... 3 Considerations for Application On- boarding...

More information

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com SDN 101: An Introduction to Software Defined Networking citrix.com Over the last year, the hottest topics in networking have been software defined networking (SDN) and Network ization (NV). There is, however,

More information

Operationalizing the Network: SDN

Operationalizing the Network: SDN Operationalizing the Network: SDN Our world, our relationships, and our businesses are being transformed by applications. SDN promises to transform the networks responsible for delivering them. White Paper

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN

More information

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER An AlgoSec Whitepaper MANAGE SECURITY AT THE SPEED OF BUSINESS AlgoSec Whitepaper Introduction Corporate networks today must deliver hundreds

More information

Simplifying Data Data Center Center Network Management Leveraging SDN SDN

Simplifying Data Data Center Center Network Management Leveraging SDN SDN Feb 2014, HAPPIEST MINDS TECHNOLOGIES March 2014, HAPPIEST MINDS TECHNOLOGIES Simplifying Data Data Center Center Network Management Leveraging SDN SDN Author Author Srinivas Srinivas Jakkam Jakkam Shivaji

More information

Virtualized Hadoop. A Dell Hadoop Whitepaper. By Joey Jablonski. A Dell Hadoop Whitepaper

Virtualized Hadoop. A Dell Hadoop Whitepaper. By Joey Jablonski. A Dell Hadoop Whitepaper Virtualized Hadoop A Dell Hadoop Whitepaper By Joey Jablonski A Dell Hadoop Whitepaper Introduction to Virtualized Hadoop Hadoop has become a standard within many organizations and data centers for its

More information

Optimally Manage the Data Center Using Systems Management Tools from Cisco and Microsoft

Optimally Manage the Data Center Using Systems Management Tools from Cisco and Microsoft White Paper Optimally Manage the Data Center Using Systems Management Tools from Cisco and Microsoft What You Will Learn Cisco is continuously innovating to help businesses reinvent the enterprise data

More information

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

ILLUMIO ADAPTIVE SECURITY PLATFORM TM ILLUMIO ADAPTIVE SECURITY PLATFORM TM HIGHLIGHTS Security with Intelligence Illumio ASP is powered by the breakthrough PCE. The PCE contextualizes all traffic flows, services, and processes on application

More information

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure

More information

Assessing the Business Value of SDN Datacenter Security Solutions

Assessing the Business Value of SDN Datacenter Security Solutions IDC SOLUTION BRIEF Assessing the Business Value of SDN Datacenter Security Solutions Sponsored by: Cisco Pete Lindstrom Matthew Marden May 2015 Richard L. Villars Overview CTOs, CIOs, and application architects

More information

Software Defined Networks Virtualized networks & SDN

Software Defined Networks Virtualized networks & SDN Software Defined Networks Virtualized networks & SDN Tony Smith Solution Architect HPN 2 What is Software Defined Networking Switch/Router MANAGEMENTPLANE Responsible for managing the device (CLI) CONTROLPLANE

More information

Software-Defined Networks Powered by VellOS

Software-Defined Networks Powered by VellOS WHITE PAPER Software-Defined Networks Powered by VellOS Agile, Flexible Networking for Distributed Applications Vello s SDN enables a low-latency, programmable solution resulting in a faster and more flexible

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW

TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW Abstract Software-defined networking, or SDN, is a relatively new technology that is already having a major impact on companies in the

More information

Enterprise Data Center Networks

Enterprise Data Center Networks Enterprise Data Center Networks Isabelle Guis Big Switch Networks Vice President of Outbound Marketing ONF Market Education Committee Chair 1 This Session Objectives Leave with an understanding of Data

More information

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services

More information

Pluribus Netvisor Solution Brief

Pluribus Netvisor Solution Brief Pluribus Netvisor Solution Brief Freedom Architecture Overview The Pluribus Freedom architecture presents a unique combination of switch, compute, storage and bare- metal hypervisor OS technologies, and

More information

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls. provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls. View a graphical summary of the applications on the network, the respective users, and

More information

Software-Defined Storage: What it Means for the IT Practitioner WHITE PAPER

Software-Defined Storage: What it Means for the IT Practitioner WHITE PAPER What it Means for the IT Practitioner WHITE PAPER Extending the Power of Virtualization to Storage Server virtualization has changed the way IT runs data centers across the world. According to Gartner,

More information

Use Case Brief NETWORK SECURITY

Use Case Brief NETWORK SECURITY Use Case Brief NETWORK SECURITY As Datacenter architectures have incorporated virtualization, new application topologies, and new programming constructs such as Docker Containers, new security gaps have

More information

CA Process Automation

CA Process Automation PRODUCT SHEET: CA Process Automation we can CA Process Automation CA Process Automation enables enterprise organizations to design, deploy and administer automation of manual, resource-intensive and often

More information

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future

More information

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack Dave Tucker Hewlett-Packard April 2013 1 About Me Dave Tucker WW Technical Marketing HP Networking dave.j.tucker@hp.com Twitter:

More information

SOFTWARE DEFINED NETWORKING

SOFTWARE DEFINED NETWORKING SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology

More information

Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture

Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture Reference Architecture Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture 2015 Cisco and/or its affiliates. All rights reserved.

More information

The evolving IT environment: Maximizing potential of open hybrid clouds

The evolving IT environment: Maximizing potential of open hybrid clouds The evolving IT environment: Maximizing potential of open hybrid clouds Every enterprise, from small-and-medium businesses (SMBs) to global enterprises, needs business applications to run its business.

More information

VMware vcloud Networking and Security Overview

VMware vcloud Networking and Security Overview VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility

More information

2013 ONS Tutorial 2: SDN Market Opportunities

2013 ONS Tutorial 2: SDN Market Opportunities 2013 ONS Tutorial 2: SDN Market Opportunities SDN Vendor Landscape and User Readiness Jim Metzler, Ashton, Metzler & Associates Jim@ashtonmetzler.com April 15, 2013 1 1 Goals & Non-Goals Goals: Describe

More information

SYMANTEC DATA CENTER SECURITY: MONITORING EDITION 6.5

SYMANTEC DATA CENTER SECURITY: MONITORING EDITION 6.5 SYMANTEC DATA CENTER SECURITY: MONITORING EDITION 6.5 Simplify continuous security monitoring for physical and virtual servers as well as private and public clouds. Data Sheet: Security Management Symantec

More information

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES Meeting the 7 Challenges in Testing and Performance Management Introduction With advent of the cloud paradigm, organizations are transitioning

More information

Software Defined Networking - a new approach to network design and operation. Paul Horrocks Pre-Sales Strategist 8 th November 2012

Software Defined Networking - a new approach to network design and operation. Paul Horrocks Pre-Sales Strategist 8 th November 2012 Software Defined Networking - a new approach to network design and operation Paul Horrocks Pre-Sales Strategist 8 th November 2012 Agenda What is Software Defined Networking What is the value of Software

More information

WHITE PAPER: Egenera Cloud Suite

WHITE PAPER: Egenera Cloud Suite WHITE PAPER: Egenera Cloud Suite ... Introduction Driven by ever-increasing business demand, cloud computing has become part of many organizations IT strategy today. Driving this transition is the need

More information

Strategic Direction of Networking IPv6, SDN and NFV Where Do You Start?

Strategic Direction of Networking IPv6, SDN and NFV Where Do You Start? Strategic Direction of Networking IPv6, SDN and NFV Where Do You Start? Yanick Pouffary HP Distinguished Technologist, Chief Technologist Technology Services Mobility & Networking Forward-looking statements

More information

SDN Unlocks New Opportunities for Cloud Service Providers

SDN Unlocks New Opportunities for Cloud Service Providers White Paper SDN Unlocks New Opportunities for Cloud Service Providers Prepared by Caroline Chappell Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.juniper.net March 2014 Executive

More information

Data Center Network Evolution: Increase the Value of IT in Your Organization

Data Center Network Evolution: Increase the Value of IT in Your Organization White Paper Data Center Network Evolution: Increase the Value of IT in Your Organization What You Will Learn New operating demands and technology trends are changing the role of IT and introducing new

More information

Embrace the Future of Data Center Networking

Embrace the Future of Data Center Networking Embrace the Future of Data Center Networking Craig Hinkley Vice President and General Manager, HP Networking Americas 3 July 2013 To remain static is to lose ground. Packard David Legacy data center networks

More information

The Promise and the Reality of a Software Defined Data Center

The Promise and the Reality of a Software Defined Data Center The Promise and the Reality of a Software Defined Data Center Authored by Sponsored by Introduction The traditional IT operational model is highly manual and very hardware centric. As a result, IT infrastructure

More information

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center A NEW NETWORK PARADIGM What do the following trends have in common? Virtualization Real-time applications

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Five Steps For Securing The Data Center: Why Traditional Security May Not Work White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

SDN Software Defined Networks

SDN Software Defined Networks There is nothing more important than our customers SDN Software Defined Networks A deployable approach for the Enterprise 2012 Enterasys Networks, Inc. All rights reserved SDN Overview What is SDN? Loosely

More information

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges

More information

PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls. PANORAMA Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls. Web Interface HTTPS Panorama SSL View a graphical summary of the applications

More information

A Pragmatic Approach to Network Security for Virtualized Computing Environments

A Pragmatic Approach to Network Security for Virtualized Computing Environments WHITE PAPER A Pragmatic Approach to Network Security for Virtualized Computing Environments Sponsor: Palo Alto Networks Author: Mark Bouchard A Pragmatic Approach to Network Security for Virtualized Computing

More information

Junos Space Virtual Control

Junos Space Virtual Control Proiduct Overview The proliferation of virtual switches in the data center has presented data center operators with a significant challenge namely, how to manage these virtual network elements in conjunction

More information

Set Up a VM-Series NSX Edition Firewall

Set Up a VM-Series NSX Edition Firewall Set Up a VM-Series NSX Edition Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA

More information

SDN/Virtualization and Cloud Computing

SDN/Virtualization and Cloud Computing SDN/Virtualization and Cloud Computing Agenda Software Define Network (SDN) Virtualization Cloud Computing Software Defined Network (SDN) What is SDN? Traditional Network and Limitations Traditional Computer

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

I D C M A R K E T S P O T L I G H T

I D C M A R K E T S P O T L I G H T I D C M A R K E T S P O T L I G H T The New IP: Building the Foundation of Datacenter Network Automation March 2015 Adapted from Worldwide Enterprise Communications and Datacenter Network Infrastructure

More information

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments March 13, 2015 Abstract To provide redundancy and disaster recovery, most organizations deploy multiple data

More information

Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads

Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads White Paper Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads What You Will Learn Application centric infrastructure (ACI) provides a robust transport

More information

F5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access

F5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access F5 PARTNERSHIP SOLUTION GUIDE F5 and VMware Virtualization solutions to tighten security, optimize performance and availability, and unify access 1 W H AT 'S INS I DE Data Center Virtualization 3 Enterprise

More information

Network Services in the SDN Data Center

Network Services in the SDN Data Center Network Services in the SDN Center SDN as a Network Service Enablement Platform Whitepaper SHARE THIS WHITEPAPER Executive Summary While interest about OpenFlow and SDN has increased throughout the tech

More information

Delivering the Software Defined Data Center

Delivering the Software Defined Data Center Delivering the Software Defined Data Center Georgina Schäfer Sr. Product Marketing Manager VMware Calvin Rowland, VP, Business Development F5 Networks 2014 VMware Inc. All rights reserved. F5 & Vmware

More information

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer

More information

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Five Steps For Securing The Data Center: Why Traditional Security May Not Work White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center

More information

The Value of Open vswitch, Fabric Connect and Fabric Attach in Enterprise Data Centers

The Value of Open vswitch, Fabric Connect and Fabric Attach in Enterprise Data Centers The Value of Open vswitch, Fabric Connect and Fabric Attach in Enterprise Data Centers Table of Contents Enter Avaya Fabric Connect. 2 A typical data center architecture with Avaya SDN Fx... 3 A new way:

More information

Using SouthBound APIs to build an SDN Solution. Dan Mihai Dumitriu Midokura Feb 5 th, 2014

Using SouthBound APIs to build an SDN Solution. Dan Mihai Dumitriu Midokura Feb 5 th, 2014 Using SouthBound APIs to build an SDN Solution Dan Mihai Dumitriu Midokura Feb 5 th, 2014 Agenda About Midokura Drivers of SDN & Network Virtualization Adoption SDN Architectures Why OpenDaylight? Use

More information

Bringing the Cloud to the Enterprise Branch and WAN: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY

Bringing the Cloud to the Enterprise Branch and WAN: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY Bringing the Cloud to the Enterprise Branch and WAN: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY The principles of cloud computing are transforming the information

More information

The Road to SDN: Software-Based Networking and Security from Brocade

The Road to SDN: Software-Based Networking and Security from Brocade WHITE PAPER www.brocade.com SOFTWARE NETWORKING The Road to SDN: Software-Based Networking and Security from Brocade Software-Defined Networking (SDN) presents a new approach to rapidly introducing network

More information

Enhancing Cisco Networks with Gigamon // White Paper

Enhancing Cisco Networks with Gigamon // White Paper Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,

More information

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources WHITE PAPER IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources Table of Contents IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources... 3 Cloud

More information

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015 Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?

More information

SDN PARTNER INTEGRATION: SANDVINE

SDN PARTNER INTEGRATION: SANDVINE SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service

More information

Taking the Open Path to Hybrid Cloud with Dell Networking and Private Cloud Solutions

Taking the Open Path to Hybrid Cloud with Dell Networking and Private Cloud Solutions Taking the Open Path to Hybrid Cloud with Dell Networking and Private Cloud Solutions In This Paper Frequently, the network is the stumbling point to cloud adoption SDN offers a more dynamic, virtualized

More information

Business Case for Open Data Center Architecture in Enterprise Private Cloud

Business Case for Open Data Center Architecture in Enterprise Private Cloud Business Case for Open Data Center Architecture in Enterprise Private Cloud Executive Summary Enterprise IT organizations that align themselves with their enterprise s overall goals help the organization

More information