Palo Alto Networks. Security Models in the Software Defined Data Center
|
|
- Ruby Morton
- 8 years ago
- Views:
Transcription
1 Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894
2 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling technologies have created some kind of smart edge where a forwarding decision or encapsulation occurs, and a dumb core which is focused on fast switching. Such as MPLS, TRILL, FabricPath, Qfabric, etc. In all of these, the edge has been a piece of networking hardware, and these technologies have been initiated by networking hardware. And firewalls have traditionally been deployed at the boundary between this network edge and end-systems. Server s Firewall Smart Edge Dumb Core Firewall Server s Data Center Core Network
3 Network Overlay Boundaries & Security But with emerging SDN technologies, overlay technologies can be initiated from hosts. The network edge can now be a host, with the entire physical network focused on dumb fast switching. Examples are VXLAN, NVGRE, and STT. Hardware firewalls deployed in the physical network core now only see North/South traffic that exists a physical host, not East/West traffic within a host, nor traffic within Overlay tunnels. Smart Edge Server s Firewall Dumb Core Firewall Server s VXLAN Data Center Core Network
4 Firewalls In order to maintain visibility into East/West traffic, and contents of Overlay technologies Initiated from hosts, virtual firewalls need to be deployed within the host systems. To maintain full security visibility across entire Data Center, physical and virtual firewalls need to coordinate policy and network intelligence. Smart Edge Server s Firewall Dumb Core Firewall Server s Firewall Data Center Core Network Firewall
5 Why place any firewall in a virtual topology? - Web / App / DB Isolation - PCI / Non-PCI isolation - Malware, Virus - Administrative Isolation - Dev / Production isolation - Whitelisting VM Firewall? VM Switch Hypervisor Data Center Core Network Hardware Firewalls
6 How do firewalls define Applications? Traditional: Applications = TCP/UDP Ports Next Gen: Applications = Data Payload Signatures
7 Build rules against applications, not ports
8 Track Apps, Content, & Users, not IP s SQL SQL Sharepoint
9 Writing Security Policy based on tags, not IP s Dynamic Address Groups VMware vcenter or ESXi PAN-OS Dynamic Address Groups Name IP Guest OS Container web-sjc Ubuntu Web sp-sjc Win 2008 R2 SharePoint web-sjc Ubuntu Web Name Tags Addresses SharePoint Servers MySQL Servers SharePoint Win 2008 R2 sp MySQL Ubuntu db exch-mia Win 2008 R2 Exchange exch-dfw Win 2008 R2 Exchange Miami DC mia sp-mia Win 2008 R2 SharePoint db-mia Ubuntu MySQL San Jose Linux Web Servers sjc web Ubuntu db-dfw Ubuntu MySQL db-mia Ubuntu MySQL PAN-OS Security Policy Source Destination Action SharePoint Servers MySQL Servers San Jose Linux Web Servers Miami DC
10 Consistent Security Policy across entire DC Central Management For & Physical Firewalls Hypervisor Hypervisor Hypervisor PA-7050 PA-7050
11 Data Center Firewall Deployment Models 6. Endpoint security software. ( Cyvera, Symantec, IPTables ) 5. VM firewalls inspecting packets at source, VM-to-VM steering. ( PAN VM-1000-HV firewall ) VLAN 100 VLAN 200 vswitch Hypervisor 4. VM firewall between VLAN's. ( PAN Gateway, Cisco vasa ) 3. Kernel module firewall. ( NSX DFW, Juniper Firefly Host ) 2. Linux Container, Docker. ( Possible future. Only IPTables today ) 1. Physical Firewall. ( PAN, SRX, ASA )
12 2 Different Firewall Types Using NSX VM-1000-HV VM Firewall Using vsphere Gateway VM Firewall We reside within the network topology, as in a traditional network. We see packets after they reach the network stack. Traffic is steered to us for inspection above the Forwarding Plane, so security is applied before packets ever reach the network stack. Security now has zero impact on network topology since security is abstracted from the network. Security occurs within Network VM-1 VM-2 VM-1 VM-2 PAN Security is abstracted above Network Step-1 Step-3 Step-2 vshield VMware s Switch Hypervisor ESX & ESXi Forwarding Plane PAN VMware s Switch Hypervisor ESX & ESXi Data Center Core Network Data Center Core Network
13 Phase 1: Just trunk all VLAN s to server uplinks VM VM VM Physical Host Hypervisor VLAN s Top of Rack Switch Hardware Firewall
14 Easy for hardware firewalls to go blind VM VM VM Physical Host Hypervisor VLAN s Logical Router Quagga, Vyatta, Halon, VMware DLR & ESG, Static Routes in Linux, etc. Top of Rack Switch Hardware Firewall
15 VM Firewall VM-A VM-B Port Group-A vshield Switch Port Group-B Hypervisor ESX & ESXi Data Center Core Network
16 Hypervisor-Aware Firewall VM-A VM-B Switch One Port Group Hypervisor ESX & ESXi Data Center Core Network
17 VMware NSX Distributed Firewall Performs Stateful firewalling Distributed Port Groups NSX Distributed Firewall Hypervisor A Hypervisor B
18 Augmenting the Distributed Firewall Deep-Packet firewalling Distributed Port Groups NSX Distributed Firewall PAN VM Firewall Hypervisor A Hypervisor B PAN VM Firewall
19 Security Policy above the Forwarding Plane Web DB App App Web DB Switch Forwarding Plane NSX Distributed Firewall Hypervisor
20 Security Policy above the Forwarding Plane Web DB App App Web DB NetX API re-directs data flows to us. Switch Forwarding Plane NSX Distributed Firewall Hypervisor
21 Security Policy above the Forwarding Plane Web DB App App Web DB We hand traffic back to filter. Switch Forwarding Plane NSX Distributed Firewall Hypervisor
22 Security Policy above the Forwarding Plane Web DB App App Web DB Only then does packet reach any network segment. Switch Forwarding Plane NSX Distributed Firewall Hypervisor
23 SDN Controllers Switch Switch Routers Hardware Firewalls??? SDN Controller Protocols: - OpenFlow - NetConf - XMPP - I2RS Controllers: - Juniper Contrail - Open Daylight - Nuage - Google s Andromeda
24 SDN Controllers Hardware Firewalls: Transparent ( vwire ) Switch Switch Routers Hardware Firewalls vwire SDN Controller
25 SDN: Service Chaining & NFV Switch Switch Switch SDN Controller
26 SDN: Service Chaining & NFV NFV ( Network Functions ization ) Nodes Palo Alto Networks Firewall Load-Balancer WAN Accelerator VM-1 Tenant 1 VM-2 Tenant 2 Switch Switch Switch
27 SDN: Service Chaining & NFV NFV ( Network Functions ization ) Nodes Palo Alto Networks Firewall Load-Balancer WAN Accelerator VM-1 Tenant 1 VM-2 Tenant 2 Service Chain-2 Service Chain-1 Switch Switch Switch
28 Service Chaining Tunnel Types Different Controllers use different tunnels to define a Service Chain. These tunnels terminate at vswitch, not at the Services themselves. Firewall Load-Balancer WAN Accelerator VM-1 Tenant 1 VM-2 Tenant 2 VLAN s VXLAN s - MPLS - VXLAN - GRE - GENEVE Switch Switch Switch
29 SDN-derived protocols: Arista DirectFlow Assist Point to Arista Switch as a Syslog server Arista Switch Firewall Physical or Forward initial packets to us, for decision. 10 Gig 10 Gig 10 Gig
30 Orchestration: Template model or Plugin model API s imported into Cloud OS. CloudStack API s imported as Templates or Agents API s contained in a Plugin written by each vendor. Such as OpenStack. Nova Module Swift Module Neutron Module Plugins
31 CloudStack Orchestration API s via templates External network. Firewall deployed as a CloudStack Service Provider using VR s. CloudStack Router doing DNS & DHCP. CloudStack Pod networks , Palo Alto Networks. Confidential and Proprietary.
32 OpenStack Multi-Tenant Cloud External Network Private Network 1 Private Network 2 VM VM VM VM VM Tenant 1 Tenant 2
33 Dynamic Address Groups via REST API Orchestration System or Scripts: Puppet, Chef, Ansible, etc. REST API calls Harvest IP s and tags REST API calls Push or Pull PAN-OS Dynamic Address Groups Name Tags Addresses SharePoint Servers MySQL Servers Miami DC San Jose Linux Web Servers SharePoint Win 2008 R2 sp MySQL Ubuntu db mia sjc web Ubuntu Cloud OS DB
34 Data Center Ecosystem Cloud-based Threat intelligence Central Management Hypervisor Communication Endpoint Security Software Hardware Firewalls Firewalls Orchestration / Automation SDK, API, etc. OSPF, BGP VSYS, VR Multiple Hypervisors
Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks
Palo Alto Networks Cyber Security Platform for the Software Defined Data center Zekeriya Eskiocak Security Consultant Palo Alto Networks Evolution towards a software defined data center Server Virtualiza-on
More informationSoftware Defined Network (SDN)
Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario
More informationSDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków
SDN CONTROLLER IN VIRTUAL DATA CENTER Emil Gągała PLNOG, 30.09.2013, Kraków INSTEAD OF AGENDA 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net ACKLOWLEDGEMENTS Many thanks to Bruno Rijsman for his
More informationAutomating Network Security
Automating Network Security Ivan Pepelnjak (ip@ipspace.net) Network Architect ipspace.net AG Who is Ivan Pepelnjak (@ioshints) Past Kernel programmer, network OS and web developer Sysadmin, database admin,
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationJUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service
More informationVIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers
VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers Why it s unique The Nuage Networks VSP is the only enterprise and service provider-grade SDN platform that:
More informationNetwork Virtualization and Software-defined Networking. Chris Wright and Thomas Graf Red Hat June 14, 2013
Network Virtualization and Software-defined Networking Chris Wright and Thomas Graf Red Hat June 14, 2013 Agenda Problem Statement Definitions Solutions She can't take much more of this, captain! Challenges
More informationHAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer
HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN
More informationSDN PARTNER INTEGRATION: SANDVINE
SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking
More informationVMware NSX A Perspective for Service Providers part 2
VMware NSX A Perspective for Service Providers part 2 Using Software Defined Networking to harden DC security controls Trevor Gerdes Strategic Architect Security and Networks NSX for SPs Part 2 - Agenda
More informationOutline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture
OpenStack Neutron Outline Why Neutron? What is Neutron? API Abstractions Plugin Architecture Why Neutron? Networks for Enterprise Applications are Complex. Image from windowssecurity.com Why Neutron? Reason
More informationHow Network Virtualization can improve your Data Center Security
How Network Virtualization can improve your Data Center Security Gilles Chekroun SDDC, NSX Team EMEA gchekroun@vmware.com 2014 VMware Inc. All rights reserved. Security IT spending Security spending is
More informationOpen Source Networking for Cloud Data Centers
Open Source Networking for Cloud Data Centers Gaetano Borgione Distinguished Engineer @ PLUMgrid April 2015 1 Agenda Open Source Clouds with OpenStack Building Blocks of Cloud Networking Tenant Networks
More informationVMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic
VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of
More informationMay 13-14, 2015. Copyright 2015 Open Networking User Group. All Rights Reserved Confiden@al Not For Distribu@on
May 13-14, 2015 Virtual Network Overlays Working Group Follow up from last ONUG use case and fire side discussions ONUG users wanted to see formalized feedback ONUG users wanted to see progression in use
More informationTelecom - The technology behind
SPEED MATTERS v9.3. All rights reserved. All brand names, trademarks and copyright information cited in this presentation shall remain the property of its registered owners. Telecom - The technology behind
More informationBROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK. Gustavo Barros Systems Engineer Brocade Brasil
BROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK Gustavo Barros Systems Engineer Brocade Brasil Software- Defined Networking Summary Separate control and data planes Networks are becoming: More programmatic
More informationCisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems
Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions
More informationSecuring the Virtualized Data Center With Next-Generation Firewalls
Securing the Virtualized Data Center With Next-Generation Firewalls Data Center Evolution Page 2 Security Hasn t Kept Up with Rate Of Change Configuration of security policies are manual and slow Weeks
More informationBuilding an Open, Adaptive & Responsive Data Center using OpenDaylight
Building an Open, Adaptive & Responsive Data Center using OpenDaylight Vijoy Pandey, IBM 04 th February 2014 Email: vijoy.pandey@gmail.com Twitter: @vijoy Agenda Where does ODP (& SDN) fit in the bigger
More informationHow To Orchestrate The Clouddusing Network With Andn
ORCHESTRATING THE CLOUD USING SDN Joerg Ammon Systems Engineer Service Provider 2013-09-10 2013 Brocade Communications Systems, Inc. Company Proprietary Information 1 SDN Update -
More informationMicrosegmentation Using NSX Distributed Firewall: Getting Started
Microsegmentation Using NSX Distributed Firewall: VMware NSX for vsphere, release 6.0x REFERENCE PAPER Table of Contents Microsegmentation using NSX Distributed Firewall:...1 Introduction... 3 Use Case
More informationDefinition of a White Box. Benefits of White Boxes
Smart Network Processing for White Boxes Sandeep Shah Director, Systems Architecture EZchip Technologies sandeep@ezchip.com Linley Carrier Conference June 10-11, 2014 Santa Clara, CA 1 EZchip Overview
More informationSOFTWARE DEFINED NETWORKING: A PATH TO PROGRAMMABLE NETWORKS. Jason Kleeh September 27, 2012
SOFTWARE DEFINED NETWORKING: A PATH TO PROGRAMMABLE NETWORKS Jason Kleeh September 27, 2012 What if you could Build your next data center optimized for highest demands in flexibility, reliability, and
More informationUsing SouthBound APIs to build an SDN Solution. Dan Mihai Dumitriu Midokura Feb 5 th, 2014
Using SouthBound APIs to build an SDN Solution Dan Mihai Dumitriu Midokura Feb 5 th, 2014 Agenda About Midokura Drivers of SDN & Network Virtualization Adoption SDN Architectures Why OpenDaylight? Use
More informationIntro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.
Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security
More informationSOFTWARE DEFINED NETWORKING
SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology
More informationAdvanced Security Services with Trend Micro Deep Security and VMware NSX Platforms
A Trend Micro Technical White Paper June 2015 Advanced Security Services with Trend Micro and VMware NSX Platforms >> This document is targeted at virtualization, security, and network architects interested
More informationDesigning Virtual Network Security Architectures Dave Shackleford
SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined
More informationRIDE THE SDN AND CLOUD WAVE WITH CONTRAIL
RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services
More informationNetwork Virtualization
Network Virtualization The New Imperative in the Enterprise Data Center The Trusted News and Resource for SDx, SDN, NFV, Cloud & Virtualization Infrastructure Key Considerations for Network Virtualization
More informationMultitenancy Options in Brocade VCS Fabrics
WHITE PAPER DATA CENTER Multitenancy Options in Brocade VCS Fabrics As cloud environments reach mainstream adoption, achieving scalable network segmentation takes on new urgency to support multitenancy.
More informationIntroduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
More informationTesting Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES
Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...
More informationVXLAN, Enhancements, and Network Integration
VXLAN, Enhancements, and Network Integration Apricot 2014 - Malaysia Eddie Parra Principal Engineer, Juniper Networks Router Business Unit (RBU) eparra@juniper.net Legal Disclaimer: This statement of product
More informationBRINGING NETWORKS TO THE CLOUD ERA
BRINGING NETWORKS TO THE CLOUD ERA SDN enables new business models Aruna Ravichandran VICE PRESIDENT, MARKETING AND STRATEGY ARAVICHANDRAN@JUNIPER.NET SOFTWARE DEFINED NETWORKING (SDN), JUNIPER NETWORKS
More informationNetwork Virtualization for the Enterprise Data Center. Guido Appenzeller Open Networking Summit October 2011
Network Virtualization for the Enterprise Data Center Guido Appenzeller Open Networking Summit October 2011 THE ENTERPRISE DATA CENTER! Major Trends change Enterprise Data Center Networking Trends in the
More informationSoftware Defined Networks Virtualized networks & SDN
Software Defined Networks Virtualized networks & SDN Tony Smith Solution Architect HPN 2 What is Software Defined Networking Switch/Router MANAGEMENTPLANE Responsible for managing the device (CLI) CONTROLPLANE
More informationSoftware Defined Networks Four Years Later. Quo Vadis, SDN? Ivan Pepelnjak (ip@ipspace.net) Network Architect. ipspace.net AG
Software Defined Networks Four Years Later Quo Vadis, SDN? Ivan Pepelnjak (ip@ipspace.net) Network Architect ipspace.net AG Who is Ivan Pepelnjak (@ioshints) Past Kernel programmer, network OS and web
More informationData Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair
Data Center Network Virtualisation Standards Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair May 2013 AGENDA 1. Why standardise? 2. Problem Statement and Architecture
More informationDefining SDN. Overview of SDN Terminology & Concepts. Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014
Defining SDN Overview of SDN Terminology & Concepts Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014 2013 Cisco and/or its affiliates. All rights reserved. 2 2013 Cisco and/or its affiliates.
More informationYou can t build a new future on old technologies Juniper Networks. Enabling the Hi-IQ network of tomorrow
You can t build a new future on old technologies Juniper Networks Enabling the Hi-IQ network of tomorrow Aligning business and IT strategy Agility and Economics Driving IT Transformation 0 0 1 0 0 0 0
More informationThe Road to SDN: Software-Based Networking and Security from Brocade
WHITE PAPER www.brocade.com SOFTWARE NETWORKING The Road to SDN: Software-Based Networking and Security from Brocade Software-Defined Networking (SDN) presents a new approach to rapidly introducing network
More informationSoftware Defined Cloud Networking
Introduction The rapid adoption of virtualization technologies are driving server consolidation, data center optimization and application mobility. IT organizations are adopting new data center architectures,
More informationIntroduction to Software Defined Networking
Introduction to Software Defined Networking Introduction to SDN Ahmed Maged MENOG 15 Dubai April 2015 @amaged amaged@xegypt.org Agenda What is SDN and What it is not SDN Trends Getting Ready for SDN 2
More informationSoftware Defined Environments
November 2015 Software Defined Environments 2015 Cloud Lecture, University of Stuttgart Jochen Breh, Director Architecture & Consulting Cognizant Global Technology Office Agenda Introduction New Requirements
More informationVMware NSX @SoftLayer!!
A VMware@SoftLayer CookBook v1.1 April 30, 2014 VMware NSX @SoftLayer Author(s) & Contributor(s) (IBM) Shane B. Mcelligott Dani Roisman (VMware) Merlin Glynn, mglynn@vmware.com Chris Wall Geoff Wing Marcos
More informationSoftware Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat
Software Defined Networking (SDN) OpenFlow and OpenStack Vivek Dasgupta Principal Software Maintenance Engineer Red Hat CONTENTS Introduction SDN and components SDN Architecture, Components SDN Controller
More informationNetwork Virtualization Solutions
Network Virtualization Solutions An Analysis of Solutions, Use Cases and Vendor and Product Profiles October 2013 The Independent Community and #1 Resource for SDN and NFV Tables of Contents Introduction
More informationWhat is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates
What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates 1 Goals of the Presentation 1. Define/describe SDN 2. Identify the drivers and inhibitors of SDN 3. Identify what
More informationNext-Generation Datacenter Security Implementation Guidelines
Next-Generation Datacenter Security Implementation Guidelines March 2015 INTRODUCTION 3 DEPLOYMENT OVERVIEW 4 IMPLEMENTATION GUIDELINES 4 PA-7050 Boundary Firewalls to protect north-south traffic 5 Virtual
More informationSimplifying IT with SDN & Virtual Application Networks
Simplifying IT with SDN & Virtual Application Networks Justin Chiah Product Category Head HP Networking APJ Solutions for the New Style of IT Networking innovations lay the foundation for transformation
More informationUse Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION
Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION Cloud Management Software can coordinate and automate server, network, and storage operations within the modern datacenter. This brief describes how
More informationTransform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure
White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure
More informationVMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000
VMware NSX Network Virtualization Design Guide Deploying VMware NSX with Cisco UCS and Nexus 7000 Table of Contents Intended Audience... 3 Executive Summary... 3 Why deploy VMware NSX on Cisco UCS and
More informationBrocade SDN 2015 NFV
Brocade 2015 SDN NFV BROCADE IP Ethernet SDN! SDN illustration 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY Brocade ICX (campus)
More informationVMware. NSX Network Virtualization Design Guide
VMware NSX Network Virtualization Design Guide Table of Contents Intended Audience... 3 Overview... 3 Components of the VMware Network Virtualization Solution... 4 Data Plane... 4 Control Plane... 5 Management
More informationCisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack
Solution Overview Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack What You Will Learn Cisco and Canonical extend the network virtualization offered by the Cisco Nexus 1000V
More informationBusiness Values of Network and Security Virtualization
Business Values of Network and Security Virtualization VMware NSX in the context of the Software Defined Data Center Klaus Jansen Virtual Networks Sales Specialist VMware NSBU 2014 VMware Inc. All rights
More informationBrocade VCS Fabrics: The Foundation for Software-Defined Networks
WHITE PAPER DATA CENTER Brocade VCS Fabrics: The Foundation for Software-Defined Networks Software-Defined Networking (SDN) offers significant new opportunities to centralize management and implement network
More informationEVOLVED DATA CENTER ARCHITECTURE
EVOLVED DATA CENTER ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER DAVID NOGUER BAU HEAD OF SP SOLUTIONS MARKETING JUNIPER NETWORKS @dnoguer @JuniperNetworks 1 Copyright 2014 Juniper
More informationBringing OpenFlow s Power to Real Networks
Bringing OpenFlow s Power to Real Networks Curt Beckmann, Brocade Forwarding Abstractions Working Group ( FAWG @ ONF) April 2013 1 Overview of this preso The Two Schools of OpenFlow OpenFlow Implementation
More informationCLOUD IS THE NEW COMPUTER
CLOUD IS THE NEW COMPUTER THE NEW TERMINAL-MAINFRAMES P L AT F O R M CLIENT-SERVER APP-CLOUD ENTERPRISE IT TRANSFORMATION THE CLOUD JOURNEY: 1. Eliminate infrastructure with public SaaS/PaaS 2. Flexible
More informationQualifying SDN/OpenFlow Enabled Networks
Qualifying SDN/OpenFlow Enabled Networks Dean Lee Senior Director, Product Management Ixia Santa Clara, CA USA April-May 2014 1 Agenda SDN/NFV a new paradigm shift and challenges Benchmarking SDN enabled
More informationNetwork Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY
Network Services Orchestration Software Defined Networks, Network Function Virtualization - TODAY Bruno Paolini EMEA, Managing Director bpaolini@anutanetworks.com 2013 Anuta Networks Agenda A few facts
More informationNuage Networks Virtualised Services Platform. Packet Pushers White Paper
Nuage Networks Virtualised Services Platform Packet Pushers White Paper About the Author Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently
More informationBuilding Scalable, Open, Programmable and Application Centric Data Center with Cisco ACI. 林 瑝 錦 / Jerry Lin Cisco Systems 2015 July
Building Scalable, Open, Programmable and Application Centric Data Center with Cisco ACI 林 瑝 錦 / Jerry Lin Cisco Systems 2015 July Data Center Demands For the Cloud-Era Bare Metal VM Density and Server
More informationDatacenter Networking. Joy ABOIM Consulting System Engineer
Datacenter Networking Joy ABOIM Consulting System Engineer Typical journey to a new Target Operating Model Standardise Vendors, architectures, devices (network, compute, storage) & their configurations
More informationWhy Software Defined Networking (SDN)? Boyan Sotirov
Why Software Defined Networking (SDN)? Boyan Sotirov Agenda Current State of Networking Why What How When 2 Conventional Networking Many complex functions embedded into the infrastructure OSPF, BGP, Multicast,
More informationNetwork Virtualization
Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationCERN Cloud Infrastructure. Cloud Networking
CERN Cloud Infrastructure Cloud Networking Contents Physical datacenter topology Cloud Networking - Use cases - Current implementation (Nova network) - Migration to Neutron 7/16/2015 2 Physical network
More informationNETWORK AUTOMATION AND ORCHESTRATION
White Paper NETWORK AUTOMATION AND ORCHESTRATION Building an Agile Data Center Infrastructure with Juniper Networks Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3
More informationSimplify Your Data Center Network to Improve Performance and Decrease Costs
Simplify Your Data Center Network to Improve Performance and Decrease Costs Summary Traditional data center networks are struggling to keep up with new computing requirements. Network architects should
More informationExpert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts
Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor
More informationWhite Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationUtility Computing and Cloud Networking. Delivering Networking as a Service
Utility Computing and Cloud Networking Delivering Networking as a Service Overview Utility Computing OpenStack Virtual Networking Network Functions Virtualization Utility Computing Utility Computing: Everything
More informationSECURING YOUR MODERN DATA CENTER WITH CHECK POINT
SECURING YOUR MODERN DATA CENTER WITH CHECK POINT Javier Hijas Security Architect Check Point Europe 1 Agenda 1 2 3 4 What Questions is a modern / Answers datacenter Datacenter protection evolution Security
More informationSurviving the SDN Wars. Curt Beckmann Chair of Forwarding Abstractions WG, ONF and EMEA CTO
Surviving the SDN Wars Curt Beckmann Chair of Forwarding Abstractions WG, ONF and EMEA CTO 2014 Sequence Defining SDN and NFV Last 4 years Last 6 months What happens next for SDN? Defining SDN and NFV
More informationCloud Networking From Theory to Practice" Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications"
Cloud Networking From Theory to Practice Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications Who is Ivan Pepelnjak (@ioshints) Networking engineer since 1985 Consultant, blogger (blog.ioshints.info),
More informationExploring Software-Defined Networking with Brocade
WHITE PAPER www.brocade.com IP Network Exploring Software-Defined Networking with Brocade This paper provides an overview of Software-Defined Networking (SDN), its expected role in cloud-optimized networks,
More informationHow To Build A Software Defined Data Center
Delivering the Software Defined Data Center Georgina Schäfer Sr. Product Marketing Manager VMware Calvin Rowland, VP, Business Development F5 Networks 2014 VMware Inc. All rights reserved. F5 & Vmware
More information2013 ONS Tutorial 2: SDN Market Opportunities
2013 ONS Tutorial 2: SDN Market Opportunities SDN Vendor Landscape and User Readiness Jim Metzler, Ashton, Metzler & Associates Jim@ashtonmetzler.com April 15, 2013 1 1 Goals & Non-Goals Goals: Describe
More informationSDN, NFV & Future Technologies. Chris Thompson Director of Product Management, Cloud Connectivity Solutions
SDN, NFV & Future Technologies Chris Thompson Director of Product Management, Cloud Connectivity Solutions Agenda SDN & NFV projections Terminology and protocols Overview of SDN, NFV and NV CPE Evolution
More informationSDN and Data Center Networks
SDN and Data Center Networks 10/9/2013 1 The Rise of SDN The Current Internet and Ethernet Network Technology is based on Autonomous Principle to form a Robust and Fault Tolerant Global Network (Distributed)
More informationCLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS
CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS COMMON APPLICATION VIEW OF THE NETWORK Fallacies of Distributed Computing 1. The network is reliable. 2. Latency is zero. 3. Bandwidth is infinite. 4. The
More informationOrchestrating the next generation data center
Customer Driven Innovation A10 Networks Orchestrating the next generation data center WHD 2014 Do not distribute/edit/copy without the written consent of A10 Networks 2 About A10 3 Customer Driven Innovation
More informationDecisions Behind Hypervisor Selection in CloudStack 4.3
Decisions Behind Hypervisor Selection in CloudStack 4.3 whoami Name: Tim Mackey Current roles: XenServer Community Manager and Evangelist; occasional coder Cool things I ve done Designed laser communication
More informationCross-vCenter NSX Installation Guide
NSX 6.2 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationSimplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014
Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow
More informationSDN van start naar finish
SDN van start naar finish Ralph Wanders Datacenter Solutions Manager Rick Mur Senior System Engineer Juniper Networks IT SECURITY IS TOPSPORT! Beperkingen datacenter architecturen! Agility/Netwerk virtualisatie!
More informationSimplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera rbarrera@grupo-dice.com. VERSION May, 2015
Simplify IT With Cisco Application Centric Infrastructure Roberto Barrera rbarrera@grupo-dice.com VERSION May, 2015 Content Understanding Software Definded Network (SDN) Why SDN? What is SDN and Its Benefits?
More informationPluribus Netvisor Solution Brief
Pluribus Netvisor Solution Brief Freedom Architecture Overview The Pluribus Freedom architecture presents a unique combination of switch, compute, storage and bare- metal hypervisor OS technologies, and
More informationAbout the VM-Series Firewall
About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/
More informationWhite Paper. Contrail Architecture
Contrail Architecture 1 Table of Contents Executive Summary...4 Introduction...4 Overview of Contrail...4 Use Cases...4 Contrail SDN Controller and the vrouter... 5 Virtual Networks... 5 Overlay Networking...
More informationGroup-Based Policy for OpenStack
Group-Based Policy for OpenStack Introduction Over the past four years, OpenStack has grown from a simple open source project to a major community-based initiative including thousands of contributors in
More information