Securing Virtual Environments

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Securing Virtual Environments"

Transcription

1 Securing Virtual Environments Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1

2 INTRODUCTION Virtualization is sweeping through computer architectures. The benefits of running multiple instances of operating systems on a single host are driving investments in new data centers, consolidation of data centers, and even a move to virtual data centers hosted by Infrastructure as a Service companies (IaaS) like Amazon (EC2), Microsoft (Azure), and Rackspace, or focused offerings from GoGrid, Joyent and AppNexus. The appeal is both financial: multiple virtual machines (VMs) can be hosted on a single appliance increasing its utilization, as well as more flexible: VMs can be brought on-line dynamically in response to load or the deployment of a new application. Instead of the old paradigm every new project starts with purchasing, deploying, and maintaining dedicated boxes to host the applications a data center is now becoming one giant collection of computer processing power that can be re-configured on the fly to accommodate evolving computing needs. As virtualization matures there is more abstraction of architectures into these data centers. Projects that required multiple computer servers, management consoles, and networks are instantiated in a flexible virtual environment. A data center consisting of racks and racks of computing platforms now hosts hundreds or thousands of separate virtual architectures each with a different purpose, each sharing the same physical infrastructure. Computing architectures are becoming fractal. Fractal computing: the parts resemble the whole. A data center mimics the Internet. In a virtualized environment a host mimics a data center. But what about security? Are the firewalls and intrusion prevention systems (IPS) that should have been included in most architectures also virtualized and embedded in the cloud? This white paper takes a look at the move of security utilities firewalls and IPS to these new virtual environments. Effective network security requires policy control that dictates what source IP addresses can communicate with any destination IP address over which port. This is provided by firewalls. Also required is the ability to inspect traffic flows for malicious content and alert or block unwanted traffic. This is provided by an IPS. Deploying IPS and firewalls in virtualized environments is just as critical as deploying in traditional physical networks. There are two primary security architectures being used today to secure these virtualized environments. Performing these security tasks on the hosts that contain the virtual machines or offloading these tasks to separate dedicated infrastructure. Firewalling is the least compute intensive security task. A decision can be quickly made whether to enforce a firewall policy based on source destination, port, or even time of day or other factors. For a particular flow of packets that decision is only made once at the beginning of the flow. After that the continuing stream of packets are either allowed or denied (stateful inspection firewalls) IT-Harvest 2

3 IPS, on the other hand, is compute intensive. Packets between any two resources in a virtual environment must be assembled and inspected against an ever growing signature database so that allow, alert, or deny decisions can be made. Therefore the decision has to be made whether to do firewall and IPS policy enforcement within the virtual environment or off load it. Since firewalling requires little compute resources it is most efficiently performed within the hypervisor, the control system for all the virtual machines. And IPS, because it is very compute intensive, is most efficiently performed by special purpose hardware and thus should be shunted to dedicated IPS hardware. Here is how the major IPS vendors are approaching the task of virtualized security. HP TippingPoint IPS HP TippingPoint is one of the leading IPS solutions and was originally architected to apply IPS inspection in a switched environment. The IPS device takes traffic from the network switch, inspects it, and blocks malicious traffic while passing the clean traffic back to the network through the switch. TippingPoint has extended this architecture to virtual environments and incorporated virtual firewalls that are deployed through the hypervisor. TippingPoint has created two elements to secure virtual environments: the Virtual Controller plus Virtual Firewall (vcontroller+vfw) and the Virtual Management Center (VMC). The vcontroller+vfw is deployed within each hypervisor and incorporates firewall policy enforcement that dictates which virtual machine (VM) can talk to which VM over which port. The vcontroller component also shunts particular traffic to TippingPoint's N-series IPS devices for packet processing over a separate VLAN. In this way the heavy lifting required of IPS is done in a bestof-breed IPS appliance that is purpose built for fast analysis of network traffic, while the firewall policy enforcement is done within the virtualized host. TippingPoint's Virtual Management Center is a virtualized management console that integrates with the TippingPoint Security Management System (SMS), and is used to visualize the virtual data center, and deploy vcontroller+vfw and manage the security policies. All of the functionality of a typical management console are incorporate in the integrated management suite: policy creation and deployment, monitoring, alerting, and administrative controls, integration with SEIM and trouble ticketing systems, and logging. Management of the N-series IPS devices for the physical network is also incorporated so a complete view of network traffic both within the virtualized environment and the data center perimeter is made possible. By shunting traffic to the N-series device from the vcontroller virtual IPS is achieved. From a management perspective it is like deploying high end IPS appliances within the virtual environment IT-Harvest 3

4 In addition to the existing integration with VMWare HP Tippingpoint recently announced a working relationship that will allow for further joint development as well as joint sales and marketing cooperation. The selection of HP TippingPoint by VMware for this level of partnership is an important consideration when evaluating IPS for virtual environments. SourceFire virtualized IPS SourecFire is another leading IPS vendor that has taken the open source Snort IDS software and commercialized it with the addition of IPS capabilities. Because SourceFire's IPS is software based it can be deployed to run on hosts with no hardware modification required. SourceFire's original approach to virtualization is to install their IPS engine (Virtual 3D Sensor) directly on each host machine in the data center. It consumes resources to inspect traffic and reserves for itself a CPU core and a gigabyte of memory. In servers with a single quad-core CPU this represents 25% of the available computing resources. Of course in multi-processor servers there would be a smaller percentage of total resources consumed. In a large data center there could be hundreds of IPS sensors deployed, one to each hardware server, each requiring signature and software updates on a regular schedule. This is accomplished with the SourceFire Management Console which is already capable of managing multiple IPS sensors. The Virtual 3D Sensor is deployed within a virtual environment much like it would be in the physical world. Traffic from VMs is sent via a virtual switch to the virtual IPS engine and then back through a virtual switch. This allows IPS drop rules to be effective. If only monitoring is desired the traffic is sent to a virtual Span port for intrusion detection, logging and alerting. Physical ports on the host can also be used to allow monitoring of traffic between hosts. In order to reduce the number of Virtual 3D Sensors deployed it is possible to shunt traffic from each host to one of the Virtual 3D Sensors deployed on a smaller number of hosts, particularly in those data centers that have standardized Cisco Nexus v1000 hardware switches. SourceFire just introduced an integration with VMWare s VShield. The integration is with the publicly available VMware APIs and allows a policy to be configured that will dynamically enact VShield rules to block traffic between VMs or in front of VMs. Managers will get alerts when this happens but have to use VMWare s management console to manage these on-the-fly rules. To avoid complications in managing many rules, some of which could block legitimate traffic, the original IPS policy can be set to expire the rules in a set time frame IT-Harvest 4

5 McAFee IntruShield IPS IntruShield is one of the most widely deployed stand alone IPS solutions. Purpose built appliances with application specific integrated circuits (ASICs) are used to handle the processing of network traffic and apply IPS rules. To date Intrushield's virtualization capability is limited to on-box inspection of traffic over separated VLANs. While this is a powerful capability that allows the deployment of fewer boxes in environments with switched networks it does not directly provide IPS for virtualized environments. To achieve the same functionality as provided by HP TippingPoint and SourceFire virtual environments would have to be configured manually to direct traffic from each VM over a specially configured VLAN to the Intrushield device. This poses management issues that while not insurmountable would be almost impossible to maintain in a dynamic environment where VMs are created on the fly, turned on and off based on demand, or recreated remotely for back-up and disaster recovery. Cisco IPS Cisco's 4200 series IPS sensors are the mainstay of their IPS product line. Versions of their IPS product are available for the Cisco ASA as a separate card or even in their Integrated Services Router for remote and branch offices. The Cisco 4200 series IPS, much like McAfee's IntruShield products can be configured to inspect traffic over VLANs, but would require the same effort to deploy in a virtual environment. Juniper IDP Juniper's IPS solutions are part of their IDP appliances which can be configured as passive intrusion detection devices or active transparent IPS. While IPS policies can be applied to VLANs as in the Cisco and McAfee products, Juniper has yet to introduce an integrated strategy for firewall and IPS in a virtualized data center. CONCLUSION 2011 IT-Harvest 5

6 The fractalization of computing infrastructure currently underway as organizations move to virtualized data centers is driving a requirement for an equal fractalization of security architectures. Just as managing the complexities of dynamic hosting of applications in virtual instances is the primary challenge for transitioning to virtualized data centers (made possible by VMWare, Microsoft, and Citrix) extending a manageable security architecture to the VDC is a challenge that must be addressed. Of the dominate IPS vendors TippingPoint and SourceFire are the two that have created viable solutions. SourceFire has leveraged the software-only aspect of their 3D sensors to deploy to virtual environments in a way that is familiar and analogous to traditional deployments. HP TippingPoint, by incorporating a firewalling capability for policy enforcement and an integrated vcontroller for directing virtualized network traffic to their high performance N-Series IPS appliances has provided the two critical network security capabilities that will be required to secure virtual environments. REFERENCES SourceFire Technology Brief: Strategies for Securing Virtualized Environments SourceFire White Paper: SourceFire Virtual 3D Sensor and Virtual Defense Sensor. Securing Virtualized Environments with McAfee IntruShield vcontroller Brief HP TippingPoint A Comprehensive framework for securing virtualized data centers. HP TippingPoint IT-Harvest 6

Data Center Migration Lift and Shift Use Case Scenario

Data Center Migration Lift and Shift Use Case Scenario Why Datacenter Migration Is Challenging for Enterprises Datacenter migration projects are usually complex and involve considerable planning and coordination between multiple teams, including network, security,

More information

McAfee Network Security Platform

McAfee Network Security Platform Quick Tour Revision A McAfee Network Security Platform version 8.3 McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and software that accurately detects

More information

Proactively Secure Your Cloud Computing Platform

Proactively Secure Your Cloud Computing Platform Proactively Secure Your Cloud Computing Platform Dr. Krutartha Patel Security Engineer 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Agenda 1 Cloud

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

White Paper: AirSembly Datacenter Architecture Models

White Paper: AirSembly Datacenter Architecture Models White Paper: AirSembly Datacenter Architecture Models AirSembly Version 1.6 August 2015 Abstract: This white paper outlines different scenarios in which AirSembly can be configured. It presents common

More information

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System

REV: 0.1.1 (July 2011) McAfee Security: Intrusion Prevention System McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload

More information

Security Models for Cloud. Kurtis E. Minder, CISSP

Security Models for Cloud. Kurtis E. Minder, CISSP Security Models for Cloud Kurtis E. Minder, CISSP 1 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson Business

More information

Next Generation IPS and Reputation Services

Next Generation IPS and Reputation Services Next Generation IPS and Reputation Services Richard Stiennon Chief Research Analyst IT-Harvest 2011 IT-Harvest 1 IPS and Reputation Services REPUTATION IS REQUIRED FOR EFFECTIVE IPS Reputation has become

More information

Joshua Beeman University Information Security Officer October 17, 2011

Joshua Beeman University Information Security Officer October 17, 2011 Joshua Beeman University Information Security Officer October 17, 2011 1 June, 2011- NPTF Security Presentation on FY 12 InfoSec goals: Two Factor Authentication Levels of Assurance Shibboleth InCommon

More information

A comprehensive framework for securing virtualized data centers. Business white paper

A comprehensive framework for securing virtualized data centers. Business white paper A comprehensive framework for securing virtualized data centers Business white paper Contents Experiencing the virtualization wave...3 Addressing virtualization security challenges...3 Understanding security

More information

Securing the Intelligent Network

Securing the Intelligent Network WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.

More information

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer

More information

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Five Steps For Securing The Data Center: Why Traditional Security May Not Work White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center

More information

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Five Steps For Securing The Data Center: Why Traditional Security May Not Work White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center

More information

Enhancing Cisco Networks with Gigamon // White Paper

Enhancing Cisco Networks with Gigamon // White Paper Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,

More information

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU Data sheet Product overview The HP TippingPoint Virtual Controller + Virtual Firewall (vcontroller+vfw) extends our leading intrusion

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

More information

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet: Managed Hosting Service Description Version 1.10 Effective Date: 3/3/2015 Purpose This Service Description is applicable to Managed Hosting services (MH) offered by MN.IT Services (MN.IT) and described

More information

White Paper February 2005. McAfee Network Protection Solutions. IntruShield Virtualization Delivering Real Benefits. www.mcafee.

White Paper February 2005. McAfee Network Protection Solutions. IntruShield Virtualization Delivering Real Benefits. www.mcafee. White Paper February 2005 McAfee Network Protection Solutions IntruShield Virtualization Delivering Real Benefits Delivering Real Benefits 2 Introduction Virtualization The IntruShield Approach 3 4 Virtualization

More information

Meeting the Challenges of Virtualization Security

Meeting the Challenges of Virtualization Security Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization

More information

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service

More information

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Aerohive Networks Inc. Free Bonjour Gateway FAQ Aerohive Networks Inc. Free Bonjour Gateway FAQ 1. About the Product... 1 2. Installation... 2 3. Management... 3 4. Troubleshooting... 4 1. About the Product What is the Aerohive s Free Bonjour Gateway?

More information

Table of Contents. VMready. Virtual Machine-Aware Networking

Table of Contents. VMready. Virtual Machine-Aware Networking VMready Virtual Machine-Aware Networking White Paper Table of Contents Executive Summary... 2 Current Server Virtualization Environments... 3 Hypervisors... 3 Virtual Switches... 3 Leading Server Virtualization

More information

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their

More information

Software Defined Networking A quantum leap for Devops?

Software Defined Networking A quantum leap for Devops? Software Defined Networking A quantum leap for Devops? TNG Technology Consulting GmbH, http://www.tngtech.com/ Networking is bottleneck in today s devops Agile software development and devops is increasing

More information

Simplified Private Cloud Management

Simplified Private Cloud Management BUSINESS PARTNER ClouTor Simplified Private Cloud Management ClouTor ON VSPEX by LOCUZ INTRODUCTION ClouTor on VSPEX for Enterprises provides an integrated software solution for extending your existing

More information

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise

Virtualization with VMware ESX and VirtualCenter SMB to Enterprise Virtualization with VMware ESX and VirtualCenter SMB to Enterprise Course VM-03 5 Days Instructor-led, Hands-on Course Description This is a 5-day intense introduction to virtualization using VMware s

More information

Restricted Document. Pulsant Technical Specification

Restricted Document. Pulsant Technical Specification Pulsant Technical Specification Title Pulsant Government Virtual Server IL2 Department Cloud Services Contributors RR Classification Restricted Version 1.0 Overview Pulsant offer two products based on

More information

CoIP (Cloud over IP): The Future of Hybrid Networking

CoIP (Cloud over IP): The Future of Hybrid Networking CoIP (Cloud over IP): The Future of Hybrid Networking An overlay virtual network that connects, protects and shields enterprise applications deployed across cloud ecosystems The Cloud is Now a Critical

More information

Server Virtualization Cloud Partner Training Series

Server Virtualization Cloud Partner Training Series Server Virtualization Cloud Partner Training Series August 2015 Agenda What is it? Benefits Industry Landscape Evolve is Different How we can help you $ucceed Who is a fit? Who is a challenge? Key Questions

More information

Driving Down the Cost and Complexity of Application Networking with Multi-tenancy

Driving Down the Cost and Complexity of Application Networking with Multi-tenancy White Paper AX Series Driving Down the Cost and Complexity of Application Networking with Multi-tenancy February 2013 WP_ADC_ADP_012013.1 Table of Contents 1 Introduction... 3 2 Application Delivery Partition

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Troubleshooting and Maintaining Cisco IP Networks Volume 1 Troubleshooting and Maintaining Cisco IP Networks Volume 1 Course Introduction Learner Skills and Knowledge Course Goal and E Learning Goal and Course Flow Additional Cisco Glossary of Terms Your Training

More information

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments March 13, 2015 Abstract To provide redundancy and disaster recovery, most organizations deploy multiple data

More information

Benefits of virtualizing your network

Benefits of virtualizing your network While server virtulization can improve your infrastructure as a whole, it can affect. Extending virtualization to can eliminate any unnecessary impacts and allow you to maximize your virtual investment.

More information

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

Overview. Prime Network Services Controller Overview. This section contains the following topics:

Overview. Prime Network Services Controller Overview. This section contains the following topics: This section contains the following topics:, page 1 Topology Examples, page 3 Features and Benefits, page 4 The dynamic nature of cloud environments requires organizations to apply and enforce frequent

More information

Learn About Security Virtualization

Learn About Security Virtualization This Learn About introduces the fundamentals of security virtualization and explains how a virtual security appliance can provide security and networking services in virtualized private or public cloud

More information

Designing Virtual Network Security Architectures Dave Shackleford

Designing Virtual Network Security Architectures Dave Shackleford SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined

More information

Architecting Security for the Private Cloud. Todd Thiemann

Architecting Security for the Private Cloud. Todd Thiemann Architecting Security for the Private Cloud Todd Thiemann Classification 4/9/2010 Copyright 2009 Trend Micro Inc. 1 The Evolving Datacenter Lowering Costs, Increasing Flexibility Public Cloud Private Cloud

More information

Securing Enclave Lecture 6. Urban Bilstrup

Securing Enclave Lecture 6. Urban Bilstrup Securing Enclave Lecture 6 Urban Bilstrup Urban.Bilstrup@hh.se Perimeter Defense Once an enclave is identified, it must be mapped to the network so that clear electronic perimeters can be defined. It is

More information

Evolving Datacenter Architectures

Evolving Datacenter Architectures Technology Insight Paper Evolving Datacenter Architectures HP technologies for Cloud ready IT By Russ Fellows January, 2013 Enabling you to make the best technology decisions Evolving Datacenter Architectures

More information

Solution Overview. Cisco UCS Director

Solution Overview. Cisco UCS Director Solution Overview Cisco UCS Director 1 Challenges IT is being challenged to align quickly with business needs. People want data center resources to be as easy to obtain as online consumer items. But that

More information

Availability of Services in the Era of Cloud Computing

Availability of Services in the Era of Cloud Computing Availability of Services in the Era of Cloud Computing Sanjay P. Ahuja 1 & Sindhu Mani 1 1 School of Computing, University of North Florida, Jacksonville, America Correspondence: Sanjay P. Ahuja, School

More information

Overview. Information About Installing the Cisco PNSC and the Cisco VSG. Information About Cisco VSG. This chapter contains the following sections:

Overview. Information About Installing the Cisco PNSC and the Cisco VSG. Information About Cisco VSG. This chapter contains the following sections: This chapter contains the following sections: Information About Installing the Cisco PNSC and the Cisco VSG, page 1 Information About the Cisco PNSC, page 7 Information About High Availability, page 9

More information

Secure Virtualization in the Federal Government

Secure Virtualization in the Federal Government White Paper Secure Virtualization in the Federal Government Achieve efficiency while managing risk Table of Contents Ready, Fire, Aim? 3 McAfee Solutions for Virtualization 4 Securing virtual servers in

More information

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop White Paper Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop What You Will Learn Cisco Virtualization Experience Infrastructure (VXI) delivers a service-optimized desktop virtualization

More information

The New IP Networks: Time to Move From PoC to Revenue

The New IP Networks: Time to Move From PoC to Revenue White Paper The New IP Networks: Time to Move From PoC to Revenue Prepared by Roz Roseboro Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.brocade.com February 2015 Introduction The

More information

Cloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack

Cloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack Cloud Platform Comparison: CloudStack, Eucalyptus, vcloud Director and OpenStack This vendor-independent research contains a product-by-product comparison of the most popular cloud platforms (along with

More information

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc. White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3

More information

Securing Cloud Infrastructures with Elastic Security

Securing Cloud Infrastructures with Elastic Security Securing Cloud Infrastructures with Elastic Security White Paper September 2012 SecludIT 1047 route des dolines, 06560 Sophia Antipolis, France T +33 489 866 919 info@secludit.com http://secludit.com Core

More information

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc. Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim

More information

5 Best Practices to Protect Your Virtual Environment

5 Best Practices to Protect Your Virtual Environment CONTENTS OF THIS WHITE PAPER Security Virtualization s Big Hurdle..1 Why Old-STyle Protections Fall short..2 Best Practices...3 Create A VM Service Good List... 3 Monitor and Protect the Hypervisor...

More information

REDCENTRIC INFRASTRUCTURE AS A SERVICE SERVICE DEFINITION

REDCENTRIC INFRASTRUCTURE AS A SERVICE SERVICE DEFINITION REDCENTRIC INFRASTRUCTURE AS A SERVICE SERVICE DEFINITION SD021 V2.2 Issue Date 01 July 2014 1) OVERVIEW Redcentric s Infrastructure as a Service (IaaS) enables the to consume server, storage and network

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

PRODUCTS & TECHNOLOGY

PRODUCTS & TECHNOLOGY PRODUCTS & TECHNOLOGY DATA CENTER CLASS WAN OPTIMIZATION Today s major IT initiatives all have one thing in common: they require a well performing Wide Area Network (WAN). However, many enterprise WANs

More information

Cloud Security: An Independent Assessent

Cloud Security: An Independent Assessent Cloud Security: An Independent Assessent A Quantix White Paper Dec 2010 Call us on: 0115 983 6200 Visit us on-line at: www.quantix-uk.com E-mail us at : enquiries@quantix-uk.com Why are people concerned

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

7 Ways OpenStack Enables Automation & Agility for KVM Environments

7 Ways OpenStack Enables Automation & Agility for KVM Environments 7 Ways OpenStack Enables Automation & Agility for KVM Environments Table of Contents 1. Executive Summary 1 2. About Platform9 Managed OpenStack 2 3. 7 Benefits of Automating your KVM with OpenStack 1.

More information

EMC Integrated Infrastructure for VMware

EMC Integrated Infrastructure for VMware EMC Integrated Infrastructure for VMware Enabled by EMC Celerra NS-120 Reference Architecture EMC Global Solutions Centers EMC Corporation Corporate Headquarters Hopkinton MA 01748-9103 1.508.435.1000

More information

Overcoming The Blind Spots in Your Virtualized Data Center

Overcoming The Blind Spots in Your Virtualized Data Center Overcoming The Blind Spots in Your Virtualized Data Center Matt Percival Sales Manager Northern Europe Stand C4 2014 Ixia Inc. Outline Virtualization Overview Network Monitoring Basics Implementing a Monitoring

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days) www.peaklearningllc.com 6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days) Introduction This three-day instructor-led course teaches students how to implement and manage Windows Server

More information

ACME Enterprises IT Infrastructure Assessment

ACME Enterprises IT Infrastructure Assessment Prepared for ACME Enterprises March 25, 2014 Table of Contents Executive Summary...2 Introduction...2 Background...2 Scope of IT Assessment...2 Findings...2 Detailed Findings for Key Areas Reviewed...3

More information

Network Performance Monitoring

Network Performance Monitoring 2013 Network Performance Monitoring Gerben Kleijn NTS 350 8/17/2013 Contents Company Overview... 3 Prime Security.... 3 Network layout... 3 Network Performance Monitoring... 7 The problem... 7 Low cost

More information

Data Center Networking Designing Today s Data Center

Data Center Networking Designing Today s Data Center Data Center Networking Designing Today s Data Center There is nothing more important than our customers. Data Center Networking Designing Today s Data Center Executive Summary Demand for application availability

More information

Cloud-Based Services: Assure Performance, Availability, and Security

Cloud-Based Services: Assure Performance, Availability, and Security Cloud-Based Services: Assure Performance, Availability, and Security What You Will Learn Services available from the cloud offer cost and efficiency benefits to businesses, but until now many customers

More information

Deployment Options for Microsoft Hyper-V Server

Deployment Options for Microsoft Hyper-V Server CA ARCserve Replication and CA ARCserve High Availability r16 CA ARCserve Replication and CA ARCserve High Availability Deployment Options for Microsoft Hyper-V Server TYPICALLY, IT COST REDUCTION INITIATIVES

More information

Virtualization & Cloud Computing (2W-VnCC)

Virtualization & Cloud Computing (2W-VnCC) Virtualization & Cloud Computing (2W-VnCC) DETAILS OF THE SYLLABUS: Basics of Networking Types of Networking Networking Tools Basics of IP Addressing Subnet Mask & Subnetting MAC Address Ports : Physical

More information

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK 2014 2015 Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK 2014 2015 Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2. M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK 2014 2015 Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2. What are the different types of virtualization? Explain

More information

Silver Peak s Virtual Acceleration Open Architecture (VXOA)

Silver Peak s Virtual Acceleration Open Architecture (VXOA) Silver Peak s Virtual Acceleration Open Architecture (VXOA) A FOUNDATION FOR UNIVERSAL WAN OPTIMIZATION The major IT initiatives of today data center consolidation, cloud computing, unified communications,

More information

Network Virtualization

Network Virtualization Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services

More information

Virtualized Security: The Next Generation of Consolidation

Virtualized Security: The Next Generation of Consolidation Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the

More information

Integrate Cisco Application Centric Infrastructure with Existing Networks

Integrate Cisco Application Centric Infrastructure with Existing Networks White Paper Integrate Cisco Application Centric Infrastructure with Existing Networks What You Will Learn Cisco Application Centric Infrastructure (ACI) offers a revolutionary way of deploying, managing,

More information

VIRTUALIZATION SECURITY IN THE REAL WORLD

VIRTUALIZATION SECURITY IN THE REAL WORLD VIRTUALIZATION SECURITY IN THE REAL WORLD Growing Technology Virtualization has become the standard for many corporate IT departments. The market for server virtualization infrastructure has matured, surpassing

More information

Securing Physical and Virtual IT Assets Without Hardware Firewalls or VLANs

Securing Physical and Virtual IT Assets Without Hardware Firewalls or VLANs white paper Securing Physical and Virtual IT Assets Without Hardware Firewalls or VLANs A New Approach: An Identity-Aware Network Inside the Perimeter Introduction For security administrators at large

More information

Secure networks are crucial for IT systems and their

Secure networks are crucial for IT systems and their ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Software defined networking. Your path to an agile hybrid cloud network

Software defined networking. Your path to an agile hybrid cloud network Software defined networking Your path to an agile hybrid cloud network Is your enterprise network ready for the latest business and consumer trends? Cloud How easily can your users connect to cloud resources?

More information

The Cisco ASA 5500 as a Superior Firewall Solution

The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls

More information

Improve WAN Optimization: Expert tips for the WAN Manager

Improve WAN Optimization: Expert tips for the WAN Manager E-Guide Improve WAN Optimization: Expert tips for the WAN Manager Although the business case for wide area network (WAN) optimization is compelling, the last thing a WAN manager wants is another branch

More information

Vmware VSphere 6.0 Private Cloud Administration

Vmware VSphere 6.0 Private Cloud Administration To register or for more information call our office (208) 898-9036 or email register@leapfoxlearning.com Vmware VSphere 6.0 Private Cloud Administration Class Duration 5 Days Introduction This fast paced,

More information

SERVER 101 COMPUTE MEMORY DISK NETWORK

SERVER 101 COMPUTE MEMORY DISK NETWORK Cloud Computing ก ก ก SERVER 101 COMPUTE MEMORY DISK NETWORK SERVER 101 1 GHz = 1,000.000.000 Cycle/Second 1 CPU CYCLE VIRTUALIZATION 101 VIRTUALIZATION 101 VIRTUALIZATION 101 HISTORY YEAR 1800 YEARS LATER

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Cisco Nexus 1000V Virtual Switch

Cisco Nexus 1000V Virtual Switch Cisco Nexus 1000V Virtual Switch Product Overview The Cisco Nexus 1000V virtual machine access switch is an intelligent software switch implementation for VMware ESX environments. Running inside of the

More information

ArcGIS for Server: In the Cloud

ArcGIS for Server: In the Cloud DevSummit DC February 11, 2015 Washington, DC ArcGIS for Server: In the Cloud Bonnie Stayer, Esri Session Outline Cloud Overview - Benefits - Types of clouds ArcGIS in AWS - Cloud Builder - Maintenance

More information

Solving the Hypervisor Network I/O Bottleneck Solarflare Virtualization Acceleration

Solving the Hypervisor Network I/O Bottleneck Solarflare Virtualization Acceleration Solving the Hypervisor Network I/O Bottleneck Solarflare Virtualization Acceleration White Paper By: Gary Gumanow 9 October 2007 SF-101233-TM Introduction With increased pressure on IT departments to do

More information

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved. Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security

More information

White Paper. Intrusion Detection Deploying the Shomiti Century Tap

White Paper. Intrusion Detection Deploying the Shomiti Century Tap White Paper Intrusion Detection Deploying the Shomiti Century Tap . Shomiti Tap Deployment Purpose of this Paper The scalability of Intrusion Detection Systems (IDS) is often an issue when deploying an

More information

Clusters Your Way. 8 Ways to Make Clusters Easy to Use and Easy to Own. Clusters Your Way.

Clusters Your Way. 8 Ways to Make Clusters Easy to Use and Easy to Own. Clusters Your Way. 8 Ways to Make Clusters Easy to Use and Easy to Own. Protect more. Spend less. IT managers are constantly challenged to provide higher levels of service and protect more applications and data from downtime,

More information

ACL Compliance Director FAQ

ACL Compliance Director FAQ Abstract Cyber Operations, Inc., Cyber Operations, Inc. Copyright 2008 Cyber Operations, Inc. This document contains frequently asked questions about ACL Compliance Director with answers. Table of Contents...

More information

Security for Virtualization

Security for Virtualization Security for Virtualization Dan Broasca General Manager Omnient SRL dan.broasca@omnient.ro The two concepts Virtualize the security Complete virtualized security and network infrastructure Security for

More information

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««; Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery IT Infrastructure Services White Paper Utilizing Software Defined Network to Ensure Agility in IT Service Delivery About the Author Siddhesh Rane Siddhesh Rane is a Technical Architect and part of the

More information

Testing Network Security Using OPNET

Testing Network Security Using OPNET Testing Network Security Using OPNET Agustin Zaballos, Guiomar Corral, Isard Serra, Jaume Abella Enginyeria i Arquitectura La Salle, Universitat Ramon Llull, Spain Paseo Bonanova, 8, 08022 Barcelona Tlf:

More information

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1. This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1. WD31_VirtualApplicationSharedServices.ppt Page 1 of 29 This presentation covers the shared

More information