ESF: AN ELASTIC SECURITY FRAMEWORK FOR CLOUD INFRASTRUCTURES

Size: px
Start display at page:

Download "ESF: AN ELASTIC SECURITY FRAMEWORK FOR CLOUD INFRASTRUCTURES"

Transcription

1 M. Pourzandi 1 ESF: AN ELASTIC SECURITY FRAMEWORK FOR CLOUD INFRASTRUCTURES Makan Pourzandi Ericsson Cloud System Management, Affiliated Associate Professor Concordia University Apr 2013

2 M. Pourzandi 2 Plan Background Elastic Security Framework Elastic Enforcement Layer Security Enforcement Optimization

3 Contributions Publications: 16 patent applications issued by US and European patent offices 3 Book chapters, 7 Journal papers 31 papers in international conferences with peer review Standardizations: June 2005-Dec 2009: Leader for Service Availability Forum Security working group, Co-editor for Service Availability Forum Security service specifications version A.0.1, released Sept, June 2002-Sept 2003: Editor for security requirements of Carrier Grade Linux Release 2.0 for Open Source Development Lab, released July Open Source: M. Pourzandi 3 Main software architect and project leader for Distributed Security Infrastructure Team leader for "Model-Based Engineering of Secure Software and Systems", Development of Java based plug-ins for IBM Rational Software Architect

4 M. Pourzandi 4 RESEARCH THEMES

5 M. Pourzandi 5 Distributed Security Infrastructure: Middle ware security

6 M. Pourzandi 6 MOdel-Based Framework for the Engineering of Secure Software and Systems: Software Security

7 M. Pourzandi 7 Telecom networks security: SPAM Mitigation on LTE 4G Mobile Networks Distributed architecture on the LTE network for SPAM mitigation Solving the over dimensioning problem Using of-the-shelf hardware in distributed nodes

8 Threats Connection-Based: - RF Jamming - Wireless Scrambling - Eavesdropping - Message Modification & Injection - Protocol Failures - Physical Attacks & Natural Disasters M. Pourzandi 8 Smart Grid Communications Security Device-Based: - Physical Attacks, Nat. Disasters - Rogue Access Points - Man-in-the-middle Attacks - DoS Attacks, Replay Attacks - Illegitimate use of services - Masquerading - Wardriving Base Station Smart Meter Home Gateway Home Area Network Neighborhood Area Network

9 M. Pourzandi 9 Research Themes Software security Verification and validation of security requirements at design level Integration of enforcement mechanisms at the design level Distributed security infrastructure Application Middleware Security Distributed process based access control DDoS and SPAM mitigation mechanisms in Mobile Telecom networks Distributed Architecture for Spam Mitigation on LTE 4G Mobile Networks Cloud computing security Network & Cloud Computing Security Security and privacy of user-generated data in the cloud storage Self-protecting elastic security frameworks for large IT systems Communication Security for Smart Grid Distribution Networks Smart Grid Security

10 M. Pourzandi 10 WHY AN ELASTIC SECURITY FRAMEWORK IN CLOUD INFRASTRUCTURES?

11 M. Pourzandi 11 Agenda Background Elastic Security Framework Elastic Enforcement Layer Security Enforcement Optimization

12 M. Pourzandi 12 Cloud Computing: Infrastructure As A Service (IaaS) Enhanced by massive virtualization Internet Servers Physical Infrastructure Shared pool of configurable computing resources Elasticity: On-demand resource, auto-scaling Virtualization Virtual Infrastructure Self provisioning, Flexibility Physical Infrastructure

13 M. Pourzandi 13 Target systems: Large IT systems such as cloud infrastructure Cloud infrastructure build on top of large data centers Several thousands to hundreds of thousands of servers Cloud approach is based on pay for the resources that you need You just turn off the extra resources when there is no need Massive virtualization to provide elasticity and flexibility

14 M. Pourzandi 14 Cloud Computing Security: Status Security is a major concern for the industry when moving to Cloud Computing 72% of organizations are "extremely concerned" or "very concerned" about security in the cloud environment (2010 research firm TheInfoPro) Many of the cloud security issues are the same for enterprise security Some differences though

15 M. Pourzandi 15 Background Complexity of the application behaviour and sheer number of them make it difficult, costly and error prone to write down by hand different network security enforcement rules for the data centers Cloud elastic nature makes it necessary to be able to adapt security rules in an agile and fast way This makes a human intervention too slow and not realistic given the pace of changes An old problem: enforcing security in a complex network

16 M. Pourzandi 16 New dimensions for an old problem Scalability and elasticity in the cloud make it impossible to use old methods Multi Tenancy/Compartmentalization: Need to isolate communications/resources between different customers Scalability: Need to support tens of thousands of virtual machines, running on thousands of physical servers Flexibility: Need to support many different types of applications with different network topologies and security needs Elastic security: Need to maintain security policy as data and virtual machines migrate in the cloud, and auto-scale

17 M. Pourzandi Use Cases Consider security mechanisms for a 3-tier application Assume a deployment in the cloud: 6 instances of web server, 2 instances of business tier and 1 instance of database 17

18 M. Pourzandi Possible mapping of virtual machines into a physical network 18

19 M. Pourzandi Consequences of VM Migration on Security Rules If in the previous example WS6 migrates from PS2 to PS4 then: 1. WS6 rules should be removed from FW1 and added to FW2 2. WS3 WS6 rules in AppFW1 should be removed and added to AppFW2 3. Security policy of FW1, AppFW1, FW2, and AppFW2 should be verified and validated This means all FWs in the previous scenario are affected by this migration! 19

20 M. Pourzandi 20 Current approaches: Solution 1 Virtual FW defined for each VM When VM1 migrates to another data center, VM1 traffic is redirected back to the data

21 M. Pourzandi 21 Current approaches: Solution 2 Different VFWs are composed together Creating multitude of vfws Benefit from HW Firewalling

22 M. Pourzandi 22 Challenges remain When VM1 migrates, there is need for maintaining the same sec policy Validate that inserted rules do not introduce any anomalies in other FWs Security policy orchestration Topology based optimization

23 M. Pourzandi 23 How to address these challenges? Need for automatic and dynamic generation of security rules Maintenance and enforcement of security rules for a large number of components, e.g. virtual machines in the cloud infrastructure For an elastic network there is need for an elastic network security

24 M. Pourzandi 24 Agenda Background Elastic Security Framework Elastic Enforcement Layer Security Enforcement Optimization

25 M. Pourzandi 25 ESF: AN ELASTIC SECURITY FRAMEWORK FOR CLOUD INFRASTRUCTURES

26 M. Pourzandi 26 ESF High Level overview ESF presents a framework to implement security vertically through different layers of the cloud infrastructure Few steps involve human intervention: Developers describe their distributed application security policies Remaining steps are transparent to the developers and are generated automatically from the description

27 M. Pourzandi 27 Elastic Network Security: Functional Diagram Automatically generate security policy for different applications running in the cloud from their description Auditability: Being able to verify and validate the consistency and the compliance with predefined security policy Configure the enforcement measures to enforce those security rules in the cloud Compose/Consolidate different security rules in order to implement an efficient enforcement Dynamically modify/adapt the security enforcement measures based on the security policies

28 M. Pourzandi 28 Agenda Background Elastic Security Framework Elastic Enforcement Layer Security Enforcement Optimization

29 M. Pourzandi 29 ELASTIC ENFORCEMENT LAYER (EEL) Sticky Flow Algorithm Case

30 M. Pourzandi 30 Elastic Network Security: Functional Diagram

31 M. Pourzandi 31 EEL Virtual security architecture is anchored in the physical architecture As the applications evolve/migrate in the cloud, the enforcement measures should be adapted to enforce the security policies All life stages of VM must be taken into account: launch, termination, cloning, migration, etc.

32 M. Pourzandi 32 EEL functionality Dynamic and automatic enforcement of security mechanisms L3-L7 Firewalling, Secure connections establishment, e.g. IPSec tunnels, DPI, IDS/IPS, etc. Rapid scaling of protection mechanisms When one or several tenants are under attack, for example DDoS, mitigation mechanisms can be scaled up As the tasks performed by the cloud are Agile, Scalable, Elastic, their security policy enforcement should also be the same: Agile, Scalable, Elastic

33 M. Pourzandi 33 EEL flexible design EEL enforces security policies through different nodes in the cloud data center, Policy Enforcement Point (PEP) Policy Decision Points ( PDP) decide how and what PEPs enforce Based on resource availability (Bandwidth, CPU, Specialized HW, e.g. network processors) Latency Locality information

34 M. Pourzandi 34 EEL design application principles to the network layer: Sticky flow Network security is applied through different network middle boxes/security appliances, e.g. Firewall, IDS/IPS, Web App Firewall Different network traffic must traverse a pre-defined sequence of security appliances Automatic and Transparent Enforcement in consideration of multi-tenancy, elastic networking and VM cloning and migration Particularly, traffic should traverse security appliances in the sequence required by the tenant and should not traverse unnecessary security appliances

35 M. Pourzandi 35 State of the art: Policy aware network enforcement Sticky Flow Solution Support Middlebox Isolation Automatic Migration Dynamic Policy-aware [Stoica] Y Y Y N N NetOdessa [Bellessa] FML/FSL [Mitchell- Shenker] N Y Y N N Y Y N N N

36 Elastic enforcement M. Pourzandi 36

37 M. Pourzandi 37 Sticky flow design (1) Application ID (AppID) for each vapp inserted at hypervisor layer, e.g. IP options Each AppID is associated to some security sequence AppID is used for control level in SDN

38 M. Pourzandi 38 Sticky flow design (2) EEL-tags added at Ethernet layer: Generic Tags (gtags) Instance Tags (itags) EEL tags are used for forwarding layer Appliance types are not redundant in the sequence, in the security sequence then Reasonable as a sequence is applied to a communication between two VMs in the network

39 M. Pourzandi 39 Basic use case The OpenFlow-Controller (OFC) extracts the AppID and determine the chain of gtags to be traversed It then matches the Generic Tags (gtags) to an Instance Tags (itags) range It then chooses the middebox instances to send the packet to (based on cloud resource availability). In our example, let's assume the chosen instances of IDS, AppFW and DPI correspond to itags 2070, 1045 and 3093 respectively The OpenFlow-Switch (OFS) forwards the rst packet to the controller VM1 starts emitting packets. These packets are intercepted by the hypervisor that inserts the AppID into the ip options

40 M. Pourzandi 40 Basic use case Similar rules to the previous ones are to be set into all the middleboxes edge's OFS. Note that for the egress switch of the last middlebox in the chain, the packet should only be routed to the next switch towards the destination VM Along the path, the controller adds a rule to forward the packet to the next switch towards the middlebox instance, based on the EEL-tag. Elasticity: the security appliance instances can change as virtual network change The OFC also adds three new ow-entries into the IDS's ingress and egress OFS : { Packets tagged with EEL-tag 2070 must have their tag popped and be forwarded to the IDS (ingress). { Packets out of the IDS, from VM1 and to VM2 must have the EEL-tag 1045 pushed (egress). { Packets with EEL-tag 1045 must be routed to the next switch towards the AppFW 1045 instance (egress). The OFC adds a two new ow-entries into the VM1's edge OFS : { Packets from VM1 (to VM2) must be tagged with EEL-tag { Packets with EEL-tag 2070 must be routed to the next switch towards the IDS 2070 instance. Mulitenancy is enforced dynamically and automatically at layer 2.

41 M. Pourzandi 41 Migration use case: intra data center VM1' starts emitting packets. These packets are intercepted by the hypervisor that inserts the AppID into the ip options Similar rules to the previous ones are to be set into all the middleboxes edge's OFS. Same as previous. Note that the IDS itag is now Only the AppFW egress switch rules may be modifed, for example if VM1 and VM1' don't have the same MAC address. Network Security Policy is maintained dynamically and automatically after VM migration.

42 Elastic enforcement M. Pourzandi 42

43 M. Pourzandi 43 Sticky Flow Algorithm Traffic is steered inside the DC network based on App ID Open Flow controller is the PDP Open Flow switches and Security appliances are PEPs

44 M. Pourzandi 44 Implementation OpenFlow : NOX Openflow controller Python code added to support sticky flow functionality EEL-tags Usage of VLAN tag support Network : Mininet Custom topology Implemented as Python Sender, receiver, middlebox Implemented as Python processes

45 Proof of concept M. Pourzandi 45

46 M. Pourzandi 46 Sticky flow conclusions Automatic and transparent enforcement Isolation At switch level, L2 enforce the security isolation between tenants networks Maintaining security policies in an elastic environment VM migration/cloning Security policy can be maintained at network layer through different data centers Delegating the choice of security appliances instances according to data center resources No need for centralized decision making/resource management Better resiliency and efficiency in resource consumption

47 M. Pourzandi 47 Agenda Background Elastic Security Framework Elastic Enforcement Layer Security Enforcement Optimization

48 M. Pourzandi 48 SECURITY ENFORCEMENT OPTIMIZATION Local-Global Multi-objective Constraint-Based Path Optimization Algorithm in the cloud infrastructure (LGCM)

49 M. Pourzandi 49 Elastic Network Security: Functional Diagram

50 M. Pourzandi 50 Goal: Build an optimal path based on multiple factors passing through some predefined set of security appliances

51 M. Pourzandi 51 Multi-objective Optimization (1) Need for multiple criteria optimization algorithms Ex: cost, delay/latency, capacity, ownership for each network link Typically, there is no unique optimal solution for such problems Necessary to use decision maker s preferences to differentiate between solutions Difficulty comes from the presence of more than one criterion No longer a unique optimal solution to the problem that can be obtained without incorporating preference information

52 M. Pourzandi 52 Multi-objective Optimization (2) Concept of an optimal solution is often replaced by a set of non-dominated solutions A non-dominated solution has the property that it is not possible to move away from it to any other solution without sacrificing in at least one criterion The boxed points represent feasible choices, and smaller values are preferred to larger ones. Point C is not on the Pareto Frontier because it is dominated by both point A and point B. Points A and B are not strictly dominated by any other, and hence do lie on the frontier Fig from Wikipedia

53 M. Pourzandi 53 Solving Multi-objective Optimization: State of the art Scalarization: convert the original problem into one single problem Ex: Assign weights to different objectives in a linear scalarization Difficulty is to come up with right weights Human expert Difficult to be used in the cloud context, i.e. dynamic changes, large scale, elastic networks, short answer times needed Evolutionary Multi-objective Optimization Find all valid paths Low complexity comparative to other approaches, i.e. cost Difficult in cloud environment to define the convergence factor to the optimal solution

54 M. Pourzandi 54 Evolutionary Multi-objective Optimization Start from a set of initial individuals Iterate over generations Select the fittest individuals Mate the fittest Mutate over to create new individuals Converge toward a set of non-dominated individuals

55 M. Pourzandi 55 Bueno approach using SPEA2 for multicast flow routing Bueno algorithm* addresses building a multi-factor optimal multicast using SPEA2 An heuristic proposed to reduce the problem Mating selection Step 1: Fitness based on Pareto dominance: dominated by, dominating Dominance rank, dominance count Step 2: Refining through density, select individuals in less dense area to improve the diversity KNN density [*] Bueno, M.L.P.; Oliveira, G.M.B.;, "Multicast flow routing: Evaluation of heuristics and multiobjective evolutionary algorithms," Evolutionary Computation (CEC), 2010 IEEE Congress on, vol., no., pp.1-8, July 2010

56 M. Pourzandi 56 Supporting sequence of security appliances In Bueno Algo, there is no concept of sequence of middle boxes to respect Need for improving Bueno s algorithm with the concept of sequence

57 M. Pourzandi 57 LGMC: Illustrating Step by Step paradigm One step is defined to be an edge in the sequence diagram Bueno is used at each step Objective function must minimize link utilization, total cost, end-to-end delay, hops count

58 M. Pourzandi 58 LGMC Pseudo Code: define global paths Pre-defined security sequence of K middle boxes, i.e. K steps // Find Pareto front local paths for each step For each step do For every step I in the pre-defined sequence of middleboxes do According to step I for valid instances of middle box types then Assign Src and Dst to be two valid instance of the middle boxes Apply Bueno between Src Dst Find the Pareto front of local-paths between Src and Dst, i.e. local-path.. Assign Pareto front local-paths.. to step-paths.. // Build global paths from local steps Assign to Global-paths[m] the K-tupe (steppaths[1] step-paths[k])

59 M. Pourzandi 59 LGMC Pseudo code: finding Pareto front among global paths // Re-apply MOEA to the k-tuples while keeping the precedence of local-paths in the k-tuple Apply SPEA2 MOEA to the k-tuples Mating: fill mating pool through binary tournament with new (ktuple) individuals Mutation: Mutate new individuals by changing the local-paths respecting the sequence, i.e. mutation in step I from local-paths[i] End result: Pareto Front in the global paths, i.e. from Source VM to destination VM

60 M. Pourzandi 60 LGCM: Complexity LGCM is based on SPEA2 with the complexity log where M is number of individuals at each generation LGCM complexity is then K log where K is the number of elements in the security sequence LGCM complexity is independent from N number of nodes in the network We cannot really compare an evolutionary algorithm with exact algorithmic methods Chen and Nahrstedt showed on a paper that a similar kind of problem, i.e. Multi-constrained paths can be solved in complexity where N is the number of nodes in the graph and x is large enough (e.g. 10)

61 M. Pourzandi 61 Future work LGCM is our first attempt at using MOEA in a network with a pre-defined set of constraints First results are encouraging Theoretical complexity is comparatively low Proof of concept program results in valid graphs Need to validate approach through more complete set of examples Need for new improve current LGCM algorithm by extending our work to create virtual security appliances in the cloud infrastructure

62 M. Pourzandi 62 ESF conclusions ESF targets developing a homogeneous approach around complex problems Several problems have been addressed so far Elastic enforcement: Sticky Flow Algorithm Enforcement optimization: LGCM Verification and validation of security rules: Cloud Calculus Need to extend these results to a wider use cases

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Virtualization, SDN and NFV

Virtualization, SDN and NFV Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,

More information

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 SDN - An Overview... 2 SDN: Solution Layers and its Key Requirements to be validated...

More information

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES Table of Contents Introduction... 1 Network Virtualization Overview... 1 Network Virtualization Key Requirements to be validated...

More information

Software-Defined Networks Powered by VellOS

Software-Defined Networks Powered by VellOS WHITE PAPER Software-Defined Networks Powered by VellOS Agile, Flexible Networking for Distributed Applications Vello s SDN enables a low-latency, programmable solution resulting in a faster and more flexible

More information

Remote Voting Conference

Remote Voting Conference Remote Voting Conference Logical Architecture Connectivity Central IT Infra NIST Best reachability in India for R-Voting Initiative 200+ Physical MPLS POPs across India 5 Regional Data Centre at Pune,

More information

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam

Cloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam Cloud Networking Disruption with Software Defined Network Virtualization Ali Khayam In the next one hour Let s discuss two disruptive new paradigms in the world of networking: Network Virtualization Software

More information

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack Dave Tucker Hewlett-Packard April 2013 1 About Me Dave Tucker WW Technical Marketing HP Networking dave.j.tucker@hp.com Twitter:

More information

WHITE PAPER. Network Virtualization: A Data Plane Perspective

WHITE PAPER. Network Virtualization: A Data Plane Perspective WHITE PAPER Network Virtualization: A Data Plane Perspective David Melman Uri Safrai Switching Architecture Marvell May 2015 Abstract Virtualization is the leading technology to provide agile and scalable

More information

Wedge Networks: Transparent Service Insertion in SDNs Using OpenFlow

Wedge Networks: Transparent Service Insertion in SDNs Using OpenFlow Wedge Networks: EXECUTIVE SUMMARY In this paper, we will describe a novel way to insert Wedge Network s multiple content security services (such as Anti-Virus, Anti-Spam, Web Filtering, Data Loss Prevention,

More information

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL Pascal Geenens CONSULTING ENGINEER, JUNIPER NETWORKS pgeenens@juniper.net BUSINESS AGILITY Need to create and deliver new revenue opportunities faster Services

More information

Delivering Managed Services Using Next Generation Branch Architectures

Delivering Managed Services Using Next Generation Branch Architectures Delivering Managed Services Using Next Generation Branch Architectures By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Versa Networks Executive Summary Network architectures for the WAN

More information

RELIABILITY AND AVAILABILITY OF CLOUD COMPUTING. Eric Bauer. Randee Adams IEEE IEEE PRESS WILEY A JOHN WILEY & SONS, INC.

RELIABILITY AND AVAILABILITY OF CLOUD COMPUTING. Eric Bauer. Randee Adams IEEE IEEE PRESS WILEY A JOHN WILEY & SONS, INC. RELIABILITY AND AVAILABILITY OF CLOUD COMPUTING Eric Bauer Randee Adams IEEE IEEE PRESS WILEY A JOHN WILEY & SONS, INC., PUBLICATION CONTENTS Figures Tables Equations Introduction xvii xxi xxiii xxv I

More information

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future

More information

ORCHESTRATING THE CLOUD USING SDN

ORCHESTRATING THE CLOUD USING SDN ORCHESTRATING THE CLOUD USING SDN Joerg Ammon Systems Engineer Service Provider 2013-09-10 2013 Brocade Communications Systems, Inc. Company Proprietary Information 1 SDN Update -

More information

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family White Paper June, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL

More information

Definition of a White Box. Benefits of White Boxes

Definition of a White Box. Benefits of White Boxes Smart Network Processing for White Boxes Sandeep Shah Director, Systems Architecture EZchip Technologies sandeep@ezchip.com Linley Carrier Conference June 10-11, 2014 Santa Clara, CA 1 EZchip Overview

More information

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SOFTWARE-DEFINED NETWORKING AND OPENFLOW SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control

More information

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation

More information

SDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków

SDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków SDN CONTROLLER IN VIRTUAL DATA CENTER Emil Gągała PLNOG, 30.09.2013, Kraków INSTEAD OF AGENDA 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net ACKLOWLEDGEMENTS Many thanks to Bruno Rijsman for his

More information

On Orchestrating Virtual Network Functions

On Orchestrating Virtual Network Functions On Orchestrating Virtual Network Functions Presented @ CNSM 2015 Md. Faizul Bari, Shihabur Rahman Chowdhury, and Reaz Ahmed, and Raouf Boutaba David R. Cheriton School of Computer science University of

More information

STeP-IN SUMMIT 2013. June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case)

STeP-IN SUMMIT 2013. June 18 21, 2013 at Bangalore, INDIA. Performance Testing of an IAAS Cloud Software (A CloudStack Use Case) 10 th International Conference on Software Testing June 18 21, 2013 at Bangalore, INDIA by Sowmya Krishnan, Senior Software QA Engineer, Citrix Copyright: STeP-IN Forum and Quality Solutions for Information

More information

Core and Pod Data Center Design

Core and Pod Data Center Design Overview The Core and Pod data center design used by most hyperscale data centers is a dramatically more modern approach than traditional data center network design, and is starting to be understood by

More information

SOFTWARE DEFINED NETWORKING

SOFTWARE DEFINED NETWORKING SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology

More information

Software Defined Network (SDN)

Software Defined Network (SDN) Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario

More information

Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks. Karnataka. www.ijreat.org

Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks. Karnataka. www.ijreat.org Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks Kruthika S G 1, VenkataRavana Nayak 2, Sunanda Allur 3 1, 2, 3 Department of Computer Science, Visvesvaraya Technological

More information

Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University

Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University Software-Defined Network (SDN) & Network Function Virtualization (NFV) Po-Ching Lin Dept. CSIE, National Chung Cheng University Transition to NFV Cost of deploying network functions: Operating expense

More information

TRILL for Data Center Networks

TRILL for Data Center Networks 24.05.13 TRILL for Data Center Networks www.huawei.com enterprise.huawei.com Davis Wu Deputy Director of Switzerland Enterprise Group E-mail: wuhuajun@huawei.com Tel: 0041-798658759 Agenda 1 TRILL Overview

More information

Lecture 02a Cloud Computing I

Lecture 02a Cloud Computing I Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking

More information

TRILL Large Layer 2 Network Solution

TRILL Large Layer 2 Network Solution TRILL Large Layer 2 Network Solution Contents 1 Network Architecture Requirements of Data Centers in the Cloud Computing Era... 3 2 TRILL Characteristics... 5 3 Huawei TRILL-based Large Layer 2 Network

More information

Optimizing Data Center Networks for Cloud Computing

Optimizing Data Center Networks for Cloud Computing PRAMAK 1 Optimizing Data Center Networks for Cloud Computing Data Center networks have evolved over time as the nature of computing changed. They evolved to handle the computing models based on main-frames,

More information

PLUMgrid Open Networking Suite Service Insertion Architecture

PLUMgrid Open Networking Suite Service Insertion Architecture White Paper PLUMgrid Open Networking Suite Service Insertion Architecture Introduction A rapid increase in the use of cloud services across the globe require networks to be adaptable and flexible. PLUMgrid

More information

Network Technologies for Next-generation Data Centers

Network Technologies for Next-generation Data Centers Network Technologies for Next-generation Data Centers SDN-VE: Software Defined Networking for Virtual Environment Rami Cohen, IBM Haifa Research Lab September 2013 Data Center Network Defining and deploying

More information

Network Services in the SDN Data Center

Network Services in the SDN Data Center Network Services in the SDN Center SDN as a Network Service Enablement Platform Whitepaper SHARE THIS WHITEPAPER Executive Summary While interest about OpenFlow and SDN has increased throughout the tech

More information

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight

More information

Building an Open, Adaptive & Responsive Data Center using OpenDaylight

Building an Open, Adaptive & Responsive Data Center using OpenDaylight Building an Open, Adaptive & Responsive Data Center using OpenDaylight Vijoy Pandey, IBM 04 th February 2014 Email: vijoy.pandey@gmail.com Twitter: @vijoy Agenda Where does ODP (& SDN) fit in the bigger

More information

Cloud, SDN and the Evolution of

Cloud, SDN and the Evolution of Cloud, SDN and the Evolution of Enterprise Networks Neil Rickard Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form

More information

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way

More information

Network Security Demonstration - Snort based IDS Integration -

Network Security Demonstration - Snort based IDS Integration - Network Security Demonstration - Snort based IDS Integration - Hyuk Lim (hlim@gist.ac.kr) with TJ Ha, CW Jeong, J Narantuya, JW Kim Wireless Communications and Networking Lab School of Information and

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Serro Solutions Enables Managed Security Service Providers to Optimize Networking Performance and Cost

Serro Solutions Enables Managed Security Service Providers to Optimize Networking Performance and Cost Serro Solutions Enables Managed Security Service Providers to Optimize Networking Performance and Cost Serro s SDN Controller automates Internet connections on a global scale to migrate traffic to lower

More information

Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud

Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches

More information

Software Define Storage (SDs) and its application to an Openstack Software Defined Infrastructure (SDi) implementation

Software Define Storage (SDs) and its application to an Openstack Software Defined Infrastructure (SDi) implementation Software Define Storage (SDs) and its application to an Openstack Software Defined Infrastructure (SDi) implementation This paper discusses how data centers, offering a cloud computing service, can deal

More information

Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26

Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26 Panel: Cloud/SDN/NFV 黃 仁 竑 教 授 國 立 中 正 大 學 資 工 系 2015/12/26 1 Outline Cloud data center (CDC) Software Defined Network (SDN) Network Function Virtualization (NFV) Conclusion 2 Cloud Computing Cloud computing

More information

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN

More information

Network Functions Virtualization (NFV) for Next Generation Networks (NGN)

Network Functions Virtualization (NFV) for Next Generation Networks (NGN) P a g e 1 Network Functions Virtualization (NFV) for Next Generation Networks (NGN) Summary Network Functions Virtualization (NFV) has drawn industry attention. Network Virtualization aims to transform

More information

Why ISPs need SDN: SDN-based Network Service Chaining and Software-defined Multicast

Why ISPs need SDN: SDN-based Network Service Chaining and Software-defined Multicast Why ISPs need SDN: SDN-based Network Chaining and Software-defined Multicast ZKI Herbsttagung, Kaiserslautern, Germany, 24. Sept. 2014 Jeremias Blendin, Julius Rückert, David Hausheer Department of Electrical

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Software Defined Networking

Software Defined Networking Software Defined Networking Stefano Giordano Dipartimento di Ingegneria dell Informazione Università di Pisa 3D Reference model of ISDN Hourglass reference model of a TCP/IP network Network Ossification

More information

Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads

Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads White Paper Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads What You Will Learn Application centric infrastructure (ACI) provides a robust transport

More information

How OpenFlow-based SDN can increase network security

How OpenFlow-based SDN can increase network security How OpenFlow-based SDN can increase network security Charles Ferland, IBM System Networking Representing the ONF ferland@de.ibm.com +49 151 1265 0830 Important elements The objective is to build SDN networks

More information

Proactively Secure Your Cloud Computing Platform

Proactively Secure Your Cloud Computing Platform Proactively Secure Your Cloud Computing Platform Dr. Krutartha Patel Security Engineer 2010 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals Agenda 1 Cloud

More information

OpenFlow: Load Balancing in enterprise networks using Floodlight Controller

OpenFlow: Load Balancing in enterprise networks using Floodlight Controller OpenFlow: Load Balancing in enterprise networks using Floodlight Controller Srinivas Govindraj, Arunkumar Jayaraman, Nitin Khanna, Kaushik Ravi Prakash srinivas.govindraj@colorado.edu, arunkumar.jayaraman@colorado.edu,

More information

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe Software-Defined Networking for the Data Center Dr. Peer Hasselmeyer NEC Laboratories Europe NW Technology Can t Cope with Current Needs We still use old technology... but we just pimp it To make it suitable

More information

VMware vshield App Design Guide TECHNICAL WHITE PAPER

VMware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide Overview ware vshield App is one of the security products in the ware vshield family that provides protection to applications

More information

SDN in the Public Cloud: Windows Azure. Albert Greenberg Partner Development Manager Windows Azure Networking albert@microsoft.com

SDN in the Public Cloud: Windows Azure. Albert Greenberg Partner Development Manager Windows Azure Networking albert@microsoft.com SDN in the Public Cloud: Windows Azure Albert Greenberg Partner Development Manager Windows Azure Networking albert@microsoft.com Microsoft s big bet on public cloud service Lets companies move their IT

More information

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything

More information

Data Center Virtualization and Cloud QA Expertise

Data Center Virtualization and Cloud QA Expertise Data Center Virtualization and Cloud QA Expertise Highlights Broad Functional QA Experience Deep understanding of Switching and Routing Protocols Strong hands on experience in multiple hyper-visors like

More information

What is SDN all about?

What is SDN all about? What is SDN all about? Emil Gągała Juniper Networks Piotr Jabłoński Cisco Systems In the beginning there was a chaos CLOUD BUILDING BLOCKS CAN I VIRTUALIZE MY Compute Network? Storage Where is my money?

More information

Infrastructure as a Service (IaaS)

Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS) (ENCS 691K Chapter 4) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ References 1. R. Moreno et al.,

More information

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure White Paper Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure What You Will Learn The new Cisco Application Centric Infrastructure

More information

Building Access Networks that Support Carrier Ethernet 2.0 Services and SDN

Building Access Networks that Support Carrier Ethernet 2.0 Services and SDN In cooperation with Building Access Networks that Support Carrier Ethernet 2.0 Services and SDN COMMTECH Show Toronto, April 15-16 Mississauga Center by Pasquale Tagliarini Senior Solutions Engineer Agenda

More information

Network performance in virtual infrastructures

Network performance in virtual infrastructures Network performance in virtual infrastructures A closer look at Amazon EC2 Alexandru-Dorin GIURGIU University of Amsterdam System and Network Engineering Master 03 February 2010 Coordinators: Paola Grosso

More information

IBM 000-281 EXAM QUESTIONS & ANSWERS

IBM 000-281 EXAM QUESTIONS & ANSWERS IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of

More information

Restorable Logical Topology using Cross-Layer Optimization

Restorable Logical Topology using Cross-Layer Optimization פרויקטים בתקשורת מחשבים - 236340 - סמסטר אביב 2016 Restorable Logical Topology using Cross-Layer Optimization Abstract: Today s communication networks consist of routers and optical switches in a logical

More information

CompTIA Cloud+ 9318; 5 Days, Instructor-led

CompTIA Cloud+ 9318; 5 Days, Instructor-led CompTIA Cloud+ 9318; 5 Days, Instructor-led Course Description The CompTIA Cloud+ certification validates the knowledge and best practices required of IT practitioners working in cloud computing environments,

More information

Designing Virtual Network Security Architectures Dave Shackleford

Designing Virtual Network Security Architectures Dave Shackleford SESSION ID: CSV R03 Designing Virtual Network Security Architectures Dave Shackleford Sr. Faculty and Analyst SANS @daveshackleford Introduction Much has been said about virtual networking and softwaredefined

More information

Network Functions Virtualization in Home Networks

Network Functions Virtualization in Home Networks Network Functions Virtualization in Home Networks Marion Dillon Timothy Winters Abstract The current model of home networking includes relatively low- cost, failure- prone devices, requiring frequent intervention

More information

Relay2 Enterprise Cloud Controller Datasheet

Relay2 Enterprise Cloud Controller Datasheet Relay2 Enterprise Cloud WLAN Network Controller Provides the power of enterprise network services without the complexities and cost of traditional hardware- based Wi- Fi controllers The Relay2 Enterprise

More information

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend: CompTIA Cloud+ Length: 5 Days Who Should Attend: Project manager, cloud computing services Cloud engineer Manager, data center SAN Business analyst, cloud computing Summary: The CompTIA Cloud+ certification

More information

Radware s Attack Mitigation Solution On-line Business Protection

Radware s Attack Mitigation Solution On-line Business Protection Radware s Attack Mitigation Solution On-line Business Protection Table of Contents Attack Mitigation Layers of Defense... 3 Network-Based DDoS Protections... 3 Application Based DoS/DDoS Protection...

More information

Oracle SDN Performance Acceleration with Software-Defined Networking

Oracle SDN Performance Acceleration with Software-Defined Networking Oracle SDN Performance Acceleration with Software-Defined Networking Oracle SDN, which delivers software-defined networking, boosts application performance and management flexibility by dynamically connecting

More information

ProgrammableFlow for Open Virtualized Data Center Network

ProgrammableFlow for Open Virtualized Data Center Network ProgrammableFlow for Open Virtualized Data Center Network Samrat Ganguly NEC Corporation of America Challenges in Today s Data Center and Cloud Networks Performance scaling concerns Complexity scaling

More information

Data Center Networking Designing Today s Data Center

Data Center Networking Designing Today s Data Center Data Center Networking Designing Today s Data Center There is nothing more important than our customers. Data Center Networking Designing Today s Data Center Executive Summary Demand for application availability

More information

Analysis of Network Segmentation Techniques in Cloud Data Centers

Analysis of Network Segmentation Techniques in Cloud Data Centers 64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology

More information

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT

SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT BROCADE SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT Rajesh Dhople Brocade Communications Systems, Inc. rdhople@brocade.com 2012 Brocade Communications Systems, Inc. 1 Why can t you do these things

More information

New Cloud Networking Enabled by ProgrammableFlow

New Cloud Networking Enabled by ProgrammableFlow New Cloud Networking Enabled by ProgrammableFlow NISHIHARA Motoo, IWATA Atsushi, YUN Su-hun WATANABE Hiroyuki, IIJIMA Akio, KANOH Toshiyuki Abstract Network virtualization, network programmability, and

More information

Building Storage Service in a Private Cloud

Building Storage Service in a Private Cloud Building Storage Service in a Private Cloud Sateesh Potturu & Deepak Vasudevan Wipro Technologies Abstract Storage in a private cloud is the storage that sits within a particular enterprise security domain

More information

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang bhuang@cisco.com. Nov 13, 2014 Simplify IT With Cisco Application Centric Infrastructure Barry Huang bhuang@cisco.com Nov 13, 2014 There are two approaches to Control Systems IMPERATIVE CONTROL DECLARATIVE CONTROL Baggage handlers follow

More information

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane

More information

Conference. Smart Future Networks THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF EVERYTHING

Conference. Smart Future Networks THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF EVERYTHING Conference THE NEXT EVOLUTION OF THE INTERNET FROM INTERNET OF THINGS TO INTERNET OF Smart Future Networks www.internet-of-things.no EVERYTHING Patrick Waldemar Vice President Telenor Research and Future

More information

Secure Cloud-Ready Data Centers Juniper Networks

Secure Cloud-Ready Data Centers Juniper Networks Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Cisco Prime Network Services Controller Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems Agenda Cloud Networking Challenges Prime Network Services Controller L4-7 Services Solutions

More information

Fujitsu Cloud IaaS Trusted Public S5. shaping tomorrow with you

Fujitsu Cloud IaaS Trusted Public S5. shaping tomorrow with you Fujitsu Cloud IaaS Trusted Public S5 shaping tomorrow with you Realizing the cloud opportunity: Fujitsu Cloud iaas trusted Public s5 All the benefits of the public cloud, with enterprise-grade performance

More information

SDN PARTNER INTEGRATION: SANDVINE

SDN PARTNER INTEGRATION: SANDVINE SDN PARTNER INTEGRATION: SANDVINE SDN PARTNERSHIPS SSD STRATEGY & MARKETING SERVICE PROVIDER CHALLENGES TIME TO SERVICE PRODUCT EVOLUTION OVER THE TOP THREAT NETWORK TO CLOUD B/OSS AGILITY Lengthy service

More information

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SOFTWARE-DEFINED NETWORKING AND OPENFLOW SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking

More information

Secure Cloud Computing with a Virtualized Network Infrastructure

Secure Cloud Computing with a Virtualized Network Infrastructure Secure Cloud Computing with a Virtualized Network Infrastructure Fang Hao, T.V. Lakshman, Sarit Mukherjee, Haoyu Song Bell Labs Cloud Security: All or Nothing? Amazon EC2 Government Cloud Shared computing,

More information

Solaris For The Modern Data Center. Taking Advantage of Solaris 11 Features

Solaris For The Modern Data Center. Taking Advantage of Solaris 11 Features Solaris For The Modern Data Center Taking Advantage of Solaris 11 Features JANUARY 2013 Contents Introduction... 2 Patching and Maintenance... 2 IPS Packages... 2 Boot Environments... 2 Fast Reboot...

More information

How Network Virtualization can improve your Data Center Security

How Network Virtualization can improve your Data Center Security How Network Virtualization can improve your Data Center Security Gilles Chekroun SDDC, NSX Team EMEA gchekroun@vmware.com 2014 VMware Inc. All rights reserved. Security IT spending Security spending is

More information

Group-Based Policy for OpenStack

Group-Based Policy for OpenStack Group-Based Policy for OpenStack Introduction Over the past four years, OpenStack has grown from a simple open source project to a major community-based initiative including thousands of contributors in

More information

Virtualized Security: The Next Generation of Consolidation

Virtualized Security: The Next Generation of Consolidation Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the

More information

Securing Virtualization with Check Point and Consolidation with Virtualized Security

Securing Virtualization with Check Point and Consolidation with Virtualized Security Securing Virtualization with Check Point and Consolidation with Virtualized Security consolidate security gateways with full power of Software Blades with Check Point Virtual Systems (VSX) secure virtualized

More information

Virtual Privacy vs. Real Security

Virtual Privacy vs. Real Security Virtual Privacy vs. Real Security Certes Networks at a glance Leader in Multi-Layer Encryption Offices throughout North America, Asia and Europe Growing installed based with customers in 37 countries Developing

More information

Software Defined Security Mechanisms for Critical Infrastructure Management

Software Defined Security Mechanisms for Critical Infrastructure Management Software Defined Security Mechanisms for Critical Infrastructure Management SESSION: CRITICAL INFRASTRUCTURE PROTECTION Dr. Anastasios Zafeiropoulos, Senior R&D Architect, Contact: azafeiropoulos@ubitech.eu

More information