STORMY WEATHER SECURING CLOUD COMPUTING. Russell Skingsley Director of Advanced Technology Data Centre and Cloud, APAC Juniper Networks
|
|
- Lambert Cain
- 8 years ago
- Views:
Transcription
1 STORMY WEATHER SECURING CLOUD COMPUTING Russell Skingsley Director of Advanced Technology Data Centre and Cloud, APAC Juniper Networks
2 DISCLAIMER These are not necessarily the views of Juniper Networks even though I have pilfered some of their slides for my own nefarious purposes. 2 Copyright 2012 Juniper Networks, Inc.
3 TRADITIONAL DC NETWORK SECURITY Big Bad World Security Complex 802.1Q Switching Complex VLAN A VLAN B VLAN C Server 1 Server 2 Server 3 3 Copyright 2012 Juniper Networks, Inc.
4 THE PRINCIPLE OF CONSOLIDATION PER SERVER Waste Waste Waste Waste Waste Physical Servers Virtualised Server 4 Copyright 2012 Juniper Networks, Inc.
5 LARGER POOL, MORE CONSOLIDATION Waste Waste Waste Waste Waste Physical Servers Virtualised Servers 5 Copyright 2012 Juniper Networks, Inc.
6 SAME PRINCIPLE, FOR WHOLE DATA CENTERS Small DCs Consolidated DCs 6 Copyright 2012 Juniper Networks, Inc.
7 THE ECONOMICS OF THE DATA CENTER Physical Server Installed Base (Millions) Logical Server Installed Base (Millions) Complexity and Operating Costs Capital Savings Millions Installed Servers Source: IDC 7 Copyright 2012 Juniper Networks, Inc.
8 THE ECONOMICS OF THE DATA CENTER 8 Copyright 2012 Juniper Networks, Inc.
9 THE NEW EDGE Physical Network 802.1Q 802.1Q 802.1Q VMKernel VMKernel VMKernel vds VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8 VM9 ESX1 ESX2 ESX3 9 Copyright 2012 Juniper Networks, Inc.
10 VLAN LIMITATIONS DA SA 802.1Q Type or Length Data FCS 32 Bits Tag Protocol Identifier (0x8100) Priority (802.1p) Canonical Format Indicator VLAN ID 16 Bits 3 Bits 1 Bit 12 Bits 10 Copyright 2012 Juniper Networks, Inc.
11 SCALING BEYOND 4K TENANTS BRIDGE DOMAINS VDC 1 Core VDC Switch 2 VDC Distribution Switch Distribution Switch Distribution Switch Access Switch Access Switch Access Switch Access Switch Access Switch Access Switch Mobility Extent Mobility Extent Mobility Extent 11 Copyright 2012 Juniper Networks, Inc.
12 SCALING BEYOND 4K TENANTS VCD-NI DC Switching Access Access Access Access VLAN 5 VLAN 5 VLAN 5 VLAN 5 MAC 1 MAC 2 MAC 3 MAC 4 ESXi ESXi ESXi ESXi MAC 1:1 MAC 1:2 MAC 2:1 MAC 3:1 MAC 4:1 MAC 4:2 VM1 VM1 VM2 VM2 VM3 VM3 Mobility Extent 12 Copyright 2012 Juniper Networks, Inc.
13 VCD-NI PORTGROUP LABELS dvs.<vcenterid><ds#><vcd#><vlan><network ID><Name> <Network ID> is a 24 bit value expressed in Hexadecimal (This is sometime referred to as a fence ID) For Example: dvs.vc dvs3cm1-v32-c2e-coke Org1 13 Copyright 2012 Juniper Networks, Inc.
14 THE NEW EDGE WITH TUNNELS Physical Network 802.1Q 802.1Q 802.1Q VMKernel VMKernel VMKernel vds VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8 VM9 ESX1 ESX2 ESX3 14 Copyright 2012 Juniper Networks, Inc.
15 THE BROADCAST RADIATION WILL KILL US ALL Physical Network 802.1Q 802.1Q 802.1Q X VMKernel X VMKernel X VMKernel vds X X VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8 VM9 ESX1 ESX2 ESX3 15 Copyright 2012 Juniper Networks, Inc.
16 REMEMBER THESE RULES OF THUMB? Max IP hosts per subnet 500 Max IPX Hosts per subnet 256 Max Appletalk hosts per subnet Copyright 2012 Juniper Networks, Inc.
17 TIMES CHANGE SparcStation 2 28 MIPS MIPS used per host 500 Hosts Cost 0.7% of CPU Ivy Bridge Xeon 180,000 MIPS MIPS used per host 3.2 Million Hosts cost 0.7% of CPU 17 Copyright 2012 Juniper Networks, Inc.
18 THE BROADCAST RADIATION WONT KILL US ALL Physical Network 802.1Q 802.1Q 802.1Q X VMKernel X VMKernel X VMKernel vds X X VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8 VM9 ESX1 ESX2 ESX3 18 Copyright 2012 Juniper Networks, Inc.
19 SECURITY IMPLICATION OF VIRTUALIZATION Physical Network Virtual Network VM1 VM2 VM3 Virtual Switch ESX Host HYPERVISOR Security Complex Sees/Protects All Traffic Between Servers Physical Security is Blind to Traffic Between Virtual Machines 19 Copyright 2012 Juniper Networks, Inc.
20 THIS IS HOW WE HAVE BUILT DATA CENTRES WAN Routing 3840 Gbps Security 120 Gbps Switching Gbps Compute Gbps 20 Copyright 2012 Juniper Networks, Inc.
21 NETWORK THROUGHPUT IS A DIFFERENT STORY WAN Routing Switching Compute 21 Copyright 2012 Juniper Networks, Inc.
22 APPROACHES TO SECURING VIRTUAL NETWORKS 1. VLAN Segmentation 2. Agent-based 3. Kernel-based VMs segmented into separate VLANs; Inter-VM communications must route through the firewall Drawbacks: Complex VLAN networking; Lacks hypervisor visibility; High overhead VM1 VM2 VM3 Each VM has a software firewall Drawbacks: Significant performance implications; Huge management overhead of maintaining software and signature on 1000s of VMs VM1 VM2 VM3 Inter-VM traffic always protected; Micro-segmenting capabilities High-Performance from implementing firewall in the kernel Secures Hypervisor connections VM1 VM2 VM3 VS ESX Host VS ESX Host FW as Kernel Module ESX Host HYPERVISOR HYPERVISOR VS HYPERVISOR FW Agents 22 Copyright 2012 Juniper Networks, Inc.
23 THE NEW EDGE OPPORTUNITIES AND CHALLENGES FOR ALL Physical Network 802.1Q 802.1Q 802.1Q VMKernel VMKernel VMKernel vds VM1 VM2 VM3 VM4 VM5 VM6 VM7 VM8 VM9 ESX1 ESX2 ESX3 23 Copyright 2012 Juniper Networks, Inc.
24 Russell Skingsley
Secure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationExpert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts
Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor
More informationWhite Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationCloud Networking From Theory to Practice" Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications"
Cloud Networking From Theory to Practice Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications Who is Ivan Pepelnjak (@ioshints) Networking engineer since 1985 Consultant, blogger (blog.ioshints.info),
More informationWhite Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.
White Paper Five Best Practices to Protect Your Virtual Environment Realizing the Benefits of Virtualization Without Sacrificing Security Copyright 2012, Juniper Networks, Inc. 1 Table of Contents Executive
More informationData Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair
Data Center Network Virtualisation Standards Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair May 2013 AGENDA 1. Why standardise? 2. Problem Statement and Architecture
More informationVXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure
W h i t e p a p e r VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure Table of Contents Executive Summary.... 3 Cloud Computing Growth.... 3 Cloud Computing Infrastructure
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationAGENDA. 資 訊 網 路 發 展 趨 勢 Juniper Cloud Solution Cloud Security 解 決 方 案 共 同 供 應 契 約 採 購 建 議 為 何 選 擇 Juniper
EMEA SALES SUMMIT 2012 Cloud Solution AGENDA 資 訊 網 路 發 展 趨 勢 Juniper Cloud Solution Cloud Security 解 決 方 案 共 同 供 應 契 約 採 購 建 議 為 何 選 擇 Juniper 2 Copyright 2012 Juniper Networks, Inc. www.juniper.net CUSTOMERS
More information雲 端 發 展 與 安 全 趨 勢. 陳 建 宏 Jovi Chen 技 術 顧 問 jovichen@checkpoint.com. 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone
雲 端 發 展 與 安 全 趨 勢 陳 建 宏 Jovi Chen 技 術 顧 問 jovichen@checkpoint.com 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone Agenda 1 雲 端 發 展 概 況 2 私 有 雲 演 進 過 程 及 未 來 3 雲 端 虛 擬 化 的 安 全 疑
More informationAchieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro
Achieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro Whitepaper What s wrong with today s clouds? Compute and storage virtualization has enabled
More informationExpert Reference Series of White Papers. VMware vsphere Distributed Switches
Expert Reference Series of White Papers VMware vsphere Distributed Switches info@globalknowledge.net www.globalknowledge.net VMware vsphere Distributed Switches Rebecca Fitzhugh, VCAP-DCA, VCAP-DCD, VCAP-CIA,
More informationOvercoming The Blind Spots in Your Virtualized Data Center
Overcoming The Blind Spots in Your Virtualized Data Center Matt Percival Sales Manager Northern Europe Stand C4 2014 Ixia Inc. Outline Virtualization Overview Network Monitoring Basics Implementing a Monitoring
More informationAnalysis of Network Segmentation Techniques in Cloud Data Centers
64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology
More informationVirtual Firewalls. Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications
Virtual Firewalls Ivan Pepelnjak (ip@ioshints.info) NIL Data Communications Who is Ivan Pepelnjak (@ioshints) Networking engineer since 1985 Focus: real-life deployment of advanced technologies Chief Technology
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationPalo Alto Networks. Security Models in the Software Defined Data Center
Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling
More informationSDN Unlocks New Opportunities for Cloud Service Providers
White Paper SDN Unlocks New Opportunities for Cloud Service Providers Prepared by Caroline Chappell Senior Analyst, Heavy Reading www.heavyreading.com on behalf of www.juniper.net March 2014 Executive
More information5 Best Practices to Protect Your Virtual Environment
CONTENTS OF THIS WHITE PAPER Security Virtualization s Big Hurdle..1 Why Old-STyle Protections Fall short..2 Best Practices...3 Create A VM Service Good List... 3 Monitor and Protect the Hypervisor...
More informationSecure Cloud Computing with a Virtualized Network Infrastructure
Secure Cloud Computing with a Virtualized Network Infrastructure Fang Hao, T.V. Lakshman, Sarit Mukherjee, Haoyu Song Bell Labs Cloud Security: All or Nothing? Amazon EC2 Government Cloud Shared computing,
More informationUsing LISP for Secure Hybrid Cloud Extension
Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF 89, London, UK A New Use Case for LISP It s a use
More informationVMware vsphere-6.0 Administration Training
VMware vsphere-6.0 Administration Training Course Course Duration : 20 Days Class Duration : 3 hours per day (Including LAB Practical) Classroom Fee = 20,000 INR Online / Fast-Track Fee = 25,000 INR Fast
More informationVirtual Machine in Data Center Switches Huawei Virtual System
Virtual Machine in Data Center Switches Huawei Virtual System Contents 1 Introduction... 3 2 VS: From the Aspect of Virtualization Technology... 3 3 VS: From the Aspect of Market Driving... 4 4 VS: From
More informationVMware Network Virtualization Design Guide. January 2013
ware Network Virtualization Technical WHITE PAPER January 2013 ware Network Virtualization Table of Contents Intended Audience.... 3 Overview.... 3 Components of the ware Network Virtualization Solution....
More informationNetwork Troubleshooting & Configuration in vsphere 5.0. 2010 VMware Inc. All rights reserved
Network Troubleshooting & Configuration in vsphere 5.0 2010 VMware Inc. All rights reserved Agenda Physical Network Introduction to Virtual Network Teaming - Redundancy and Load Balancing VLAN Implementation
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationVXLAN, Enhancements, and Network Integration
VXLAN, Enhancements, and Network Integration Apricot 2014 - Malaysia Eddie Parra Principal Engineer, Juniper Networks Router Business Unit (RBU) eparra@juniper.net Legal Disclaimer: This statement of product
More informationConnectX -3 Pro: Solving the NVGRE Performance Challenge
WHITE PAPER October 2013 ConnectX -3 Pro: Solving the NVGRE Performance Challenge Objective...1 Background: The Need for Virtualized Overlay Networks...1 NVGRE Technology...2 NVGRE s Hidden Challenge...3
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationTRILL for Data Center Networks
24.05.13 TRILL for Data Center Networks www.huawei.com enterprise.huawei.com Davis Wu Deputy Director of Switzerland Enterprise Group E-mail: wuhuajun@huawei.com Tel: 0041-798658759 Agenda 1 TRILL Overview
More informationSOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT
BROCADE SOFTWARE DEFINED NETWORKING: INDUSTRY INVOLVEMENT Rajesh Dhople Brocade Communications Systems, Inc. rdhople@brocade.com 2012 Brocade Communications Systems, Inc. 1 Why can t you do these things
More informationNutanix Tech Note. VMware vsphere Networking on Nutanix
Nutanix Tech Note VMware vsphere Networking on Nutanix Nutanix Virtual Computing Platform is engineered from the ground up for virtualization and cloud environments. This Tech Note describes vsphere networking
More informationJUNIPER NETWORKS CLOUD SECURITY
White Paper JUNIPER NETWORKS CLOUD SECURITY Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction Cloud Computing Overview...3 Private Cloud... 4 Public Cloud...
More informationDEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP v10.2 to Enable Long Distance Live Migration with VMware vsphere vmotion
DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP v10.2 to Enable Long Distance Live Migration with VMware vsphere vmotion Table of Contents Table of Contents Introducing the BIG-IP and VMware vmotion
More informationSDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków
SDN CONTROLLER IN VIRTUAL DATA CENTER Emil Gągała PLNOG, 30.09.2013, Kraków INSTEAD OF AGENDA 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net ACKLOWLEDGEMENTS Many thanks to Bruno Rijsman for his
More informationVLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port
1. VLAN Overview 2. VLAN Trunk 3. Why use VLANs? 4. LAN to LAN communication 5. Management port 6. Applications 6.1. Application 1 6.2. Application 2 6.3. Application 3 6.4. Application 4 6.5. Application
More informationAN INTEGRATED SECURITY SOLUTION FOR THE VIRTUAL DATA CENTER AND CLOUD
White Paper AN INTEGRATED SECURITY SOLUTION FOR THE VIRTUAL DATA CENTER AND CLOUD Protecting Physical and Virtual Workloads Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More informationVirtual LANs. http://www.cis.ohio-state.edu/~jain/cis788-97/ or http://www.netlab.ohio-state.edu/~jain/cis788-97/ Raj Jain
Virtual LANs Professor of Computer and Information Sciences Please download and print the handouts from: http://www.cis.ohio-state.edu/~jain/cis788-97/ or http://www.netlab.ohio-state.edu/~jain/cis788-97/
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationSOLUTIONS FOR DEPLOYING SERVER VIRTUALIZATION IN DATA CENTER NETWORKS
WHITE PAPER SOLUTIONS FOR DEPLOYING SERVER VIRTUALIZATION IN DATA CENTER NETWORKS Copyright 2010, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................
More informationProtecting Physical and Virtual Workloads
WHITE PAPER An Integrated Security Solution for the Virtual Data Center and Cloud Protecting Physical and Virtual Workloads Copyright 2011, Juniper Networks, Inc. 1 Table of Contents Executive Summary........................................................................................................
More informationVMware. NSX Network Virtualization Design Guide
VMware NSX Network Virtualization Design Guide Table of Contents Intended Audience... 3 Overview... 3 Components of the VMware Network Virtualization Solution... 4 Data Plane... 4 Control Plane... 5 Management
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationNVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure
W h i t e p a p e r NVGRE Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure Table of contents Executive Summary.... 3 Cloud Computing Growth.... 3 Cloud Computing Infrastructure
More informationSoftware Defined Network (SDN)
Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationVMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic
VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP v10.2 to Enable Long Distance VMotion with VMware vsphere
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP v10.2 to Enable Long Distance VMotion with VMware vsphere Table of Contents Table of Contents Introducing the BIG-IP and VMware long-distance VMotion deployment
More informationNetwork Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013
Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall Semester 2013 1 Walmart s Data Center 2 Amadeus Data Center 3 Google s Data Center 4 Data Center
More informationHow To Orchestrate The Clouddusing Network With Andn
ORCHESTRATING THE CLOUD USING SDN Joerg Ammon Systems Engineer Service Provider 2013-09-10 2013 Brocade Communications Systems, Inc. Company Proprietary Information 1 SDN Update -
More informationMicrosegmentation Using NSX Distributed Firewall: Getting Started
Microsegmentation Using NSX Distributed Firewall: VMware NSX for vsphere, release 6.0x REFERENCE PAPER Table of Contents Microsegmentation using NSX Distributed Firewall:...1 Introduction... 3 Use Case
More informationSecure Virtual Network Configuration for Virtual Machine (VM) Protection
NIST Special Publication 800-125B Secure Virtual Network Configuration for Virtual Machine (VM) Protection Ramaswamy Chandramouli This publication is available free of charge from: http://dx.doi.org/10.6028/nist.sp.800-125b
More informationHow to Configure an Initial Installation of the VMware ESXi Hypervisor
How to Configure an Initial Installation of the VMware ESXi Hypervisor I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide
More informationHow to Create VLANs Within a Virtual Switch in VMware ESXi
How to Create VLANs Within a Virtual Switch in VMware ESXi I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide support
More informationInstall Guide for JunosV Wireless LAN Controller
The next-generation Juniper Networks JunosV Wireless LAN Controller is a virtual controller using a cloud-based architecture with physical access points. The current functionality of a physical controller
More informationJUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER 1 Copyright 2010 Juniper Networks, Inc. www.juniper.net 2-3-7: JUNIPER S BUSINESS STRATEGY 2 Customer Segments 3 Businesses Service
More informationVM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware
VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based
More informationJUNIPER NETWORKS FIREFLY HOST FIREWALL PERFORMANCE
White Paper JUNIPER NETWORKS FIREFLY HOST FIREWALL PERFORMANCE Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Performance Challenges in a Virtual Environment...3 Firefly
More informationVirtualized Access Layer. Petr Grygárek
Virtualized Access Layer Petr Grygárek Goals Integrate physical network with virtualized access layer switches Hypervisor vswitch Handle logical network connection of multiple (migrating) OS images hosted
More informationCLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
More informationHow Network Virtualization can improve your Data Center Security
How Network Virtualization can improve your Data Center Security Gilles Chekroun SDDC, NSX Team EMEA gchekroun@vmware.com 2014 VMware Inc. All rights reserved. Security IT spending Security spending is
More informationVMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000
VMware NSX Network Virtualization Design Guide Deploying VMware NSX with Cisco UCS and Nexus 7000 Table of Contents Intended Audience... 3 Executive Summary... 3 Why deploy VMware NSX on Cisco UCS and
More informationImplementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track**
Course: Duration: Price: $ 4,295.00 Learning Credits: 43 Certification: Implementing and Troubleshooting the Cisco Cloud Infrastructure Implementing and Troubleshooting the Cisco Cloud Infrastructure**Part
More informationHow To Set Up A Virtual Network On Vsphere 5.0.5.2 (Vsphere) On A 2Nd Generation Vmkernel (Vklan) On An Ipv5 Vklan (Vmklan)
Best Practices for Virtual Networking Karim Elatov Technical Support Engineer, GSS 2009 VMware Inc. All rights reserved Agenda Best Practices for Virtual Networking Virtual Network Overview vswitch Configurations
More informationBUILDING A NEXT-GENERATION DATA CENTER
BUILDING A NEXT-GENERATION DATA CENTER Data center networking has changed significantly during the last few years with the introduction of 10 Gigabit Ethernet (10GE), unified fabrics, highspeed non-blocking
More informationProgrammable Networking with Open vswitch
Programmable Networking with Open vswitch Jesse Gross LinuxCon September, 2013 2009 VMware Inc. All rights reserved Background: The Evolution of Data Centers Virtualization has created data center workloads
More informationNEC SigmaSystemCenter 3.0 highlights
NEC SigmaSystemCenter 3.0 highlights NEC Corporation 2nd IT Software Division IT Network Global Solutions Division Sept. 2011 NEC SigmaSystemCenter 3.0 highlights Cloud Management Multitenancy Resource
More informationVirtual Subnet: A Scalable Cloud Data Center Interconnect Solution
Virtual Subnet: A Scalable Cloud Data Center Interconnect Solution draft-xu-virtual-subnet-06 Xiaohu Xu (xuxh@huawei.com) IETF82, TAIWAN Why VM Mobility across Data Centers Data center maintenance Applications
More informationIntroduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...
APPLICATION NOTE Securing Virtualization in the Cloud-Ready Data Center Integrating vgw Virtual Gateway with SRX Series Services Gateways and STRM Series Security Threat Response Manager for Data Center
More informationIxia Phantom vtap. Overview. Virtual Taps Phantom Monitoring Solution DATA SHEET
Ixia Phantom vtap Overview The Ixia Phantom vtap is a software solution that supports all leading hypervisors (VMware vsphere, Microsoft Hyper-V, Citrix enserver, and more), to provide customers 100 percent
More informationVMware ESX Server 3 802.1Q VLAN Solutions W H I T E P A P E R
VMware ESX Server 3 802.1Q VLAN Solutions W H I T E P A P E R Executive Summary The virtual switches in ESX Server 3 support VLAN (IEEE 802.1Q) trunking. Using VLANs, you can enhance security and leverage
More informationCross-vCenter NSX Installation Guide
NSX 6.2 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationEnabling Solutions in Cloud Infrastructure and for Network Functions Virtualization
Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization Gateway Use Cases for Virtual Networks with MX Series Routers 1 Table of Contents Executive Summary... 3 Introduction...4
More informationSecurity Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationConfiguring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)
Configuring Virtual Switches for Use with PVS February 7, 2014 (Revision 1) Table of Contents Introduction... 3 Basic PVS VM Configuration... 3 Platforms... 3 VMware ESXi 5.5... 3 Configure the ESX Management
More informationMultitenancy Options in Brocade VCS Fabrics
WHITE PAPER DATA CENTER Multitenancy Options in Brocade VCS Fabrics As cloud environments reach mainstream adoption, achieving scalable network segmentation takes on new urgency to support multitenancy.
More informationExtending Networking to Fit the Cloud
VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at
More informationFlows as a topology chart
Flows as a topology chart Hiroshi ASAKURA, Kensuke NAKATA, Shingo KASHIMA, Hiroshi KURAKAMI NTT Information Sharing Platform Labs. 2011 NTT Information Sharing Platform Laboratories Background Target IaaS
More informationHuawei Enterprise A Better Way VM Aware Solution for Data Center Networks
Huawei Enterprise A Better Way VM Aware Solution for Data Center Networks HUAWEI TECHNOLOGIES CO., LTD. Contents Server Virtualization Challenges in Data Center Networks Huawei VM Aware Solution Implementation
More informationIntroduction to Virtual Datacenter
Oracle Enterprise Manager Ops Center Configuring a Virtual Datacenter 12c Release 1 (12.1.1.0.0) E27347-01 June 2012 This guide provides an end-to-end example for how to use Oracle Enterprise Manager Ops
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationvshield Quick Start Guide
vshield Manager 5.0 vshield App 5.0 vshield Edge 5.0 vshield Endpoint 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationCloud Networking: Framework and VPN Applicability. draft-bitar-datacenter-vpn-applicability-01.txt
Cloud Networking: Framework and Applicability Nabil Bitar (Verizon) Florin Balus, Marc Lasserre, and Wim Henderickx (Alcatel-Lucent) Ali Sajassi and Luyuan Fang (Cisco) Yuichi Ikejiri (NTT Communications)
More informationActive Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide
Active Fabric Manager (AFM) Plug-in for VMware vcenter Virtual Distributed Switch (VDS) CLI Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use
More informationWalmart s Data Center. Amadeus Data Center. Google s Data Center. Data Center Evolution 1.0. Data Center Evolution 2.0
Walmart s Data Center Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall emester 2013 1 2 Amadeus Data Center Google s Data Center 3 4 Data Center
More informationNVO3: Network Virtualization Problem Statement. Thomas Narten narten@us.ibm.com. IETF 83 Paris March, 2012
NVO3: Network Virtualization Problem Statement Thomas Narten narten@us.ibm.com IETF 83 Paris March, 2012 High-Level Motivation Imagine a data center Could be cloud provider, hosting center, enterprise
More informationAbout the VM-Series Firewall
About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/
More informationSecure Virtual Network Configuration for Virtual Machine (VM) Protection
1 2 3 4 5 6 DRAFT NIST Special Publication 800-125B Secure Virtual Network Configuration for Virtual Machine (VM) Protection Ramaswamy Chandramouli 7 8 9 10 11 12 This publication is available free of
More informationWHITE PAPER. Network Virtualization: A Data Plane Perspective
WHITE PAPER Network Virtualization: A Data Plane Perspective David Melman Uri Safrai Switching Architecture Marvell May 2015 Abstract Virtualization is the leading technology to provide agile and scalable
More informationAdopting Software-Defined Networking in the Enterprise
IT@Intel White Paper Intel IT Data Center Efficiency Software-Defined Networking April 2014 Adopting Software-Defined Networking in the Enterprise Executive Overview By virtualizing the network through
More informationConsolidated Technology Services PRIVATE CLOUD SERVICE. March 2014
Consolidated Technology Services PRIVATE CLOUD SERVICE March 2014 Topics Service Strategy Features and Benefits Service Options Rates Deployment Strategy Next Steps 2 Private Cloud Service Strategy Transform
More informationAn Oracle White Paper April 2012. Network Isolation in Private Database Clouds
An Oracle White Paper April 2012 Network Isolation in Private Database Clouds Executive Overview... 1 Different types of network isolation... 2 Network Traffic Isolation... 3 Network Security Isolation...
More information