How To Make A Cloud Bursting System Work For A Business
|
|
- Priscilla Logan
- 3 years ago
- Views:
Transcription
1 Where will your application be in the future, in the cloud, on premises, off premises? How will you protect them? Nigel Ashworth Solution Architect EMEA
2 Advanced threats Software defined everything SDDC/Cloud Internet of Things Mobility HTTP is the new TCP F5 Networks, Inc 2
3 Impact on Data Center Architecture: Applications MICRO-ARCHITECTURES Each service is isolated and requires its own: Load balancing Authentication / authorization Security Layer 7 Services May be API-based, expanding services required More applications needing services API DOMINANCE Proxies are used in emerging API-centric architectures for: API versioning Client-based steering API Load balancing Metering & billing API key management More intelligence needed in services Service A Service C API v1 Service B Service D API v2 F5 Networks, Inc 3
4 Linear Delivery is Gone F5 Networks, Inc 4
5 It s Now a Complex Matrix SaaS Cloud More endpoints More delivery models More apps F5 Networks, Inc 5
6 Deliver the most secure, fast, and reliable applications to anyone anywhere at any time. F5 Networks, Inc 6
7 Application Environment Agile Development Speed, customerdriven, and quality of app development Rapid deployment network and operations velocity F5 Networks, Inc 7
8 Application Environment Agile Development Cloud and DevOps Speed, customerdriven, and quality of app development Accelerate time to market Rapid deployment network and operations velocity Cloud SLA and control private network agility F5 Networks, Inc 8
9 Application Environment Agile Development Cloud and DevOps SDN and Private Cloud Speed, customerdriven, and quality of app development Accelerate time to market Software defined data centers Rapid deployment network and operations velocity Cloud SLA and control private network agility Failed to Address: L4 7 device sprawl and application awareness F5 Networks, Inc 9
10 Software Defined Application Services Elements High-Performance Services Fabric Simplified Business Models F5 Networks, Inc 10
11 High-Performance Services Fabric Virtual Edition Appliance Chassis Network [Physical Overlay SDN]
12 High-Performance Services Fabric Programmability Data Plane Control Plane Management Plane Virtual Edition Appliance Chassis Network [Physical Overlay SDN]
13 High-Performance Services Fabric Programmability Data Plane Control Plane Management Plane Virtual Edition Appliance Chassis Network [Physical Overlay SDN]
14 Leave No Application Behind
15 High-Performance Fabric Application BIG-IP BIG-IP Services BIG-IP BIG-IP BIG-IP BIG-IP F5 Networks, Inc 15
16 Software Defined Application Services Software Defined Application Services (SDAS) are a rich set of services that address the delivery challenges faced by businesses today. Built and deployed atop extensible F5 platforms, SDAS are all application and context-aware, highly scalable, and programmatic. Provisioned and managed within the F5 Synthesis architecture through BIG-IQ, SDAS provides organizations with the opportunity to simplify application delivery architectures without compromising on service breadth and depth. F5 Networks, Inc 16
17 Optimization Cloud Bridging Traffic Management CGNAT Caching Traffic Management DDoS MDM App Delivery Firewall Authoritative DNS LTE Roaming VDI Application Services Portfolio Global Server Load Balancing Anti-Fraud SSL Inspection Policy Enforcement Endpoint Inspection SSL VPN Subscriber Traffic Control NfV Traffic Shaping and QoS DNSSEC Anti-Malware Compression Disaster Recovery SPDY Gateway Application Optimization Access Control Web Access Management DNS Caching & Resolving VAS Bursting Intelligent EPC node selection SSL Programmability VOLTE Intelligence Service Chaining Firewall SAML FederationMobile Optimization SDN Mobile App Management Cloud Federation Anti-Phishing Diameter & Routing SAML Federation Mobile Acceleration Global Load Balancing Gi Firewall Web Performance EnrichmentOptimization Secure Web Gateway Cloud Bursting Single Sign-On Application Traffic Control Quota Management Web App Firewall Acceleration Business Continuity Active Sync Proxy DNS Firewall
18 Intelligent Services Orchestration Orchestration Connectors Fabric Connectors BIG-IQ Cloud Connectors Module Connectors
19 Simplified Business Models Perpetual Subscriptions Bundles BYOL Cloud Licensing Program Utility
20 Synthesis High-Performance Fabric To provide the most scalable, highdensity, high-performance fabric in the industry to leave no application behind. Intelligent Services Orchestration Offering BIG-IQ for the deployment of application services, cloud orchestration one push button provisioning and all necessary API management. Simplified Business Models Providing capacity- and volumebased licensing, software modules of application services.
21 Centralized Management Platform BIG-IQ IQ BIG-IP BIG-IP Data Center Hybrid Cloud Public Cloud
22 Agility and Integration Eliminate technology management silos
23 Automation Reported benefits of automation to the IT process: 80% 62% 54% Time savings Cost savings Improved SLA delivery to the business Source: Redwood Software survey, October % of enterprises that have implemented process automation have experienced time savings, 69% claim improved productivity
24 Different Approaches It is about applications Operated solely for an organization, typically within the firewall Composed of two or more interoperable clouds, enabling data and application portability Accessible over the Internet for general consumption F5 Networks, Inc. 24
25 Provisioning and Deployment Timelines Slow time-to-production Increasing rate of IT requests Repetitive tasks for IT Higher risk of misconfiguration
26 Provisioning and Deployment Timelines Time-to-production for all the necessary infrastructure services from weeks to minutes
27 Cloud Migration Architecture Global load balancing Infrastructure monitoring Advanced reporting On-Premises Infrastructure Administrators Load balancing Custom business logic Application health SSL management DNS Line of Business Applications Business Unit Application Manager Application Business Unit Application Manager User Cloud Management Cloud Administrator Beta User Automated Application Delivery Network Health/performance monitoring vadc deployment Load balancing Custom business logic Application health SSL management Line of Business Applications Application Cloud Hosting Provider Strategic Point of Control
28 Cloud Bursting Architecture Global load balancing Infrastructure monitoring Advanced reporting On-Premises Infrastructure Finite Resources Load balancing Custom business logic Object caching SSL management DNS Application User Cloud Management UI or REST API Cloud Administrator User Automated Application Delivery Network Health/performance monitoring vadc deployment Business Unit Application Manager Load balancing Custom business logic Object caching SSL management On-Demand Computing Application Cloud Hosting Provider Strategic Point of Control
29 Policy Management Application delivery services Repeatable Integrated Orchestrated Tenant Portal Provider Portal Cloud Portal Cloud Portal App Lifecycle Management Cloud Management Cloud Connectors Third-Party Cloud Orchestrators (VMware vcloud Director) Expedited Cloud Management REST API Public Cloud (Amazon Web Services) Data Center 1 Data Center 2 Data Center 3 Data Center 4 F5 Networks, Inc. 29
30 F5 Reference Architectures Solving Customer Issues
31 Service based security Same policy on premise or cloud. WAF policy (L7) Firewall policy (L4) Dynamic IP policy (L3) DDOS protection (L2-L7) Consolidated logging F5 Networks, Inc 31
32 F5 DDoS protection reference architecture Next-Generation Firewall Corporate Users Tier 1 Tier 2 Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attacker ISPa/b Cloud Scrubbing Service DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E-Commerce Subscriber Threat Feed Intelligence Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Networks, Inc 32
33 DDoS Mitigation DNS Attacks Protect against DDoS at all layers 38 vectors covered Withstand the largest attacks DNS DDoS Gain visibility and detection of DNS/SSL attacks F5 Networks, Inc. 33
34 More sophisticated attacks are multi-layer Application SSL DNS Network F5 Networks, Inc 34
35 Which DDoS technologies do you use? CLOUD/HOSTED SERVICE Content delivery network Communications service provider STRENGTHS Completely off-premises so DDoS attacks can t reach you Amortized defense across thousands of customers DNS anycast and multiple data centers protect you Cloud-based DDoS service WEAKNESSES Customers pay, whether attacked or not Bound by terms of service agreement Solutions focus on specific layers (not all layers) F5 Networks, Inc 35
36 Which DDoS technologies do you use? STRENGTHS Direct control over infrastructure. Immediate mitigation with instant response and reporting. Solutions can be architected to independently scale of one another. ON-PREMISES DEFENSE Network firewall with SSL inspection Web application firewall WEAKNESSES Many point solutions in market, few comprehensive DDoS solutions. Can only mitigate up to max inbound connection size No other value. Only providing benefit when you get attacked. (excludes F5) On-premises DDoS solution Intrusion detection/prevention F5 Networks, Inc 36
37 F5 DDoS protection reference architecture Next-Generation Firewall Corporate Users Tier 1 Tier 2 Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attacker ISPa/b Cloud Scrubbing Service DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E-Commerce Subscriber Threat Feed Intelligence Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Networks, Inc 37
38 F5 DDoS protection reference architecture Next-Generation Firewall Corporate Users TIER 1 KEY FEATURES Legitimate Users DDoS Attacker Multiple ISP strategy ISPa/b Cloud Scrubbing Service Threat Feed Intelligence Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Tier 1 Tier 2 The first tier at the Network and DNS SSL attacks: perimeter SSL renegotiation, is layer 3 SSL flood and 4 network firewall services Simple load balancing Application to a second tier HTTP attacks: Slowloris, slow POST, recursive POST/GET IP reputation database IPS Mitigates volumetric and DNS DDoS attacks Financial Services E-Commerce Subscriber Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Networks, Inc 38
39 F5 DDoS protection reference architecture Next-Generation Firewall Corporate Users Tier 1 Tier 2 Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood SSL attacks: SSL renegotiation, SSL flood Financial Services Legitimate Users DDoS Attacker ISPa/b Cloud Scrubbing Service DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS IPS HTTP attacks: Slowloris, slow POST, recursive POST/GET Application E-Commerce Subscriber Threat Feed Intelligence Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Networks, Inc 39
40 F5 DDoS protection reference architecture Next-Generation Firewall Corporate Users TIER 2 KEY FEATURES The second tier is for application-aware, Multiple ISP CPU-intensive defense strategy Legitimate Users SSL termination ISPa/b DDoS Attacker mechanisms Web application firewall Mitigate asymmetric Cloud and Scrubbing SSL-based Service DDoS attacks Threat Feed Intelligence Protection is L7 based (not just a L4 reset) Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Tier 1 Network and DNS IPS SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Tier 2 Application Financial Services E-Commerce Subscriber Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Strategic Point of Control F5 Networks, Inc 40
41 Network Based DoS Detection & Mitigation 80+ DoS Vectors Flood ARP Flood DNS Response Flood Ethernet Broadcast Packet Ethernet Multicast Packet ICMP Flood IPV6 Fragment Flood IP Fragment Flood Routing Header Type 0 TCP ACK Flood TCP RST Flood TCP SYN ACK Flood TCP SYN Flood UDP Flood Single Endpoint Flood Single Endpoint Sweeper Fragmentation ICMP Fragment IPV6 Fragment IPV6 Fragment Overlap IPV6 Fragment Too Small IP Fragment IP Fragment Overlap IP Fragment Too Small Bad Header IPv4 Bad IP Option Bad IP TTL Value Bad IP Version Header Length > L2 Length Header Length Too Short IP Error Checksum IP Length > L2 Length IP Option Frames IP Source Address == Destination Address L2 Length >> IP Length No L4 TTL <= 1 Bad Header IPv6 Bad IPV6 Hop Count Bad IPV6 Version IPV6 Extended Header Frames IPV6 Length > L2 Length IPV6 Source Address == Destination Address Payload Length < L2 Length Too Many Extended Headers No L4 (Extended Headers Go To Or Past End of Frame) Bad Header L2 Ethernet MAC Source Address == Destination Address Bad Header TCP Bad TCP Checksum Bad TCP Flags (All Cleared and SEQ# == 0) Bad TCP Flags (All Flags Set) FIN Only Set Option Present With Illegal Length SYN && FIN Set TCP Header Length > L2 Length TCP Header Length Too Short (Length < 5) TCP LAND TCP Option Overruns TCP Header Unknown TCP Option Type Bad Header UDP Bad UDP Checksum UDP LAND Bad UDP Header (UDP Length > IP Length or L2 Length) Bad Header ICMP Bad ICMP Frame ICMP Frame Too Large Other Host Unreachable F5 Networks, Inc TIDCMP 41
42 Service based security Same policy on premise or cloud. WAF policy (L7) Firewall policy (L4) Dynamic IP policy (L3) DDOS protection (L2-L7) Consolidated logging F5 Networks, Inc 42
43 Centralized Management Platform BIG-IQ IQ BIG-IP BIG-IP Data Center Hybrid Cloud Public Cloud F5 Networks, Inc 43
44
45 Millions Rack units Gbps Millions Performance & Scale Use case 700 Throughput 8 Connections per second x x F5 (VIPRION 4800) Juniper (SRX 5800) Cisco (ASA 5585-X) Check Point (61000) 0 F5 (VIPRION 4800) Juniper (SRX 5800) Cisco (ASA 5585-X) Check Point (61000) Sessions Footprint x x F5 (VIPRION 4800) Juniper (SRX 5800) Cisco (ASA 5585-X) Check Point (61000) F5 (VIPRION 4800) Juniper (SRX 5800) Cisco (ASA 5585-X) Check Point (61000) F5 Networks, Inc 45 0 For 576M concurrent connections
Software Defined everything Internet of Things
F5 Synthesis Advanced threats Software Defined everything Internet of Things SDDC/Cloud HTTP is the new TCP Mobility Quality of experience F5 Networks, Inc 2 Customer Challenges: Applications and Infrastructure
More informationCisco ACI and F5 LTM Integration for accelerated application deployments. Dennis de Leest Sr. Systems Engineer F5
Cisco ACI and F5 LTM Integration for accelerated application deployments Dennis de Leest Sr. Systems Engineer F5 Agenda F5 Networks Who are we and what is Big-IP? F5 Synthesis Software Defined Application
More informationApplication centric Datacenter Management. Ralf Brünig, F5 Networks GmbH Field Systems Engineer March 2014
Application centric Datacenter Management Ralf Brünig, F5 Networks GmbH Field Systems Engineer March 2014 Index Application Deliver Controller (ADC) Proxy ADC Advanced Feature Application Management Optional:
More informationMulti-Layer Security for Multi-Layer Attacks. Preston Hogue Dir, Cloud and Security Marketing Architectures
Multi-Layer Security for Multi-Layer Attacks Preston Hogue Dir, Cloud and Security Marketing Architectures High-Performance Services Fabric Programmability Data Plane Control Plane Management Plane Virtual
More informationGanzheitlicher Schutz von Rechenzentren, Web-Servern und Anwendungen
Ganzheitlicher Schutz von Rechenzentren, Web-Servern und Anwendungen Technical Workshop 2014 ETK networks solution GmbH und CMS IT-Consulting GmbH erwin.kampmann@f5.com The evolution of attackers January
More informationProtect Your Infrastructure from Multi-Layer DDoS Attacks
Protect Your Infrastructure from Multi-Layer DDoS Attacks F5 EMEA Webinar February 2014 Presenter: Keiron Shepherd Title: Field Systems Engineer Protecting Against DDoS is Challenging Webification of apps
More informationIhr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar!
Ihr Standort bleibt erreichbar. Ihre Applikationen bleiben erreichbar! Die hybride DDoS Protection und Application Security Lösung von F5 Networks Arrow Sommerforum München am 16. Juli 2015 e.kampmann@f5.com
More informationCloud.. Migration? Bursting? Orchestration? Vincent Lavergne SED EMEA, South Gary Newe Sr SEM EMEA, UKISA
Cloud.. Migration? Bursting? Orchestration? Vincent Lavergne SED EMEA, South Gary Newe Sr SEM EMEA, UKISA Technology shifts center on applications Advanced threats APIs Internet of things Mobility SDDC/Cloud
More informationInfrastructure for more security and flexibility to deliver the Next-Generation Data Center
Infrastructure for more security and flexibility to deliver the Next-Generation Data Center Stefan Volmari Manager Systems Engineering Networking & Cloud Today's trends turn into major challenges Cloud
More informationPowering the Internet of Things: SDN/NFV Architectures
Powering the Internet of Things: SDN/NFV Architectures 6B Connected Devices 2013 2013 2016 2018 2020 50B Connected Devices Worldwide by 2020 Implications for Service Providers Scaling the Networks End
More information5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP
5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP With support for Cisco ACE load balancer ending, organizations need to find an alternative. Contents Introduction 3 Advanced Architecture 3 Ease of
More informationScale your DNS Infrastructure Ensure App and Service Availability. Nigel Ashworth Solution Architect EMEA n.ashworth@f5.com +44 77 88 436 325
Scale your DNS Infrastructure Ensure App and Service Availability Nigel Ashworth Solution Architect EMEA n.ashworth@f5.com +44 77 88 436 325 Agenda DNS and F5 Use Cases - The top four Firewall for DNS
More informationTDC s perspective on DDoS threats
TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)
More informationSoftware Defined Application Services
Software Defined Application Services Successful management of increased pressure on network and application infrastructure requires flexibility and dynamism across data centers, clouds, and managed environments.
More informationThe F5 DDoS Protection Reference Architecture
The F5 DDoS Protection Reference Architecture F5 offers guidance to security and network architects in designing, deploying, and managing architecture to protect against increasingly sophisticated, application-layer
More informationThe F5 DDoS Protection Reference Architecture
The F5 DDoS Protection Reference Architecture F5 offers guidance to security and network architects in designing, deploying, and managing architecture to protect against increasingly sophisticated, application-layer
More informationSecurity F5 SECURITY SOLUTION GUIDE
F5 SECURITY SOLUTION GUIDE Security Protect your data center and application services, improve user access, optimize performance, and reduce management complexity. 1 WHAT'S INSIDE Data Center Firewall
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationF5 and VMware. Realize the Virtual Possibilities.
. Realize the Virtual Possibilities. Simplify. Accelerate. Manage. Secure. Discover how deliver a Software-Defined Data Center by providing simplified end-to-end networking through an application-centric
More informationAutomated Mitigation of the Largest and Smartest DDoS Attacks
Datasheet Protection Automated Mitigation of the Largest and Smartest Attacks Incapsula secures websites against the largest and smartest types of attacks - including network, protocol and application
More informationThe State of Application Delivery in 2015
The State of Application Delivery in 2015 a report by F5 f5.com/soad 1 Introduction F5 surveyed customers from more than 300 organizations (of all sizes) across a broad spectrum of vertical markets such
More informationSHARE THIS WHITEPAPER. On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper
SHARE THIS WHITEPAPER On-Premise, Cloud or Hybrid? Approaches to Mitigate DDoS Attacks Whitepaper Table of Contents Overview... 3 Current Attacks Landscape: DDoS is Becoming Mainstream... 3 Attackers Launch
More information2012 Infrastructure Security Report. 8th Annual Edition Kleber Carriello Consulting Engineer
2012 Infrastructure Security Report 8th Annual Edition Kleber Carriello Consulting Engineer Key Findings in the Survey* Advanced Persistent Threats (APT) a top concern for service providers and enterprises
More informationBusiness Case for a DDoS Consolidated Solution
Business Case for a DDoS Consolidated Solution Executive Summary Distributed denial-of-service (DDoS) attacks are becoming more serious and sophisticated. Attack motivations are increasingly financial
More informationDENIAL-OF-SERVICE ATTACKS
DENIAL-OF-SERVICE ATTACKS 40 years old & more present then ever Robert Dürr, Brühl, 16./17.09.2015 Axians Networks & Solutions GmbH email: robert.duerr@axians.de 1 WHO IS AXIANS?! Axians is the new brand
More informationEVOLVED DATA CENTER ARCHITECTURE
EVOLVED DATA CENTER ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER DAVID NOGUER BAU HEAD OF SP SOLUTIONS MARKETING JUNIPER NETWORKS @dnoguer @JuniperNetworks 1 Copyright 2014 Juniper
More information1 2013 Infoblox Inc. All Rights Reserved. Securing the critical service - DNS
1 2013 Infoblox Inc. All Rights Reserved. Securing the critical service - DNS Dominic Stahl Systems Engineer Central Europe 11.3.2014 Agenda Preface Advanced DNS Protection DDOS DNS Firewall dynamic Blacklisting
More information[Restricted] ONLY for designated groups and individuals. 2014 Check Point Software Technologies Ltd.
[Restricted] ONLY for designated groups and individuals Contents 1 2 3 4 Industry Trends DDoS Attack Types Solutions to DDoS Attacks Summary 2 Cybercrime Landscape DNS Hijacking Malware 3% 3% Targeted
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationOrchestrating the next generation data center
Customer Driven Innovation A10 Networks Orchestrating the next generation data center WHD 2014 Do not distribute/edit/copy without the written consent of A10 Networks 2 About A10 3 Customer Driven Innovation
More informationHAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer
HAWAII TECH TALK SDN Paul Deakin Field Systems Engineer SDN What Is It? SDN stand for Software Defined Networking SDN is a fancy term for: Using a controller to tell switches where to send packets SDN
More informationFortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.
FortiDDoS DDoS Attack Mitigation Appliances Copyright Fortinet Inc. All rights reserved. What is a DDoS Attack? Flooding attack from compromised PCs run by a Botmaster The Botmaster s motivations may be
More informationSDN and NFV in the WAN
WHITE PAPER Hybrid Networking SDN and NFV in the WAN HOW THESE POWERFUL TECHNOLOGIES ARE DRIVING ENTERPRISE INNOVATION rev. 110615 Table of Contents Introduction 3 Software Defined Networking 3 Network
More informationDDoS Overview and Incident Response Guide. July 2014
DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target
More informationSoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork
SoLuTIoN guide CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork Contents BENEfITS of ThE CLoud-rEAdy data CENTEr NETWork............................3 getting ready......................................................................3
More informationCarrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable
Brocade Flow Optimizer Making SDN Consumable Business And IT Are Changing Like Never Before Changes in Application Type, Delivery and Consumption Public/Hybrid Cloud SaaS/PaaS Storage Users/ Machines Device
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationDatacenter Transformation
Datacenter Transformation Consolidation Without Compromising Compliance and Security Joe Poehls Solution Architect, F5 Networks Challenges in the infrastructure I have a DR site, but the ROI on having
More informationSOFTWARE DEFINED NETWORKING
SOFTWARE DEFINED NETWORKING Bringing Networks to the Cloud Brendan Hayes DIRECTOR, SDN MARKETING AGENDA Market trends and Juniper s SDN strategy Network virtualization evolution Juniper s SDN technology
More informationHow To Block A Ddos Attack On A Network With A Firewall
A Prolexic White Paper Firewalls: Limitations When Applied to DDoS Protection Introduction Firewalls are often used to restrict certain protocols during normal network situations and when Distributed Denial
More informationF5 fra Lastbalansering til Sikkerhet med Applikasjonene i fokus. Jon Bjørnland F5 Norway j.bjornland@f5.com
F5 fra Lastbalansering til Sikkerhet med Applikasjonene i fokus Jon Bjørnland F5 Norway j.bjornland@f5.com Markedsleder innen Application Delivery Networking Gartner, Feb 2009: Load Balancers Are Dead:
More informationReplacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands
Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP Dennis de Leest Sr. Systems Engineer Netherlands Microsoft Forefront Threat Management Gateway (TMG) Microsoft Forefront Threat Management
More informationThreat-Centric Security for Service Providers
Threat-Centric Security for Service Providers Enabling Open & Programmable Networks Sam Rastogi, Service Provider Security Product Marketing, Security Business Group Bill Mabon, Network Security Product
More informationSmart Network. Smart Business. Alteon NG Solution Brochure
Smart Network. Smart Business. Alteon NG Solution Brochure Alteon NG, Radware s next-generation application delivery controller (ADC), is designed from the ground up to ensure predictable application
More informationFive Steps For Securing The Data Center: Why Traditional Security May Not Work
White Paper Five Steps For Securing The Data Center: Why Traditional Security May Not Work What You Will Learn Data center administrators face a significant challenge: They need to secure the data center
More informationF5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France
F5 Identity and Access Management (IAM) Overview Laurent PETROQUE Manager Field Systems Engineering, France F5 s Security Strategy Protect Apps/Data Wherever They Reside Control Access to Apps/Data from
More informationCorero Network Security First Line of Defense Executive Overview
FIRST LINE OF DEFENSE Corero Network Security First Line of Defense Executive Overview Products and Services that Protect Against DDoS Attacks and Cyber Threats EXECUTIVE SUMMARY Any organization conducting
More informationHow To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan
Centec s SDN Switch Built from the Ground Up to Deliver an Optimal Virtual Private Cloud Table of Contents Virtualization Fueling New Possibilities Virtual Private Cloud Offerings... 2 Current Approaches
More informationDDoS Protection on the Security Gateway
DDoS Protection on the Security Gateway Best Practices 24 August 2014 Protected 2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationMarket Application Delivery Networking. Products ADC, WAN Optimization, Secure Access
Company snapshot Founded 2000 Headquarters Milpitas, CA, USA Employees 400+ Market Application Delivery Networking Products ADC, WAN Optimization, Secure Access Segments Enterprise, Service Provider, Public
More informationMANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013
MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY EMEA Webinar July 2013 Protecting the Enterprise Full Footprint Mobile user Application access management & Application security Enterprise headquarters
More informationSoftware Defined Networking (SDN) and OpenStack. Christian Koenning
Software Defined Networking (SDN) and OpenStack Christian Koenning Driving Towards an Application Centric World IT/Ops Struggle to Deliver SDDC/Cloud Mobility Internet of things Advanced threats Lines
More informationGetting More Performance and Efficiency in the Application Delivery Network
SOLUTION BRIEF Intel Xeon Processor E5-2600 v2 Product Family Intel Solid-State Drives (Intel SSD) F5* Networks Delivery Controllers (ADCs) Networking and Communications Getting More Performance and Efficiency
More informationHow valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks
How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks Stop DDoS before they stop you! James Braunegg (Micron 21) What Is Distributed Denial of Service A Denial of Service attack (DoS)
More informationF5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: p.bogaerts@f5.com Mob.: +32 473 654 689
F5 Intelligent Scale Philippe Bogaerts Senior Field Systems Engineer mailto: p.bogaerts@f5.com Mob.: +32 473 654 689 Intelligent and scalable PROTECTS web properties and brand reputation IMPROVES web application
More informationBIG-IP Systems: DoS Protection and Protocol Firewall Implementations. Version 12.0
BIG-IP Systems: DoS Protection and Protocol Firewall Implementations Version 12.0 Table of Contents Table of Contents Legal Notices...7 Legal notices...7 Detecting and Protecting Against DoS, DDoS, and
More informationF5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access
F5 PARTNERSHIP SOLUTION GUIDE F5 and VMware Virtualization solutions to tighten security, optimize performance and availability, and unify access 1 W H AT 'S INS I DE Data Center Virtualization 3 Enterprise
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationSecurity Overview and Cisco ACE Replacement
Security Days Geneva 2015 Security Overview and Cisco ACE Replacement March, 2014 Tobias Kull tobias.kull@eb-qual.ch A10 Corporate Introduction Headquarters in San Jose 800+ Employees Offices in 32 countries
More informationThank you for joining us today! The presentation will begin shortly. Thank you for your patience.
Thank you for joining us today! The presentation will begin shortly. Thank you for your patience. Copyright 2012-2015. SDNCentral LLC. All Rights Reserved September 11, 2015 Webinar Logistics Enable pop-ups
More informationDefense In Depth To Fight Against The Most Persistent DDoS
Defense In Depth To Fight Against The Most Persistent DDoS All enterprises with an Internet presence should worry about Distributed Denial-of-Service (DDoS) - some more than others. It is a fact of life
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationHigh-Performance DNS Services in BIG-IP Version 11
F5 White Paper High-Performance DNS Services in BIG-IP Version 11 To provide high-quality user experiences on the Internet, networks must be designed with optimized, secure, highly available, and high-performance
More informationNetwork Virtualization Solutions
Network Virtualization Solutions An Analysis of Solutions, Use Cases and Vendor and Product Profiles October 2013 The Independent Community and #1 Resource for SDN and NFV Tables of Contents Introduction
More informationSecurityDAM On-demand, Cloud-based DDoS Mitigation
SecurityDAM On-demand, Cloud-based DDoS Mitigation Table of contents Introduction... 3 Why premise-based DDoS solutions are lacking... 3 The problem with ISP-based DDoS solutions... 4 On-demand cloud DDoS
More informationJuniper Solutions for Turnkey, Managed Cloud Services
Juniper Solutions for Turnkey, Managed Cloud Services Three use cases for hosting and colocation service providers looking to deliver massively scalable, highly differentiated cloud services. Challenge
More informationAplikacija novi vladar poslovanja. Dino Novak F5 Networks
Aplikacija novi vladar poslovanja Dino Novak F5 Networks What is an application nowdays? Device native or HTTP based (no longer on client only) Dynamic (many server GET/PUT requests) Talks to backend service(s)
More informationFortiDDos Size isn t everything
FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One
More informationPresented by Philippe Bogaerts Senior Field Systems Engineer p.bogaerts@f5.com. Securing application delivery in the cloud
Presented by Philippe Bogaerts Senior Field Systems Engineer p.bogaerts@f5.com Securing application delivery in the cloud 2 The Leader in Application Delivery Networking Users Data Center At Home In the
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationSeguridad ante los Ataques Ciberneticos DNS. ENRIQUE MEDINA e.medina@f5.com
Seguridad ante los Ataques Ciberneticos DNS ENRIQUE MEDINA e.medina@f5.com F5 Networks, Inc 2 F5 Company Snapshot Founded: 1996 IPO: June 1999 Employees: Over: 3,942 Headquarters: Seattle, WA President
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
W H I T E P A P E R A p p l i c a t i o n D e l i v e r y f o r C l o u d S e r v i c e s : C u s t o m i z i n g S e r v i c e C r e a t i o n i n V i r t u a l E n v i r o n m e n t s Sponsored by: Brocade
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationArrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015
Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%
More informationIntroduction to DDoS Attacks. Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter
Introduction to DDoS Attacks Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter DDoS in the News Q1 2014 DDoS Attack Trends DDoS Attack Trends Q4 2013 Mobile devices
More informationEnabling Application Defined Networking with F5 Synthesis and Cisco Application Centric Infrastructure
Enabling Application Defined Networking with F5 Synthesis and Cisco Application Centric Infrastructure Dean Houari, Regional Solution Architect, F5 Networks March 2015 F5 and Cisco ACI Joint Solution Benefits
More informationA1.1.1.11.1.1.2 1.1.1.3S B
CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security
More informationDPtech ADX Application Delivery Platform Series
Data Sheet DPtech ADX Series DPtech ADX Application Delivery Platform Series Overview IT requirements for service capability can be summarized as "acceleration", "security" and "reliability". The contradiction
More informationData Center Network Evolution: Increase the Value of IT in Your Organization
White Paper Data Center Network Evolution: Increase the Value of IT in Your Organization What You Will Learn New operating demands and technology trends are changing the role of IT and introducing new
More informationHOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES
HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES Brian Levy CTO SERVICE PROVIDER SECTOR EMEA JUNIPER NETWORKS CIO DILEMA IT viewed as cost center
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationWeb Application Defence. Architecture Paper
Web Application Defence Architecture Paper June 2014 Glossary BGP Botnet DDoS DMZ DoS HTTP HTTPS IDS IP IPS LOIC NFV NGFW SDN SQL SSL TCP TLS UTM WAF XSS Border Gateway Protocol A group of compromised
More informationDynamic Attack Protection and Access Control
Security Revolution: F5 BIG-IP Dynamic Attack Protection and Access Control 2 How the Static Data Center Falls Short It started simple More user types, services Application issues Security woes What s
More informationIxLoad-Attack: Network Security Testing
IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationLeveraging SDN and NFV in the WAN
Leveraging SDN and NFV in the WAN Introduction Software Defined Networking (SDN) and Network Functions Virtualization (NFV) are two of the key components of the overall movement towards software defined
More informationDynamic Service Chaining for NFV/SDN
Dynamic Service Chaining for NFV/SDN Kishore Inampudi A10 Networks, Inc. Agenda Introduction NFV Reference Architecture NFV Use cases Policy Enforcement in NFV/SDN Challenges in NFV environments Policy
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationBusiness Case for S/Gi Network Simplification
Business Case for S/Gi Network Simplification Executive Summary Mobile broadband traffic growth is driving large cost increases but revenue is failing to keep pace. Service providers, consequently, are
More informationManagement & Orchestration of Metaswitch s Perimeta Virtual SBC
Metaswitch.com OvertureNetworks.com Management & Orchestration of Metaswitch s Perimeta Virtual SBC Fortify your edge and protect your core with the Perimeta Session Border Controller: Virtual The 1st
More informationRadware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical
Radware ADC-VX Solution The Agility of Virtual; The Predictability of Physical Table of Contents General... 3 Virtualization and consolidation trends in the data centers... 3 How virtualization and consolidation
More information