雲 端 發 展 與 安 全 趨 勢 陳 建 宏 Jovi Chen 技 術 顧 問 jovichen@checkpoint.com 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone
Agenda 1 雲 端 發 展 概 況 2 私 有 雲 演 進 過 程 及 未 來 3 雲 端 虛 擬 化 的 安 全 疑 慮 4 雲 端 的 安 全 技 術 2
虛 擬 化 VS 雲 端 技 術 Virtualizing efficiency is good Virtualizing efficiency is good But Cloud efficiency is much better! Cloud Virtualization 3
雲 端 趨 勢 與 革 命 On-Premise Hybrid Cloud Off-Premise Efficiency Virtualization Private Cloud Public Cloud SaaS Legacy Datacenter Web Hosting $11.8 billion by 2014 $55 billion by 2014 4
私 有 雲 的 未 來 Cost Reduction Shrinking 1,000 servers that use 100K watts into 100 servers that uses 10K watts IT as a Service IT becomes an ISP within the corporation 5
私 有 雲 的 演 進 Legacy Datacenter Corpnet DMZ Extranet 1:1 Server per Application 1:10 Security Zone (VLANs) per Server 6
私 有 雲 的 演 進 Application Virtualization Corpnet DMZ Extranet 1:5 Server per Application 1:1 Security Zone (VLANs) per Server 7
私 有 雲 的 演 進 Networks Virtualization Corpnet DMZ Extranet 1:20 Server per Application 5:1 Security Zone (VLANs) per Server 8
私 有 雲 的 演 進 Datacenter Consolidation Corpnet DMZ Extranet 1:100 Server per Application 20:1 Security Zone (VLANs) per Server 9
虛 擬 化 下 虛 擬 網 路 的 問 題?? Cheap and easy to add applications Everyone wants more VMs VMs Sprawl How to secure? More VLANs to segment VMs Hard to manage VLANs Sprawl Problem Lack of compliance Black spots Latency 10
私 有 雲 所 要 面 對 的 安 全 挑 戰 與 需 求 Protection from external threats Inspect traffic between Virtual Machines (VMs) Secure new Virtual Machines automatically 11
私 有 雲 所 要 面 對 的 安 全 挑 戰 與 需 求 Protection from external threats Inspect traffic between Virtual Machines (VMs) VM VM VM Secure new Virtual Machines automatically Hypervisor 12
Private Cloud - Security Needs Protection from external threats Inspect traffic between Virtual Machines (VMs) Secure new Virtual Machines automatically Ensure Security in dynamic environment 13
Introducing Check Point Security Gateway Virtual Edition (VE) Check Point Secures the Private Cloud Check Point Security Gateway Virtual Edition Best Virtual Security Gateway 14
有 效 保 謢 私 有 雲 VE VM VM Hypervisor Hypervisor Connector 15
Check Point VE 的 特 性 Check Point Security Gateway Virtual Edition (VE) Firewall VPN IPS Antivirus VE VM VM Hypervisor Connector Hypervisor 16
Check Point VE 的 特 性 VM VM VE VM VM Inspecting Inter-VM Traffic Hypervisor Connector Hypervisor 17
Check Point VE 的 特 性 VE VM VM Hypervisor Connector Hypervisor 18
Check Point VE 的 特 性 Unified Management Same management for Physical and Virtual Virtualize the Management 19
Check Point VE 的 特 性 Unified Management Same management for Physical and Virtual Virtualize the Management VM VM Hypervisor Connector Hypervisor 20
Customer Scenario: A&B Corp. Remote access VMWare ESXi Servers zone Corpnet Department A DMZ Department B Department C Administrators Physical Data Center Per department/customer zone Corporate network 21
How to secure different Cloud Security Layers? Cloud security layers Cloud Secure connection to the Cloud Security of the Cloud Security within the Cloud Offer Multi-tenancy management and customized policy via Multi-Domain Management 22
Check Point Cloud Security Remote access VMWare ESXi Check Point VSX Servers zone Corpnet Department A DMZ Department B Extran et Department C Management Physical Data Center Per department/customer zone Corporate network 23
Consolidation Security gateways VSX Consolidate 100s of gateways into one single device Virtual Firewall per customer, group or business units Add virtual systems without purchasing more hardware Clean Pipe (for Telco) 24
How to secure different Cloud Security Layers? Cloud security layers Cloud Secure connection to the Cloud Security of the Cloud Security within the Cloud Offer Multi-tenancy management and customized policy via Multi-Domain Management 25
Security of the Cloud Remote access VMWare ESXi Consolidation Security gateways Servers zone Corpnet Department A DMZ Department B Extran et Department C Management Physical Data Center Per department/customer zone Corporate network 26
How to secure different Cloud Security Layers? Cloud security layers Cloud Secure connection to the Cloud Security of the Cloud Security within the Cloud Offer Multi-tenancy management and customized policy via Multi-Domain Management 27
Security within the Cloud Remote access Check Point Security Gateway Virtual Edition VMWare ESXi SGVE Servers zone Corpnet Department A DMZ Department B Extran et Department C Management Physical Data Center Per department/customer zone Corporate network 28
Check Point Cloud Security Remote access R75 IPS-AV-AS-Mobile VMWare ESXi SGVE Central Management VSX Servers zone Corpnet Department A DMZ Department B Extran et Department C Management Legacy Data Center Per department/customer zone Corporate network 29
Check Point Cloud Security Check Point Secures the Public Clouds Use VSX for secure connectivity with the Public Cloud Secure VMs and Inter-VMs connection with Security Gateway Virtual Edition Offer Multi-tenancy management and customized policy via Multi-Domain Management 30
Summary Check Point Pioneers the Cloud Security Virtual Security Gateway For Multi-Tenant Cloud Environments 31
32
Thank You Lunch & Learn Training February 2011 33