雲端發展與安全趨勢. 陳建宏 Jovi Chen 技術顧問 jovichen@checkpoint.com. 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone

Similar documents

Cloud and VM Based Security

Securing the private cloud

Securing Virtualization with Check Point and Consolidation with Virtualized Security

Proactively Secure Your Cloud Computing Platform

Securing the Virtualized Data Center With Next-Generation Firewalls

5 Best Practices to Protect Your Virtual Environment

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

2013 ovh.com. All rights reserved

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

VMUG - vcloud Air Deep Dive VMware Inc. All rights reserved.

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Security in the Software Defined Data Center

Cloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD.

JUNIPER NETWORKS CLOUD SECURITY

Architecting Security for the Private Cloud. Todd Thiemann

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Secure Cloud-Ready Data Centers Juniper Networks

White Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.

Going Hybrid. The first step to your! Enterprise Cloud journey! Eric Sansonny General Manager!

Securing Virtual Applications and Servers

Virtualization 101 A basic guide to virtualization for the small to medium business

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Secure your Virtual World with Cyberoam

Lecture 02b Cloud Computing II

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud

WINDOWS AZURE NETWORKING

VMware for SMB environments(min st year)

Misconceptions surrounding security in a virtualized environment

CompTIA Cloud+ 9318; 5 Days, Instructor-led

Implementing and Managing Windows Server 2008 Hyper-V

Virtual Machine in Data Center Switches Huawei Virtual System

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Business Values of Network and Security Virtualization

WHITE PAPER. Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment

How To Protect Your Cloud From Attack

How To Protect A Data Center From A Hacker Attack

6422: Implementing and Managing Windows Server 2008 Hyper-V (3 Days)

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Netzwerkvirtualisierung? Aber mit Sicherheit!

How To Protect Virtualized Data From Security Threats

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Software Defined Environments

Overcoming Security Challenges to Virtualize Internet-facing Applications

Enterprise Cloud Management

STORMY WEATHER SECURING CLOUD COMPUTING. Russell Skingsley Director of Advanced Technology Data Centre and Cloud, APAC Juniper Networks

Aerohive Networks Inc. Free Bonjour Gateway FAQ

The Virtualization Practice

VMware vcloud Air Networking Guide

Mitigating Information Security Risks of Virtualization Technologies

About the VM-Series Firewall

How To Build A Software Defined Data Center

PICO Compliance Audit - A Quick Guide to Virtualization

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

How To Get A Better Price For Your Phone In Orange (European)

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

Covering my IaaS: Security and Extending the Datacenter. Brian Bourne Tadd Axon

M6422A Implementing and Managing Windows Server 2008 Hyper-V

ONE Cloud Services Secure Cloud Applications for E-Health

Using LISP for Secure Hybrid Cloud Extension

IDA Call 6 for Cloud Computing. Presented by: Don Ng, CISSP don.sh.ng@starhub.com, Senior Manager SaaS Partner Program Date: 12th November, 2012

Advancing Security with Software Defined Datacenter. Karen Law Senior Systems Consultant VMware Hong Kong Ltd

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Cisco Intercloud Fabric for Business

From SDN to SDC. Requirements for the Next Generation Cloud. Lisboa, Junho 2014

VMware NSX A Perspective for Service Providers part 2

Read On To Find Out The Must-have Security Features For The Next-gen Cloud:

Server Virtualization A Game-Changer For SMB Customers

Agile Cloud Architecture for TDM and Architects

T-SYSTEMS Cloud STORY

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Itex VMware NSX Network Virtualization Presentation

Infrastructure as a Service (IaaS) Dancik International and Peak 10

Availability Acceleration Access Virtualization - Consolidation

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Hosted Exchange Opportunity in Cloud Computing Complete Turnkey Solution

Securing the Physical, Virtual, Cloud Continuum

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Virtualization Technologies. Embrace the new world of healthcare

Internet Peering as a Cloud enabler for Enterprises

Effective End-to-End Cloud Security

SOFTWARE DEFINED NETWORKING

Vyatta Network OS for Network Virtualization

Deployment Options for Microsoft Hyper-V Server

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

SteelFusion with AWS Hybrid Cloud Storage

Connecting to the Cloud with F5 BIG-IP Solutions and VMware VMotion

Software defined networking. Your path to an agile hybrid cloud network

Building YOURcloud: The Federal Government s first Secure Hybrid Community Cloud

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

vcloud Suite Architecture Overview and Use Cases

Network performance in virtual infrastructures

Security Virtual Infrastructure - Cloud

Before and After Series. Data Center Migrations. Data Center Migrations with Legacy Infrastructure

Microsoft Windows Server 2008: MS-6422 Implementing and Managing Hyper V Virtualization 6422

Securing Industrial Control Systems on a Virtual Platform

Transcription:

雲端發展與安全趨勢陳建宏 Jovi Chen 技術顧問 jovichen@checkpoint.com 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone

Agenda 1 雲端發展概況 2 私有雲演進過程及未來 3 雲端虛擬化的安全疑慮 4 雲端的安全技術 2

虛擬化 VS 雲端技術 Virtualizing efficiency is good Virtualizing efficiency is good But Cloud efficiency is much better! Cloud Virtualization 3

雲端趨勢與革命 On-Premise Hybrid Cloud Off-Premise Efficiency Virtualization Private Cloud Public Cloud SaaS Legacy Datacenter Web Hosting $11.8 billion by 2014 $55 billion by 2014 4

私有雲的未來 Cost Reduction Shrinking 1,000 servers that use 100K watts into 100 servers that uses 10K watts IT as a Service IT becomes an ISP within the corporation 5

私有雲的演進 Legacy Datacenter Corpnet DMZ Extranet 1:1 Server per Application 1:10 Security Zone (VLANs) per Server 6

私有雲的演進 Application Virtualization Corpnet DMZ Extranet 1:5 Server per Application 1:1 Security Zone (VLANs) per Server 7

私有雲的演進 Networks Virtualization Corpnet DMZ Extranet 1:20 Server per Application 5:1 Security Zone (VLANs) per Server 8

私有雲的演進 Datacenter Consolidation Corpnet DMZ Extranet 1:100 Server per Application 20:1 Security Zone (VLANs) per Server 9

虛擬化下虛擬網路的問題?? Cheap and easy to add applications Everyone wants more VMs VMs Sprawl How to secure? More VLANs to segment VMs Hard to manage VLANs Sprawl Problem Lack of compliance Black spots Latency 10

私有雲所要面對的安全挑戰與需求 Protection from external threats Inspect traffic between Virtual Machines (VMs) Secure new Virtual Machines automatically 11

私有雲所要面對的安全挑戰與需求 Protection from external threats Inspect traffic between Virtual Machines (VMs) VM VM VM Secure new Virtual Machines automatically Hypervisor 12

Private Cloud - Security Needs Protection from external threats Inspect traffic between Virtual Machines (VMs) Secure new Virtual Machines automatically Ensure Security in dynamic environment 13

Introducing Check Point Security Gateway Virtual Edition (VE) Check Point Secures the Private Cloud Check Point Security Gateway Virtual Edition Best Virtual Security Gateway 14

有效保謢私有雲 VE VM VM Hypervisor Hypervisor Connector 15

Check Point VE 的特性 Check Point Security Gateway Virtual Edition (VE) Firewall VPN IPS Antivirus VE VM VM Hypervisor Connector Hypervisor 16

Check Point VE 的特性 VM VM VE VM VM Inspecting Inter-VM Traffic Hypervisor Connector Hypervisor 17

Check Point VE 的特性 VE VM VM Hypervisor Connector Hypervisor 18

Check Point VE 的特性 Unified Management Same management for Physical and Virtual Virtualize the Management 19

Check Point VE 的特性 Unified Management Same management for Physical and Virtual Virtualize the Management VM VM Hypervisor Connector Hypervisor 20

Customer Scenario: A&B Corp. Remote access VMWare ESXi Servers zone Corpnet Department A DMZ Department B Department C Administrators Physical Data Center Per department/customer zone Corporate network 21

How to secure different Cloud Security Layers? Cloud security layers Cloud Secure connection to the Cloud Security of the Cloud Security within the Cloud Offer Multi-tenancy management and customized policy via Multi-Domain Management 22

Check Point Cloud Security Remote access VMWare ESXi Check Point VSX Servers zone Corpnet Department A DMZ Department B Extran et Department C Management Physical Data Center Per department/customer zone Corporate network 23

Consolidation Security gateways VSX Consolidate 100s of gateways into one single device Virtual Firewall per customer, group or business units Add virtual systems without purchasing more hardware Clean Pipe (for Telco) 24

How to secure different Cloud Security Layers? Cloud security layers Cloud Secure connection to the Cloud Security of the Cloud Security within the Cloud Offer Multi-tenancy management and customized policy via Multi-Domain Management 25

Security of the Cloud Remote access VMWare ESXi Consolidation Security gateways Servers zone Corpnet Department A DMZ Department B Extran et Department C Management Physical Data Center Per department/customer zone Corporate network 26

How to secure different Cloud Security Layers? Cloud security layers Cloud Secure connection to the Cloud Security of the Cloud Security within the Cloud Offer Multi-tenancy management and customized policy via Multi-Domain Management 27

Security within the Cloud Remote access Check Point Security Gateway Virtual Edition VMWare ESXi SGVE Servers zone Corpnet Department A DMZ Department B Extran et Department C Management Physical Data Center Per department/customer zone Corporate network 28

Check Point Cloud Security Remote access R75 IPS-AV-AS-Mobile VMWare ESXi SGVE Central Management VSX Servers zone Corpnet Department A DMZ Department B Extran et Department C Management Legacy Data Center Per department/customer zone Corporate network 29

Check Point Cloud Security Check Point Secures the Public Clouds Use VSX for secure connectivity with the Public Cloud Secure VMs and Inter-VMs connection with Security Gateway Virtual Edition Offer Multi-tenancy management and customized policy via Multi-Domain Management 30

Summary Check Point Pioneers the Cloud Security Virtual Security Gateway For Multi-Tenant Cloud Environments 31

32

Thank You Lunch & Learn Training February 2011 33