Use Case Brief NETWORK SECURITY



Similar documents
Use Case Brief BORDERLESS DATACENTERS

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

Business Values of Network and Security Virtualization

Virtualized Network Services SDN solution for enterprises

Virtualized Network Services SDN solution for service providers

How Network Virtualization can improve your Data Center Security

How To Build A Software Defined Data Center

FLEXIBLE NETWORK SERVICES TO DRIVE YOUR ENTERPRISE AT CLOUD SPEED. Solution Primer

Unconstrained Datacenter Networks for the Cloud Era

Bringing the Cloud to the Enterprise Branch and WAN: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY

PLUMgrid Open Networking Suite Service Insertion Architecture

How To Protect A Data Center From A Hacker Attack

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack

May 13-14, Copyright 2015 Open Networking User Group. All Rights Reserved Not For

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Data Center Micro-Segmentation

Branches as Nimble as the Cloud: Unleashing Agility with Nuage Networks Virtualized Network Services EXECUTIVE SUMMARY

Open Source Networking for Cloud Data Centers

Network Virtualization for the Enterprise Data Center. Guido Appenzeller Open Networking Summit October 2011

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Pluribus Netvisor Solution Brief

Network Virtualization Solutions - A Practical Solution

TECHNOLOGY WHITE PAPER. Correlating SDN overlays and the physical network with Nuage Networks Virtualized Services Assurance Platform

EXTENSIBLE WIDE AREA NETWORKING

Deliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Virtualization, SDN and NFV

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

Securing Virtual Applications and Servers

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

The Value of Open vswitch, Fabric Connect and Fabric Attach in Enterprise Data Centers

Itex VMware NSX Network Virtualization Presentation

2013 ONS Tutorial 2: SDN Market Opportunities

Enterprise Data Center Networks

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Securing the Virtualized Data Center With Next-Generation Firewalls

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Network Access Control in Virtual Environments. Technical Note

WHITE PAPER: Egenera Cloud Suite

Data Center Virtualization and Cloud QA Expertise

CoIP (Cloud over IP): The Future of Hybrid Networking

WHITE PAPER: Egenera Cloud Suite

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Limiting the Spread of Threats: A Data Center for Every User

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

TOP 5 REASONS WHY FINANCIAL SERVICES FIRMS SHOULD CONSIDER SDN NOW

SOFTWARE DEFINED NETWORKING

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc.

How To Protect Your Cloud From Attack

Installing Intercloud Fabric Firewall

AlcAtel-lucent enterprise AnD sdnsquare sdn² network solution enabling highly efficient, volumetric, time-critical data transfer over ip networks

Securing the Intelligent Network

Palo Alto Networks. Security Models in the Software Defined Data Center

Network Virtualization: Delivering on the Promises of SDN. Bruce Davie, Principal Engineer

Scalable Network Monitoring with SDN-Based Ethernet Fabrics

What s New in VMware Site Recovery Manager 6.1

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Strategies for assessing cloud security

Software-Defined Storage: What it Means for the IT Practitioner WHITE PAPER

Catbird 6.0: Private Cloud Security

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Proactively Secure Your Cloud Computing Platform

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

Cisco Network Services Manager 5.0

How OpenFlow -Based SDN Transforms Private Cloud. ONF Solution Brief November 27, 2012

EXPAND YOUR BUSINESS SERVICES REACH WITH VIRTUALIZED NETWORK SERVICES. Solution Primer

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

VMware Solution Guide for. Payment Card Industry (PCI) September v1.3

Business Case for Open Data Center Architecture in Enterprise Private Cloud

VMware vcloud Networking and Security

SDN Applications in Today s Data Center

Advancing Security with Software Defined Datacenter. Karen Law Senior Systems Consultant VMware Hong Kong Ltd

VMware

Virtualized Hadoop. A Dell Hadoop Whitepaper. By Joey Jablonski. A Dell Hadoop Whitepaper

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Software-Defined Networks Powered by VellOS

MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Software defined networking. Your path to an agile hybrid cloud network

Solving Scale and Mobility in the Data Center A New Simplified Approach

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Security in the Software Defined Data Center

A Look at the New Converged Data Center

Network Services in the SDN Data Center

WHITE PAPER. Data Center Fabrics. Why the Right Choice is so Important to Your Business

SolidFire SF3010 All-SSD storage system with Citrix CloudPlatform Reference Architecture

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Transcription:

Use Case Brief NETWORK SECURITY As Datacenter architectures have incorporated virtualization, new application topologies, and new programming constructs such as Docker Containers, new security gaps have emerged. This brief describes how Nuage Networks fills critical security gaps within and across datacenters.

Challenges Providing network security is becoming an increasingly daunting task in the cloud world: Rate of change accelerating: Cloud architectures are dynamic, making the maintenance of fixed security measures such as access control lists (ACLs) cumbersome and expensive. Complexity is increasing: Compared to legacy applications that communicate north-south, modern cloud applications leverage multiple networking layers that communicate along unsecured east-west data paths within the datacenter. Attacks growing in sophistication and persistence: Hacking is increasingly performed by professionals who have financial or other incentives to compromise the network, even if the penetration takes months to accomplish. These challenges are summarized in Figure 1. In this example, VM-to-VM communication within the hypervisor is unprotected, as is application-to-application communication within a rack or over the datacenter network. A hacker that compromises a single VM or application can readily move sideways within the datacenter to attack other VMs and applications. To secure all of these interconnections, interstitial firewalls could be used, but the definition process is time-consuming, manual, and prone to error. FIGURE 1. East-west datacenter traffic is unprotected Datacenter Security Gaps Datacenter Network VM VM VM VM VM VM (VMware) (Xen) Bare Metal Rack 3 2

How We Help You Nuage Networks Virtualized Services Platform (VSP) has been architected to be a non-disruptive overlay for all existing virtualized and non-virtualized network resources. No purpose-built networking hardware is required since all components are virtualized. Similar to how cell phones preserve their attributes while in roam mode, Nuage Networks VSP preserves the network attributes (required network settings including security) no matter where the workload is placed. By replacing the tie to the physical network element with a set of required network attributes, Nuage Networks VSP provides full network roaming capabilities for your workloads. Nuage Networks VSP provides critical ingredients in cloud environments universal and consistent security policies and enforcement at a fine-grained level. Beginning with a Zero Trust security model by default, any security model can be implemented from micro-segmentation at the VM level all the way up to application-level controls. Security policies are defined in business terms using declarative policies (such as You MUST use HTTP Authentication when accessing this application ) rather than rigid controls based on everchanging IP addresses. As shown in Figure 2, the Virtual Services Controller (VSC) provides control plane coordination (as indicated by the dotted line) among one-to-many Virtual Routing and Switching (VRS) components. The VRS data plane component includes both an embedded virtual switch (vswitch) and a firewall. FIGURE 2. A private cloud with full automation across CMS systems and locations Multilayer Security Controls Fill Datacenter Security Gaps Datacenter Network Gateway VM VM VM VM VM VM (VMware) (Xen) Bare Metal Rack 3 VSC VSD VRS 3

Starting at the initial connection point to the network, VMs and applications are fully secured and isolated. VM to VM network traffic is secured both within a rack and between racks. For example, assume a VM wants to set up a session with another VM in the same rack. Without Nuage Networks VSP, this traffic would be both unsecured and unmonitored. With Nuage Networks VSP, since VMs are secured within the hypervisor, intra-datacenter and intrarack traffic is fully secured. Security is defined both with a single, unchangeable master policy and dependent policies. Leveraging these policies, VMs can be moved either within the datacenter or across datacenters in a completely automated fashion. Nuage Networks ensures the VM s metadata (network and security settings) are preserved and moved with the application or VM. Then, when the application or VM boots, Nuage Networks VSP is triggered and takes the appropriate action(s). Via Nuage Network s Service Chaining automation capabilities, multi-step authorizations (such as enabling cascading security checks down multiple firewalls) can be performed. Granular tracking provides the detailed source data needed for auditing, threat detection and problem investigation. The master security policy cannot be over-ridden at any level, yet dependent security policies, such as those impacting a single VM, can modify authorized parameters. This hierarchy of policies ensures that central IT can enforce overall security policies, yet provide local control and customization as needed. Every network event, including changes to security policies, is collected and stored in a robust Apache Hadoop datastore. Auditing, threat detection and problem investigation are possible, effective and efficient with this granularity of logging. Hackers typically take advantage of the lack of network security within a datacenter. Nuage Networks VSP, by providing security policies for traffic within the datacenter, helps close this vulnerability. 4

How this Approach Changes the Game This innovative approach provides game-changing functionality for private and public clouds. A few capabilities are highlighted below. Benefits Provides consistent, multitenant security: Ensures that security is applied from the top down consistently, efficiently and automatically for each tenant, application, or VM. The Nuage Networks VSP policy approach eliminates manual errors and ensures that VM and application mobility does not compromise security. Fills security gaps: Fills critical network security gaps within the datacenter. Nuage Networks VSP enforces security for VMs and applications at the first connection point of the network and also uniquely secures intradatacenter traffic. Empowers investigations: Enables security issues to be efficiently tracked down and resolved. Since each network policy change and network event is filed into a centralized Hadoop database, security issues can be readily tracked and investigated. Minimizes Virtualization Attack Surface: By protecting VM to VM communications even within the hypervisor, the overall attack surface is minimized. Even if a hacker compromises a VM, it will be difficult to branch to other VMs on the same hypervisor. High Security within the Datacenter: Legacy security approaches focus on external threats rather than threats within the datacenter. The built-in security of Nuage Networks VSP, including the default Zero Trust model, operates at the VM and virtual network levels. By protecting the datacenter at the first connection point to the network for VMs and applications, full security and isolation are provided within the hypervisor, rack and datacenter. Complete UI-driven Self-service Security: End users can control every aspect of their virtualized environment with their choice of user interfaces (such as a CMS interface, Nuage Networks VSP, or an in-house interface). Security controls are provided within the limits allowed by centralized policies. Self-service capabilities increase customer control and enable both private and public clouds to handle staggering volumes of customers, virtual machines and request volumes. Automated Security Efficiencies: With the use of intelligent, declarative policies, VMs and applications can be instantiated or moved programmatically without having to manually define security definitions, even complex multitier firewall definitions. Compliance: Every policy can be printed for review. Each network event that required a security response can also be reported from the Hadoopbased datastore. These capabilities make auditing and compliance a breeze. Investigations: Network events, including the policy-based response, are tracked in a Hadoop database. This richness of time-stamped detail enables ready tracking and investigation of security issues. 5

Why Our Network Security is Unmatched Nuage Networks is the best software defined networking choice for security. Our products include security capabilities that cannot be matched by any other vendor. Fills critical network security gaps within a cloud datacenter Nuage Network s SDN products enforce security for virtual machines (VMs) and applications at the first connection point of the network, minimizing vulnerabilities. It also uniquely secures critical, and largely unprotected, intra-datacenter (east-west) traffic. Maximizes security for complex applications Our SDN architecture maximizes security even for today s complex web-based applications (such as multi-tiered with interstitial firewalls) and new programming constructs such as containers. Allows you to choose the best control models for each physical and logical construct Rather than a one-size-fits-all approach, fine-grained controls, including the Nuage Networks vswitch and robust security policies, allow you to tailor security requirements to the department, network, application, container or VM. www.nuagenetworks.net Nuage Networks and the Nuage Networks logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein. Copyright 2015 Alcatel-Lucent. All rights reserved. MKT2014118619EN (January)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information