Software Defined Networking Hva kan du starte med i dag? Geir Åge Leirvik HP Networking
Agenda App Store keeping it simple HP apps: Protector Optimizer Lync Partners apps: BlueCat DNS KEMP Community apps: Flow Maker Blacklist
HP SDN App Store http://hp.com/sdn/appstore Accelerated time to ROI with integrated and validated applications Network agility with rapid and seamless deployment Standards-based for open and simplified collaboration and enterprise ready
Current applications highlights Apps Circle 1 HP Apps Circle 2 Partner Apps Circle 3 Community Network Protector Bluecat, DNS Director Central DNS security, globally delivered NorthboundNetworks, Flow Maker Network Optimizer Kemp vloadmaster AT Application Delivery Controller With SDN Adaptive Blackhole Technology Fortinet Fortigate & FortiManager SDN extensions Privatizer TechMahindra Server Load Balancer GuardiCore, Defense Suite Active Honeypot Data center security redefined Ecode, evolve Dynamic design to deployment Saisei Flow Command Real time flow policy control, analysis and security suite Adara Orchestration suite Real Status, Hyperglance Interactive 3D visibility and control Aricent Pure SDN Load Balancer iboss FireSphere Threat Isolator NEC Univerge Network Coordinator
HP Apps Optional subtitle
Network Protector
Modern malware, spyware, botnet businesses Client / server business and architecture Use it - $$$ Sell the capability - $
SDN Application example : BYOD botnet scenario WAN Wireless LAN Core Campus LAN Edge 1 Internet Employee Laptop + Son s USB Stick + Star Buck s WIFI 2 BotNet infected Laptop plugs back into Corp Net and attempts to infect all computers in LAN 3 BotNet attempts to access external server via DNS request and is detected by Gatekeeper and blocked
HP Network Protector SDN application Enabling real time threat detection across enterprise campus networks TippingPoint SDN Architecture Application Control Infrastructure Network Protector App VAN SDN Controller RepDV Database Secure BYOD Unprecedented Visibility 1 million + every 2 hours Malicious-site.com
HP Network Protector SDN Application Bringing security to the edge of the network Reputation DV data base (1M+ bad sites) HP VAN SDN Controller with Network Protector SDN Application Edge Core Distribution
HP Network Protector SDN Application benefits Simple security for BYOD Reduce time IT spends on security from weeks to hours Based on open standards Unprecedented visibility High visibility automation and control Protects the internal network from its host Malware/Botnet /Spyware protection Enables real time threat protection Protects from more than 1M malware/botnet & spyware
HP TippingPoint Reputation DV service Identifying known bad hosts Botnet CnC 5,000 6,000 sites worldwide Spammers Up to 80% of spam generated by top 100 spammers Malware Depots Estimates of 2,500 50,000 new malware depots discovered daily Compromised Hosts Millions worldwide Phishing Sites 50,000+ new phishing sites discovered monthly Reputation DV identifies these as Known Bad devices so you can block traffic to and from these sites
Malicious DNS requests reporting Per VLAN visibility DNS 10.10.120.11 RepD VDB Network Protector App HP SDN controller 10.10.105.25 IRF DC Core Switch (non OF capable) 10.10.150.72
Findings and Outcomes Resulting in a more secure network Proven efficiency Block Botnet propagation. Provide Blacklisting capability. Easiness of deployment OF at access layer or even few aggregation points. Legacy core is kept unchanged. Security reporting Instantaneous reporting of malicious DNS queries showing threat level
Network Optimizer
HP Network Optimizer for Lync Automating policy for campus enterprise business applications SDN Architecture Application Control Infrastructure Network Optimizer VAN SDN Controller Legacy LAN WAN SDN API POC Simplified operation Visibility Enhanced user experience Preserve existing core and WAN
High level overview Active Directory, Exchange & SharePoint Lync SDN API. Lync SDN Manager HP Network Optimizer SDN Application SDN Controller HP Server HP Server HP OpenFlow Switch HP OpenFlow Switch User: James User: Linda
Network Optimizer Demo
HP SDN Lync Demo
Network Optimizer Configuration DSCP setting
Network Optimizer Dashboard
Network Optimizer Lync/Sessions
Network Optimizer QoE metrics
Findings and Outcomes Lync just works better Proven QoS marking for Lync dynamic flows Lync flows are configured based on Lync FE servers DB. Easiness of deployment OF at access layer or even only on very few aggregation points. Legacy core QoS is kept almost unchanged. Lync application performance metrics Instantaneous reporting of Lync application quality in a networking operational dashboard.
PARTNER APPLICATIONS Optional subtitle
BlueCat DNS Director
DNS Director Secures the open enterprise with global visibility and centralized control over all DNS traffic across all connected devices. Central DNS security, globally delivered across all devices regardless of ownership & configuration Features Prevents devices from bypassing DNS driven security policies & accessing untrusted DNS servers Detects, intercepts and transparently redirects DNS queries at the edge of the network to secure DNS servers Enables elastic DNS service delivery for Enterprise & Carriers (NFV) Benefits Complete network visibility and control of all DNS traffic Prevent data exfiltration through DNS tunneling Ensure DNS driven security policies are applied to all connected devices, regardless of ownership and configuration Central DNS security, globally delivered across all devices regardless of ownership & configuration
BlueCat DNS Director Central DNS Security, Globally Delivered Application BlueCat DNS Director B Complete network visibility and control over all DNS traffic Prevent data exfiltration through DNS tunneling Ensure DNS driven security policies are applied to all connected devices SDN Architecture Control Infrastructure VM Connected Things VAN SDN Controller A C A B C DNS queries intercepted at edge through SDN rules when not targeted at corporate DNS Intercepted queries redirected to BlueCat s DNS/DHCP server where policies are applied BlueCat s DNS response structured to appear as if it came from originally targeted server so interception is undetected VM VM VM Hypervisor Customer DC VM Hybrid Cloud BlueCat DNS Server with Threat Protection Non Corporate DNS Servers Compromised DNS Servers https://www.youtube.com/watch?v=vzqg9vyiaji
KEMP LoadMaster
LoadMaster Application Delivery Controller With SDN Adaptive Technology Central DNS security, globally delivered across all devices regardless of ownership & configuration Features Dynamically adapt flow distribution based on network switch statistics Redirecting flows to optimize the overall QoE for the client Benefits Increased Application Delivery Performance Eliminates session outages and slow application response due to network congestion conditions Better overall quality of experience for end users of application services Application Delivery Controller With SDN Adaptive Technology
SDN Adaptive Load Balancing Enriching Load Balancing Policies Application Application flow 1 Virtual Load Master Application flow REST API 3 SDN Architecture Control Infrastructure Inbound traffic VAN SDN Controller 1 4 2 Server Cluster1 Server Cluster2 1 2 3 4 Typical flow path to the server access layer switch Controller detects the congestion on the Openflow switch port connecting to server 3 LoadMaster is pulling that layer 2 congestion information from the controller Kemp Loadmaster makes automated adjustment to sending traffic to server 3, instead distributing the load across servers 1 and 2 until the congestion condition clears
COMMUNITY APPLICATIONS FLOW MAKER Blacklist Optional subtitle Privatizer
Quiz