Advancing Security with Software Defined Datacenter. Karen Law Senior Systems Consultant VMware Hong Kong Ltd

Similar documents
Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Limiting the Spread of Threats: A Data Center for Every User

Itex VMware NSX Network Virtualization Presentation

How Network Virtualization can improve your Data Center Security

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

How To Protect A Data Center From A Hacker Attack

Netzwerkvirtualisierung? Aber mit Sicherheit!

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

Business Values of Network and Security Virtualization

How To Build A Software Defined Data Center

Softverski definirani data centri - 2. dio

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain

Data Center Micro-Segmentation

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

VMware NSX A Perspective for Service Providers part 2

SDDC: A New Architecture for a New Era of Ed IT

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Microsegmentation Using NSX Distributed Firewall: Getting Started

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Software defined networking. Your path to an agile hybrid cloud network

Security in the Software Defined Data Center

VMware vshield App Design Guide TECHNICAL WHITE PAPER

Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER

Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER

Securing the Virtualized Data Center With Next-Generation Firewalls

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

2015 DevOps SECURITY GUIDE For continuous application delivery

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Proactively Secure Your Cloud Computing Platform

(R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure

Securing Virtual Applications and Servers

5 Best Practices to Protect Your Virtual Environment

These materials are 2015 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Mitigating Information Security Risks of Virtualization Technologies

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Use Case Brief NETWORK SECURITY

1518 Best Practices in Virtualization & Cloud Security with Symantec

Secure Cloud-Ready Data Centers Juniper Networks

雲 端 發 展 與 安 全 趨 勢. 陳 建 宏 Jovi Chen 技 術 顧 問 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone

Software Defined Environments

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Securing Physical and Virtual IT Assets Without Hardware Firewalls or VLANs

Designing Virtual Network Security Architectures Dave Shackleford

VMware. NSX Network Virtualization Design Guide

Catbird 6.0: Private Cloud Security

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

How the Software-Defined Data Center Is Transforming End User Computing

Set Up a VM-Series NSX Edition Firewall

Technical Note. ForeScout CounterACT: Virtual Firewall

VMware NSX Campaign. Partner Marketing. Program Overview and Campaign Deployment Guide

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Lecture 02b Cloud Computing II

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Database Security, Virtualization and Cloud Computing

White Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.

Cloud Security: An Independent Assessent

VMware Building Many Bridges to the Cloud

Network Virtualization and Security with VMware NSX

VMware EVO SDDC Overview WHITE PAPER

Building A Secure Microsoft Exchange Continuity Appliance

A New Approach to Healthcare Security

Secure your Virtual World with Cyberoam

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Is Your Network a Sitting Duck? 3 Secrets to Securing Your Information Systems. Presenter: Matt Harkrider. Founder, Alert Logic

End to End Security do Endpoint ao Datacenter

Architecting Security for the Private Cloud. Todd Thiemann

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

Secure networks are crucial for IT systems and their

Software-Defined Networks Powered by VellOS

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Taking a Proactive Approach to Patch Management. B e s t P r a c t i c e s G u i d e

Embrace SDN the Future of Networking is Here

Analysis of Network Segmentation Techniques in Cloud Data Centers

VMware vcloud Networking and Security Overview

VMware vcloud Networking and Security

Cross-vCenter NSX Installation Guide

Learn the Essentials of Virtualization Security

Top virtualization security risks and how to prevent them

Virtual Machine in Data Center Switches Huawei Virtual System

Software Defined Network (SDN)

VMware Response for: National Science Foundation Cyber Security Research and Development Strategic Plan RFI

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

Set Up a VM-Series NSX Edition Firewall

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

Virtualization, SDN and NFV

Database Security in Virtualization and Cloud Computing Environments

Cloud and Data Center Security

Secure Segmentation of Tier 1 Applications in the DMZ

Network Virtualization Solutions - A Practical Solution

Tufin Orchestration Suite

Restricted Document. Pulsant Technical Specification

VMware and Brocade Network Virtualization Reference Whitepaper

A Look at the New Converged Data Center

Panel : Future Data Center Networks

Transcription:

Advancing Security with Software Defined Datacenter Karen Law Senior Systems Consultant VMware Hong Kong Ltd

AGENDA Why Micro-segmentation? Understanding SDDC Network Virtualization Why Network Hypervisor? Use Cases 2

AGENDA Why Micro-segmentation? Understanding SDDC Network Virtualization Why Network Hypervisor? Use Cases 3

BREACHES OCCUR IN DATA CENTERS 1 2 3 Targeted system Today s data centers are protected by strong perimeter defense But threats and exploits still infect servers. Lowpriority systems are often the target, and SSL is no guarantee of protection. Threats can lie dormant, waiting for the right moment to strike. 4 5 6 Critical system Attacks spread inside the data center, where internal controls are often weak. Critical systems are targeted. Server-server traffic growth has outpaced client-server traffic. The attack spreads and goes unnoticed. Possibly after months of reconnaissance, the infiltration relays secret data to the attacker. 4

THE PROBLEM: NETWORK SECURITY Perimeter-centric network security has proven insufficient Internet IT Spend Security Spend Security Breaches Today s security model focuses on perimeter defense But continued security breaches show this model is not enough 5

THE SOLUTION: MICRO-SEGMENTATION A new model for data center security STARTING ASSUMPTIONS DESIGN PRINCIPLES 1 Isolation and segmentation Assume everything is a threat and act accordingly. 2 3 Unit-level trust / least privilege Ubiquity and centralized control 6

HOWEVER micro-segmentation has not been operationally infeasible A typical data center has: Internet 2 firewalls vs 1000 workloads Directing all traffic (virtual + physical) through chokepoint firewalls is inefficient And a physical firewall per workload is cost prohibitive 7

SDDC APPROACH FOR MICRO-SEGMENTATION Data Plane Distributed switching, routing, firewall Control Plane NSX Manager Management Plane vcenter Physical workloads and VLANS 8

AGENDA Why Micro-segmentation? Understanding SDDC Network Virtualization Why Network Hypervisor? Use Cases 9

NETWORK CAPACITY Internet 10

COMPUTE CAPACITY Internet 11

DATA CENTER VIRTUALIZATION LAYER Internet 12

A NETWORK HYPERVISOR Internet 13

OPERATION MODEL OF A VM Internet 14

NON-DISRUPTIVE DEPLOYMENT 15

PROGRAMMATICALLY PROVISION 16

SERVICE DISTRIBUTION TO VIRTUAL SWITCH 17

BETTER SECURITY: NATIVE ISOLATION 192.168.2.11 192.168.2.11 192.168.2.10 192.168.2.10 18

SECURITY SERVICE DISTRIBUTION 19

AGENDA Why Micro-segmentation? Understanding SDDC Network Virtualization Why Network Hypervisor? Use Cases 20

THE GOLDILOCK ZONE Too Hot Too Cold 21

HYPERVISOR IS SECURITY GOLDILOCKS ZONE Software Defined Data Center (SDDC) Network & Security Services Now in the Hypervisor Any Application SDDC Platform Data Center Virtualization Firewalling/ACLs Load Balancing Any x86 L2 Switching L3 Routing Any Storage Any IP network SDDC Approach High Context High Isolation Ubiquitous Enforcement 22

MISSION IMPOSSIBLE TO POSSIBLE Micro-Segmentation is Possible By Network Hypervisor Internet Internet Little or no lateral controls inside perimeter 23

BENEFITS BY NETWORK HYPERVISOR Isolation Dev Segmentation Web Segmentation With Advanced Services Web Test App App Production DB DB No Communication Path Controlled Communication Path Advanced Services Controlled Communication Path 24

AGENDA Why Micro-segmentation? Understanding SDDC Network Virtualization Why Network Hypervisor? Use Cases 25

SIMPLIFY DATA CENTER NETWORK Production Development Finance HR Web App Security policies no longer tied to network topology Logical groups can be defined Prevents threats from spreading DB 26

ADVANCED DATA CENTER PROTECTION Security Group = Web Tier Policy Definition Standard Desktop VM Policy Anti-Virus Scan Quarantined VM Policy Firewall Block all except security tools Anti-Virus Scan and remediate 27

VM MOBILITY IN A SECURE WAY 28

REMOVE SECURITY HOLE 29

KEY TAKEAWAYS Challenge Answer Value Simplified management of security policies Internet Elastic security solution Securing east-west traffic Micro-segmentation Allow complicated security measurement 30

Karen Law Senior Systems Consultant VMware Hong Kong Ltd

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information