Software Defined Networking (SDN) Software Defined Security



Similar documents
Veranderende bedreigingen Security in het virtuele datacenter

Datencenterlösungen Neues aus dem Bereich Security

SDN Security for VMware Data Center Environments

VMware NSX A Perspective for Service Providers part 2

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

The Fortinet SDN Security Framework

Set Up a VM-Series NSX Edition Firewall

Palo Alto Networks. Security Models in the Software Defined Data Center

How Network Virtualization can improve your Data Center Security

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Set Up a VM-Series NSX Edition Firewall

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Software Defined Networks Virtualized networks & SDN

Software Defined Environments

Set Up a VM-Series NSX Edition Firewall

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Software Defined Network (SDN)

The promise of SDN. EU Future Internet Assembly March 18, Yanick Pouffary Chief Technologist HP Network Services

locuz.com A comprehensive orchestration tool for setting up private and hybrid clouds

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

(R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Delivering Managed Services Using Next Generation Branch Architectures

Networking for Caribbean Development

How To Protect A Data Center From A Hacker Attack

Securing your IOT journey and beyond. Alvin Rodrigues Market Development Director South East Asia and Hong Kong. What is the internet of things?

Distributed-NFV at the Customer Edge

Orchestrating the next generation data center

Simplifying IT with SDN & Virtual Application Networks

Automating Network Security

CLOUD & Managed Security Services

Cloud Optimize Your IT

Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview. IT Network Global Solutions Division UNIVERGE Support Center

Virtualization, SDN and NFV

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Arista Software Define Cloud Networking

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

CON Software-Defined Networking in a Hybrid, Open Data Center

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Asia Pacific Partner Summit 2015

BRINGING NETWORKS TO THE CLOUD ERA

Management for the Mobile-Cloud Era

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

white paper Introduction to Cloud Computing The Future of Service Provider Networks

Open vswitch and the Intelligent Edge

The Virtualization Practice

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

Onboarding VMs to Cisco OpenStack Private Cloud

FortiGate Amazon Machine Image (AMI) Selection Guide for Amazon EC2

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES

Software-Defined Storage Extending the Power of Your Datacenter Eric Tsai Senior Technic Architect Presale Division Enterprise Group Taiwan

How To Make A Virtual Machine Aware Of A Network On A Physical Server

Software defined networking. Your path to an agile hybrid cloud network

SDN PARTNER INTEGRATION: SANDVINE

Betreibt viele der größten Rechenzentren, ermöglicht kleine Unternehmen auf der ganzen Welt, und bietet Unternehmen

Protecting the Cloud. Fortinet Technologies and Services that Address Your Cloud Security Challenges WHITE PAPER

HP OpenStack & Automation

How To Build A Software Defined Data Center

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

CloudPlatform XenDesktop/XenApp cloud provisioning. Gaby Grau - gaby.grau@citrix.com Systems Engineer Networking & Cloud October 2014

Network Virtualization

Building an Open, Adaptive & Responsive Data Center using OpenDaylight

OpenStack IaaS. Rhys Oxenham OSEC.pl BarCamp, Warsaw, Poland November 2013

Nokia Networks. Nokia Networks. telco cloud is on the brink of live deployment

Virtualization and Cloud Computing

SUSE Cloud 5 Private Cloud based on OpenStack

Simplifying. Single view, single tool virtual machine mobility management in an application fluent data center network

The Impact of Virtualization on Cloud Networking Arista Networks Whitepaper

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

Protecting Your SDN and NFV Network from Cyber Security Vulnerabilities with Full Perimeter Defense

Virtualization & Cloud Computing (2W-VnCC)

Data Center Migration Lift and Shift Use Case Scenario

Making SDN a Reality. Douglas Gourlay Vice President Arista Networks. Software Defined Cloud Networks

HP Virtualization Performance Viewer

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments

SUSE OpenStack Cloud 4 Private Cloud Platform based on OpenStack. Gábor Nyers Sales gnyers@suse.com

Securing the Virtualized Data Center With Next-Generation Firewalls

Leveraging SDN and NFV in the WAN

Shareable Private Space on a Public Cloud

Extreme Networks Solutions for Microsoft Skype for Business Deployments SOLUTION BRIEF

Your journey to the. Software Defined Data Centre. Aaron Steppat Senior Product Marketing Manager. VMware Australia & New Zealand

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Telecom - The technology behind

Transcription:

Software Defined Networking (SDN) Software Defined Security Kurt Knochner Fortinet Senior Systems Engineer kknochner@fortinet.com Copyright Fortinet Inc. All rights reserved.

How to describe the (IT) world of 2015 It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness.. Charles Dickens A Tale of Two Cities 2

Challenges in the Datacenter 2015 Increasing Complexity Increasing Network Speed Increasing Security Challenges Increasing levels of Virtualization 3

Increasing Complexity Sorry, we can t help you with this All we can say: It s going to get worse ;-) HOWEVER: We are committed to NOT add complexity to your environment, by keeping the management of our products as simple and effective as possible! 4

Increasing Network Speed / Security Challenges 1,000,000,000 1 Terabit Fortinet is best know for it s HIGH SPEED and SECURE appliances, so don t be afraid, we will be there to support you!! Rate Mb/s 100,000 10,000 Core Networking Doubling ~18 mos 10 Gigabit 100 Gigabit 1,000 Gigabit Server I/O Doubling ~24 mos 100 1995 2000 2005 2010 2015 2020 Source : IEEE 802.3 Industry Connections Ethernet Bandwidth Assessment July 2012 5

Increasing levels of Virtualization That s what I m going to talk today. 6

To sum it up. Virtual Appliances & VDOM s Provide Scale-Out Elasticity Performance Boundary Scale-Up vsphere Scale-Out Hyper-V Benefits XenServer Elastic Firewall Capacity East-West Traffic Visibility Deployable in Public Clouds 7

Software Defined Datacenter and SDN

Software Defined Data Center App App App OS OS OS OS VM VM VM SD Orchestration Decoupling/Abstraction Network Compute Storage Security Physical Network Compute Storage Security 10

SDDC - The Big Picture Applications Services Orchestration Physical Virtual Compute Storage Software Defined Compute Software Defined Storage Security Network Software Defined Networks 11

SDDC - The Big Picture Applications Services Orchestration Physical Virtual Compute Storage Security Network Software Defined Compute Software Defined Storage Software Defined Security Software Defined Networks 12

Virtual Data Center Challenges Challenges High Availability Live Migration Securing flows within the same vswitch No auto-import of object Manual or scripted automation and orchestration 13

Fortinet Software Defined Security Framework Platform Extensibility Data Plane Control Plane Mgmt. Plane Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management Virtual x86 Containers Hardware-Based Platforms 14

Fortinet Software Defined Security Framework Complete security ecosystem» FW/NGFW (FortiGate)» Web Application Firewall (FortiWeb)» Secure Mail GW (FortiMail)» Application Delivery (FortiADC)» Sandboxing (FortiSandbox)» vsphere, HyperV, KVM, Citrix Xen» AWS, Microsoft Azure Platform Extensibility Data Plane Control Plane Mgmt. Plane Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management Virtual x86 Containers Hardware-Based Platforms 15

Fortinet Software Defined Security Framework Complete security ecosystem» FW/NGFW (FortiGate)» Web Application Firewall (FortiWeb)» Secure Mail GW (FortiMail)» Application Delivery (FortiADC)» Sandboxing (FortiSandbox)» vsphere, HyperV, KVM, Citrix Xen» AWS, Microsoft Azure Platform Extensibility Data Plane Control Plane Mgmt. Plane Security optimized orchestration» SDN application» FortiSphere Security SDN controller» FortiCore SDN Security Director Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management Virtual x86 Containers Hardware-Based Platforms 16

Fortinet Software Defined Security Framework Complete security ecosystem» FW/NGFW (FortiGate)» Web Application Firewall (FortiWeb)» Secure Mail GW (FortiMail)» Application Delivery (FortiADC)» Sandboxing (FortiSandbox)» vsphere, HyperV, KVM, Citrix Xen» AWS, Microsoft Azure Platform Extensibility Data Plane Control Plane Mgmt. Plane Security optimized orchestration» SDN application» FortiSphere Security SDN controller Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management» FortiCore SDN Security Director Single Pane-of-Glass management» Management (FortiManager)» Reporting & visibility (FortiAnalyzer) Virtual x86 Containers Hardware-Based Platforms 17

Fortinet Software Defined Security Framework Complete security ecosystem» FW/NGFW (FortiGate)» Web Application Firewall (FortiWeb)» Secure Mail GW (FortiMail)» Application Delivery (FortiADC)» Sandboxing (FortiSandbox)» vsphere, HyperV, KVM, Citrix Xen» AWS, Microsoft Azure Integration with external ecosystem» Open Source» Commercial» Open - OpenFlow, JASON, RESTful API, XML Platform Extensibility Data Plane Control Plane Mgmt. Plane Security optimized orchestration» SDN application» FortiSphere Security SDN controller Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management» FortiCore SDN Security Director Single Pane-of-Glass management» Management (FortiManager)» Reporting & visibility (FortiAnalyzer) Virtual x86 Containers Hardware-Based Platforms 18

Fortinet Software Defined Security Framework CSP Extensions Complete security ecosystem Integration with external ecosystem Security optimized orchestration Single Pane-of-Glass management FW NFV service chaining» ETSI Multi-Vendor PoC on D-NFV (CPE)» D-NFV Alliance RAD V-CPE Platform Extensibility Data Plane Control Plane Mgmt. Plane Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management NFV On-Demand Self - Service Sec-aaS Multi -Tenancy Virtual x86 Containers Hardware-Based Platforms 19

Fortinet Software Defined Security Framework CSP Extensions Complete security ecosystem Integration with external ecosystem Security optimized orchestration Single Pane-of-Glass management FW NFV service chaining» ETSI Multi-Vendor PoC on D-NFV (CPE)» D-NFV Alliance RAD V-CPE Platform Extensibility Data Plane Control Plane Mgmt. Plane Utility based consumption» Licensing Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management» Provisioning» Metering» Billing NFV On-Demand Self - Service Sec-aaS Multi -Tenancy Virtual x86 Containers Hardware-Based Platforms 20

Fortinet Software Defined Security Framework CSP Extensions Complete security ecosystem Integration with external ecosystem Security optimized orchestration Single Pane-of-Glass management FW NFV service chaining» ETSI Multi-Vendor PoC on D-NFV (CPE)» D-NFV Alliance RAD V-CPE Platform Extensibility Data Plane Control Plane Mgmt. Plane Utility based consumption» Licensing Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management» Provisioning» Metering» Billing NFV On-Demand Self - Service Sec-aaS Multi -Tenancy FortiPrivateCloud Virtual x86 Containers» Security-aaS portal Hardware-Based Platforms 21

Fortinet Programmable Networking Partnership Ecosystem Platform Extensibility ORCHESTRATION PLATFORMS PROGRAMMABLE SWITCHING vcns certified NSX Partner program NSX Manager Full NSX ACI CENTRALIZED POLICY & ANALYTICS 22

Cisco ACI Integration Cisco ACI #1 SDN platform sought by enterprise customers Joint PR - Integration of FortiGate into Cisco ACI deployment Joint demo at Interop (April 2015) ACI service insertion Product launch Q3 2015 23

OpenStack Integration Open Source OpenStack»ML2 plugin»fwaas plugin»vtep support Commercial OpenStack»HP Helion Fortinet announced HP AllianceOne partnership FortiGate certified HP Helion Ready Integration with HP VAN Controller and SDN switches FortiSDN Demo application for HPs enterprise SDN ecosystem»plumgrid ONS integration 24

FortiGate-VMX NSX Integration

Fortinet SDDC Positioning NSX integration is part of a Three Steps Program vsphere v5.5u2 vcns integration certified vsphere v5.5 u2 vcns integration NSX Compatible NSX new SDK integration Released Q4 2014 Support for vsphere v5.5 Update 2 Certified with vcns Manager and NetX API Released January 2015 Support for vsphere v5.5 Update 2 Certified compatible with NSX Manager and NetX API Support for new NSX Manager Will only work with NSX deployments Advanced NSX NetX functionality for tighter control of traffic January 2014 Q4 2014 Q1 2015 2015 vcns (Q4 2014) NSX Compatible (Q1 2015) NSX (2015) Currently Fortinet solution uses NSX Manager with limited NetX APIs functionality 27

FortiGate and NSX Integration/Interactions 1. Initiate communication with vcenter Server FortiGate-VMX Service Manager 7. Real-time updates of object database 2. Register Fortinet as security service with NSX Manager 6. Kernel agent creation and default redirection rules for each host in cluster 3. Auto-deploy FortiGate-VMX to all hosts in security cluster FGT-VMX dvswitch 5. License verification and configuration synchronization with FortiGate-VMX FGT-VMX 4. FortiGate-VMX connects with FortiGate-VMX Service Manager 8. Push policy synchronization to all FortiGate-VMX deployed in cluster 28

FGT-VMX and VMWARE Kernel Agent Interaction 1 Define NGFW Firewall Policies FortiGate-VMX Service Manager FGT-VMX 2 Kernel Agent Kernel Agent Kernel Agent Kernel Agent Kernel Agent Kernel Agent Kernel Agent Kernel Agent dvswitch VMware Kernel fsw tsw Packet Flow 1. From VM to Kernel Agent 2. Kernel Agent always Forward to Third party Solution (FGT-VMX) 3. FGT-VMX applies Security and sends packet back to Kernel Agent 4. Kernel Agent can do service chaining or send packet to destination 29

FortiGate-VMX SVM Widget Information 30

FortiGate-VMX License Model One license for the FortiGate-VMX Service Manager Stackable license for the FGT-VMX Agents based on the number of Agents deployed Hypervisor with 2 Sockets Hypervisor with 4 Sockets Hypervisor with 2 Sockets 2 FGT-VMX 3 FGT-VMX Licenses Licenses 31

FortiGate-SVM Initial Configuration 32

FGT-VMX Service Manager Policy Creation 33

FGT-SVM Policy Creation Inbound and Outbound Policies All FOS NGFW functionalities are available on FGT-VMX 34

NSX Integration - What s Next? New Feature with Full NSX Integration 1. Service Composer a. Define Security Tag Based on Workflow requirements b. Security Tag imported on FortiGate-VMX to define Firewall Policy c. Set and Unset Tags to Workflow VM based on Security Requirements Firewall Policy = 35

Why Fortinet?

Why Fortinet? Committed to Security Committed to High Performance Committed to Virtualization 37

Fast growing business 38

No comment 39

We take care of security so you can take care of business. Ken Xie CEO & Chairman of the Board 40

Ein letztes Zitat Wir stecken keine Mark in die Werbung, sondern jede Mark in die Schoklade Aplia Schokolade Springer & Jacoby 41

Kurt Knochner kknochner@fortinet.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information