The Enterprise Cloud Rush



Similar documents
Fortinet FortiGate App for Splunk

Use FortiWeb to Publish Applications

How To Get A Fortinet Security System For Free

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Securing the Data Center

Improving Profitability for MSSPs Targeting SMBs

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

SDN Security for VMware Data Center Environments

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

FortiVoice Enterprise

The Fortinet Advanced Threat Protection Framework

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

MSSP Advanced Threat Protection Service

Fortinet s Data Center Solution

5 ½ Things That Make a Firewall Next Gen WHITE PAPER

SOLUTION GUIDE. Hybrid WAN Solutions with FortiWAN. The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands

Fortinet Partner Program

Load Balancing Microsoft Exchange 2013 with FortiADC

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World

FortiVoice Enterprise

Load Balancing Microsoft Exchange 2013 with FortiADC

FortiSwitch. Data Center Switches. Highlights. High-performance and resilient managed data center switch. Key Features & Benefits.

Purchase and Import a Signed SSL Certificate

The Fortinet SDN Security Framework

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Place graphic in this box

FortiVoice Enterprise Phone System GA Release Notes

Fortinet Secure Wireless LAN

FortiGate/FortiWiFi 60D Series

FortiAuthenticator TM User Identity Management and Single Sign-On

FortiGate 100D Series

FortiGate/FortiWiFi 90D Series

Securing Next Generation Education A FORTINET WHITE PAPER

FortiGate-AWS Deployment Guide

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

FortiGuard Security Services

Protecting the Cloud. Fortinet Technologies and Services that Address Your Cloud Security Challenges WHITE PAPER

FortiWeb Web Application Firewall. Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE

Secure Access Architecture

Same great products, different brand name

Fortinet Presence Analytics Solution

FortiGate 200D Series

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

WHITE PAPER. Securing ICS Infrastructure for NERC Compliance and beyond

Load Balancing Microsoft Exchange 2013 with FortiADC

FortiAP Wireless Access Points

Supported Upgrade Paths for FortiOS Firmware VERSION

SOLUTIONS GUIDE. Secure Wireless LAN Solutions Guide. Complete Wi-Fi Security for Any Network Topology

FortiAnalyzer VM (VMware) Install Guide

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks

WHITE PAPER. Empowering the MSSP. Part 3: Monetizing Fortinet s Ecosystem in a Multi-Tenant Cloud Service

WHITE PAPER. Empowering the MSSP. Part 1: Real World Customer Needs

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

What s New for FortiMail 5.2.0

Configuring FortiVoice for Skype VoIP service

Enhanced Enterprise SIP Communication Solutions

Disaster Recovery with Global Server. Load Balancing

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Clustering and Queue Replication:

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

VMware Hybrid Cloud. Accelerate Your Time to Value

FortiSwitch B and C-Series

FortiGate RADIUS Single Sign-On (RSSO) with Windows Server 2008 Network Policy Server (NPS) VERSION 5.2.3

Fortinet s Partner Programme

VMware vcloud Networking and Security Overview

Hadoop in the Hybrid Cloud

Windows Server 2003 End of Support Options

HyperQ DR Replication White Paper. The Easy Way to Protect Your Data

Virtual Privacy vs. Real Security

Mobile Configuration Profiles for ios Devices Technical Note

WhitePaper. Private Cloud Computing Essentials

Reasons to Choose the Juniper ON Enterprise Network

Microsoft s Cloud Networks

Reasons Enterprises. Prefer Juniper Wireless

Virtualization Essentials

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Managed Security Service Provider Program.

VMware vcloud Networking and Security

WHITE PAPER. IT in the Cloud: Using VMware vcloud for Reliable, Flexible, Shared IT Resources

FortiSandbox. Multi-layer proactive threat mitigation

FortiMail VM (Microsoft Hyper-V) Install Guide

Reshaping the enterprise for the future of work. Are you ready?

Configuring FortiVoice for Bandwidth.com VoIP service

Load Balancing Microsoft Exchange 2010 with FortiADC

EMC BACKUP-AS-A-SERVICE

Transcription:

WHITE PAPER The Enterprise Cloud Rush Microsoft/Azure

The Enterprise Cloud Rush Microsoft/Azure Prepared By: John Jacobs VP, Enterprise Systems Engineering, Fortinet Praveen Lokesh Principal Engineer, Fortinet Table of Contents Introduction 3 Legacy Deployment Model 3 The Cloud Takes Shape 4 Customer Scale And Objectives 4 Phase One Segmentation And A New Perimeter 5 Figure 1 Initial Network Overview 5 Phase Two Connecting To The Cloud 6 Figure 2 Updated Network Overview 5 Phase Three System Migrations 6 Figure 3 System Migrations 6 Phase Four Cloud Application Extension 6 Figure 4 Hosted Application Extension (Using ExpressRoute) 7 Final Design Highlights And Benefits 7 www.fortinet.com 2

The Enterprise Cloud Rush Microsoft/Azure Introduction Starting with the first commercial public cloud launch in 2006, it has become apparent to enterprise organizations that moving infrastructure out of their traditional data centers has tremendous potential for savings in cost, complexity and management. Coupled with the ability to leverage consistently-lowering costs and dynamically scale, this move has accelerated and never looked back. With over 120,000 employees spread around the world and an acute focus on innovation, development and support of new intellectual property, Microsoft IT represents a prime candidate to be a leader in the public cloud adoption. In parallel, their own service offering, Azure, offers the organization direct access to the very tools being offered to outside enterprise customers. If you have been in the technology industry long enough, pause for a moment and think of the first time you heard the casual statement Oh. That new application is hosted on that old PC under John s desk. Now, envision the network and security challenges such common practices brought about and the chaos that was bound to ensue if the best scenario came through and that new application was a roaring success. Legacy Deployment Model Like any large organization, applications were created by a variety of groups in the organization and the requirements varied in every size and direction. The needed processing, storage and network connectivity was addressed in a linear fashion that worked directly through physical challenges on the way to delivery: napplication scope and projections ndesign with consideration of other applications, backup and a disaster plan nconstruction or selection of hosting providers nprocurement of hardware ndeployment of infrastructure and testing Including a litany of options ranging from physical access/security to local personnel to provide remote installation and troubleshooting that compound the existing challenges. www.fortinet.com 3

Once the deployment was complete, the natural step was to start making adjustments with regard to scale and location as demand arrives. Each of these serial processes added time, complexity, cost and introduced risk to the original intent: the deployment of applications for consumption. Layered in the design and in other phases was application security. Always a priority, but sometimes addressed as a reaction instead of a plan, it represents an evolving challenge to simultaneously scale and flex with new demands that are created, often with little regard for their partner software or supporting systems. The Cloud Takes Shape With focus and execution, the team at Microsoft Azure has designed and built an open, scalable global platform consisting of compute, storage and other associated network and application delivery services. Now with 19 regions spanning the globe, resources can be close to end users and as flexible as any organization requires. Current details of Azure can be found at: http://azure.microsoft.com/en-us/ Customer Scale and Objectives Microsoft s Cloud properties (Azure, Office365, Bing, Dynamics, Outlook.com, etc.) have been investing in large-scale computing and network infrastructure for nearly a decade. In parallel Microsoft IT has also been growing their Enterprise Data Center facilities to serve the increasing demand for internal resources. The primary difference is the Cloud infrastructure is using commodity HW with a SW architecture purpose built for virtualization; whereas the Enterprise leans heavily on customer built HW with an appliance first approach to solutions. Microsoft IT s DC approach was the right way to build out for the Enterprise. Traditional workloads with stringent Service Level Agreements (SLAs) dictated a dedicated HW approach. While it was commonly understood this path ensured high rates of stranded/underused HW resources it was the best method to ensure business needs were met until just recently. Microsoft s Cloud infrastructure namely Azure has crossed several milestones that allow a true Enterprise level of service within a public cloud. Now that Fortinet s (Microsoft IT s Firewall & Threat Prevention vendor) Azure program has launched, the last hurdle for Azure to match their Enterprise Security posture has been cleared. With Microsoft IT facing significant upgrade and growth efforts the move to migrate to the Cloud a simple economic decision. The immediate benefits to Microsoft IT are significant: nincrease service velocity nallow for rapid scale nensure security ncomply with government regulations/mandates nincrease visibility to both infrastructure and applications deployed nlower deployment and operational costs www.fortinet.com 4

FIG 1: INITIAL NETWORK OVERVIEW Phase One Segmentation and a New Security Perimeter The initial phase started before any applications were moved with the secure segmentation of IT resources from the public cloud. This was done with their chosen security vendor in the same fashion of protecting internal property from external access. Firewalls performing web filtering, application control and IPS scan all traffic moving from inside the network to the cloud. The gateways created clear checkpoints for network traffic and subsequent application connections. Policies were applied to these new connections and manipulated when new applications are created or altered. FIG 2: CONNECTIONS CREATED TO THE PUBLIC CLOUD www.fortinet.com 5

Phase Two Connecting to the Cloud Additional hardware devices were placed at the network perimeter and mated to similar platforms at the edge of the Azure edge, connecting over Azure s own VPN connection, known as ExpressRoute. This commercial service allows customers to connect and/or extend their existing data center/resources with a redundant connection via service or colocation providers. Microsoft IT uses this service just like any other customer to offer low-latency, reliable connectivity to multiple data center regions from their key campus and compute facilities. Details regarding the Azure ExpressRoute offering can be found at the following location: http://azure.microsoft.com/en-us/services/expressroute/ Phase Three System Migrations System migrations were started with those already virtualized. Those moves were simplified as a move from private to public cloud that would mirror most enterprise organizations. A baseline requirement is for applications to be virtualized before moving to shared resources. Therefore some legacy applications will be left due to their inability to migrate. While others still will live in a hybrid state with segments residing in Azure and others remaining in the hosted facility, connected via ExpressRoute, discussed below. With the ability to replicate and test in Azure before removing hosted applications, outages and downtime can be reduced or eliminated. FIG 3: SYSTEM MIGRATIONS AND REDUNDANT VPN REMOVAL Phase Four Cloud Application Extension With ExpressRoute in place, services/applications hosted in the public cloud can be extended out to an ExpressRoute destination (hosted facility as seen in the diagram), where hardware devices such as firewalls, load balancers and application delivery controllers can remain for the benefit of processing intense traffic which requires dedicated chip level processing to get the expected performance. Allowing off-site locations to host an extension to the Azure resources offers even greater flexibility and scale. This phase of extension from the public cloud has allowed for: nmassive application flexibility Expedited execution and predictable scale Seamless transfer of applications to meet shifting demand www.fortinet.com 6

nelimination or delay of the need to select new hardware platforms for application delivery services nsynchronization between geographic regions nsimple failover and disaster recovery without the need to build multiple data centers, but rather just ingress remote connection points Final Design Highlights and Benefits FIG 4: FINAL MIGRATIONS AND HOSTED APPLICATION EXTENSION (USING EXPRESS ROUTE) While still underway, Microsoft has already seen benefits from this new paradigm in cloud compute. In addition to those already noted involving scale and flexibility, having compute resources out of the corporate offices or managed data centers has allowed for precise asset inventory and management never before possible. Security policy can be more closely monitored and consistently applied with systems reports now generated from Azure, directly. Enterprise organizations of every scale and design can reap the rewards of this new paradigm shift. Startups can scale at breakneck pace and mature companies can closely track, manage and refine their costs. Customers can get on to running their business while Azure takes care of running their infrastructure and core services. GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales EMEA SALES OFFICE 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel: +33.4.8987.0510 APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6513.3730 LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16 Col. Juarez C.P. 06600 México D.F. Tel: 011-52-(55) 5524-8428 Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. July 9, 2015

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information