Itex VMware NSX Network Virtualization Presentation

Similar documents

Advancing Security with Software Defined Datacenter. Karen Law Senior Systems Consultant VMware Hong Kong Ltd

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

How Network Virtualization can improve your Data Center Security

Limiting the Spread of Threats: A Data Center for Every User

Shifting Roles for Security in the Virtualized Data Center: Who Owns What?

Business Values of Network and Security Virtualization

How To Build A Software Defined Data Center

Netzwerkvirtualisierung? Aber mit Sicherheit!

Microsegmentation Using NSX Distributed Firewall: Getting Started

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

How To Protect A Data Center From A Hacker Attack

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

VMware NSX A Perspective for Service Providers part 2

Security in the Software Defined Data Center

SDDC: A New Architecture for a New Era of Ed IT

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Softverski definirani data centri - 2. dio

Software Defined Network (SDN)

Data Center Micro-Segmentation

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Software Defined Environments

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER

Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

Analysis of Network Segmentation Techniques in Cloud Data Centers

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Secure Cloud-Ready Data Centers Juniper Networks

Software defined networking. Your path to an agile hybrid cloud network

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

VMware. NSX Network Virtualization Design Guide

Designing Virtual Network Security Architectures Dave Shackleford

Use Case Brief NETWORK SECURITY

(R)Evolution im Software Defined Datacenter Hyper-Converged Infrastructure

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

Mitigating Information Security Risks of Virtualization Technologies

Cisco Network Services Manager 5.0

Proactively Secure Your Cloud Computing Platform

ILLUMIO ADAPTIVE SECURITY PLATFORM TM

Set Up a VM-Series NSX Edition Firewall

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Cross-vCenter NSX Installation Guide

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Securing the Virtualized Data Center With Next-Generation Firewalls

Cisco Intercloud Fabric for Business

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

VMware EVO SDDC Overview WHITE PAPER

Open Source Networking for Cloud Data Centers

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

Securing Virtual Applications and Servers

AN INTEGRATED SECURITY SOLUTION FOR THE VIRTUAL DATA CENTER AND CLOUD

VMware and Brocade Network Virtualization Reference Whitepaper

Network Virtualization

Protecting Physical and Virtual Workloads

Using LISP for Secure Hybrid Cloud Extension

About the VM-Series Firewall

雲端發展與安全趨勢. 陳建宏 Jovi Chen 技術顧問 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

Palo Alto Networks. Security Models in the Software Defined Data Center

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Expert Reference Series of White Papers. Five Reasons VMware vsphere 6.0 is a Game Changer

Virtual Machine in Data Center Switches Huawei Virtual System

Virtualization, SDN and NFV

Network Virtualization and Security with VMware NSX

Panel : Future Data Center Networks

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Network Virtualization

How to Configure an Initial Installation of the VMware ESXi Hypervisor

VMware vshield App Design Guide TECHNICAL WHITE PAPER

Cloud and VM Based Security

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Next-Generation Datacenter Security Implementation Guidelines

Network Virtualization: Delivering on the Promises of SDN. Bruce Davie, Principal Engineer

Enterprise Data Center Networks

Lecture 02b Cloud Computing II

Optimizing the Mobile Cloud Era Through Agility and Automation

NSX Administration Guide

2015 DevOps SECURITY GUIDE For continuous application delivery

SDN Security for VMware Data Center Environments

Installing Intercloud Fabric Firewall

Reference Design: Deploying NSX for vsphere with Cisco UCS and Nexus 9000 Switch Infrastructure TECHNICAL WHITE PAPER

全球資安剖析, 您做確實了嗎? Albert Yung Barracuda Networks

VMware Software-Defined Datacenter

SECURING YOUR MODERN DATA CENTER WITH CHECK POINT

Building Scalable Multi-Tenant Cloud Networks with OpenFlow and OpenStack

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

SDN Architecture and Service Trend

SOFTWARE-DEFINED NETWORKS

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

Securing the private cloud

Set Up a VM-Series NSX Edition Firewall

Transcription:

Itex VMware NSX Network Virtualization Presentation Gabriel Maciel VCP3, VCP4/5-DCV, Security+, Project+ Sr. Systems Engineer Canadian Federal Government @gmaciel_ca 2014 VMware Inc. All rights reserved.

Before and After Network Virtualization Low Asset Utilization Transformation High Asset Utilization

VMware - Network Virtualization Benefits 1 2 3 4 5 Speed - Reducing Provisioning Times Changing the Operational Model IT Security - Micro-Segmentation Policy-Driven Services Cost Reduction 3

VMware - Network Virtualization Benefits 1 2 3 Speed - Reducing Provisioning Times Changing the Operational Model IT Security Micro-Segmentation 4

Millions The Starting Point for Network Virtualization 60 50 40 30 20 10 0 2010 2011 2012 2013 2014 2015 Half of all Server Access Ports are already virtual Virtual Server Access Ports 32% CAGR 15% for Physical Source Crehan Research

Network Provisioning is Hard Past Present VLAN networks Firewall 8~10 weeks Less than 1 or more weeks! 30 Minutes Load Balancer IDS, security, monitoring VPN Creating the VM is fast but we still have to wait for other services

Network Virtualization An Analogy Application Application Application Workload Workload Workload x86 Environment L2, L3, L4-7 Network Services Virtual Machine Virtual Machine Virtual Machine Virtual Network Virtual Network Virtual Network Requirement: x86 Hypervisor Decoupled Network Virtualization Platform Requirement: IP Transport Physical Compute & Memory Physical Network

Network Virtualization Layer Internet

VMware - Network Virtualization Benefits 1 2 3 Speed Reducing Provisioning Times Changing the Operational Model IT Security Micro-Segmentation 9

Network & Security Provisioning are Hard 10

Network & Security Provisioning are Hard Request: We need to deploy a new web application with two tiers. Network Admin: How do I implement that topology? Internet Web App 1 7 6 2 3 4 5 8 9

All Software Construct Changing the Operational Model - Simplifying the Provisioning of Network Services Web Tier L3 Subnet App Tier Internet NAT L3 Subnet DB Tier L3 Subnet Physical Network

VMware - Network Virtualization Benefits 1 2 3 Speed Reducing Provisioning Times Changing the Operational Model IT Security - Micro-Segmentation 13

Traffic Patterns in a Typical Datacenter North- South East-West

Goldilocks Zone In astronomy and astrobiology, the circumstellar habitable zone (CHZ) (or simply the habitable zone), colloquially known as the Goldilocks zone, is the region around a star within which planetary-mass objects with sufficient atmospheric pressure can support liquid water at their surfaces.

Why SDDC Virtualization Layer is the Security Goldilocks Zone Software Defined Data Center (SDDC) Any Application Traditional Approach High Context Low Isolation SDDC Platform Data Center Virtualization Any x86 No Ubiquitous Enforcement Any Storage Any IP network High Isolation Low Context

Why SDDC Virtualization Layer is the Security Goldilocks Zone Software Defined Data Center (SDDC) Secure Host Introspection Any Application SDDC Platform Data Center Virtualization Any x86 SDDC Approach High Context High Isolation Ubiquitous Enforcement Any Storage Any IP network

Why SDDC Virtualization Layer is the Security Goldilocks Zone Software Defined Data Center (SDDC) Network & Security Services Now in the Hypervisor Any Application SDDC Platform Data Center Virtualization Firewalling/ACLs Load Balancing Any x86 Any Storage L2 Switching L3 Routing Any IP network 18

Micro-Segmentation with NSX Unit-level trust Data Plane Distributed switching, routing, firewall Control Plane Management Plane Each VM have its own firewall with flexible granularity - entire data center down to the vnic level Security is shrink-wrapped around each workload Physical workloads and VLANS Faults and threats are contained with micro-granularity 19

Micro-Segmentation - Automating Security Operations ATTRIBUTE (if) ACTION (then) Quarantine VM with Firewall Virus found IIS.EXE Vulnerability found (old software version) Monitor VM with IPS Allow / Restrict PCI OR Sensitive Data Found Restrict access while investigating Security operations are automated and adapt to dynamic conditions 20

VMware NSX - The Power of Distribution

VMware NSX - The Power of Distribution

VMware NSX Benefits

VMware NSX Network Virtualization