SlideShare a Scribd company logo

Micro segmentation – a perfect fit for microservices

Download as PPTX, PDF
Anthony Chow
Anthony Chow

Microsegmentation, which groups network entities into segments and applies security policies to control traffic, is a perfect fit for securing microservices architectures. It allows for network-independent security policies to be defined and centrally managed at a fine-grained level, enabling policies to adapt to the dynamic and elastic nature of microservices. Major networking and security platforms like VMware NSX, Cisco ACI, and Docker's libnetwork support microsegmentation capabilities that are well-suited for microservices security through isolation, segmentation, and distributed policy enforcement.

Technology
1 of 18
Microsegmentation – a perfect fit for Microservices security Anthony Chow @vCloudernBeer http://cloudn1n3.blogspot.com VMworld 2015 vBrownBag TechTalk
What is Microservices?  It is an architecture for application deployment  Monolithic -> small and autonomous  Deployed as separate service/entity  Communicate via network calls  A new trend to deploy application  Agile  Scalable  High Availability
Monolithic vs Microservices (Star Wars version)
Microservices companion technologies  DevOps – share same idea with Microservices  Agile  Scalable
Microservices companion technologies  Docker – enables streamlined Microservices architecture  Minimum overhead  Quick provisioning
Cloud Native Application  Microservices part of the equation along with DevOps and Linux Containers for building Cloud Native Application  Application that takes full advantage of the cloud platform.  Agile  Scalable  High Availability  Not a “One Size fit All” solution
Microservices – opens up security risk  Frequent and short life span  Increase east-west traffic  Services are not as isolated
What is Microsegmentation?  A security feature  Group entities within a network into one unit and to apply rules/polices to control the traffic in and out of the segment.  Concept is not new  Miro level not feasible to implement before network virtualization  Supporting principles  Apply security policy to the smallest granular level  Zero trust security model
Major component for effective Microsegmentation  From an article by Scott Lowe  Network independent policy definition  Centralized policy repository  Distributed policy enforcement
How does Microsegmentation fit into Microservices security?  Network independent definition  Security rule tailor to Microservices  Centralized policy repository and distributed enforcement  Able to adapt to dynamic and elastic nature of Microservices
VMware - NSX  An networking and security solution  Security is supported inherently by its architecture/design:  Isolation  Segmentation  Segmentation with Advanced Services
Cisco – ACI (Application Centric Infrastructure)  Policy definition separating segments from the broadcast domain  “tags” or “attributes” that identify an endpoint regardless of its IP address  End-point Groups as Microsegmenations
A new chapter in Docker networking - libnetwork  Still under development ◦ Docker 1.7 (libnetwork rev 0.3) ◦ Docker 1.8 (libnetwork rev 1.0)  Container Network Model  A plugin model – able to take advantage 3rd party well developed networking and security infrastructure.
libnetwork- a pluggable interface  Container Network Model (CNM)  Sandbox  Endpoint  Network

Recommended

Microservices: Notes From The Field
Microservices: Notes From The FieldMicroservices: Notes From The Field
Microservices: Notes From The FieldApcera
 
Apcera: Agility and Security in Docker Delivery
Apcera: Agility and Security in Docker DeliveryApcera: Agility and Security in Docker Delivery
Apcera: Agility and Security in Docker DeliveryApcera
 
Scaling towards a thousand micro services
Scaling towards a thousand micro servicesScaling towards a thousand micro services
Scaling towards a thousand micro servicesDiego Berrueta
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Amazon Web Services
 
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - Puneet Kukreja
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 

Recommended

Microservices: Notes From The Field
Microservices: Notes From The FieldMicroservices: Notes From The Field
Microservices: Notes From The FieldApcera
 
Apcera: Agility and Security in Docker Delivery
Apcera: Agility and Security in Docker DeliveryApcera: Agility and Security in Docker Delivery
Apcera: Agility and Security in Docker DeliveryApcera
 
Scaling towards a thousand micro services
Scaling towards a thousand micro servicesScaling towards a thousand micro services
Scaling towards a thousand micro servicesDiego Berrueta
 
Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Cloud security what to expect (introduction to cloud security)
Cloud security what to expect (introduction to cloud security)Moshe Ferber
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Amazon Web Services
 
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security - Puneet Kukreja
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.Moshe Ferber
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockAmazon Web Services
 
Open faas and linkerd
Open faas and linkerdOpen faas and linkerd
Open faas and linkerdKeiran Smith
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElasticsearch
 
Modern Security Pain Points with Application Modernization - With Jermaine Ed...
Modern Security Pain Points with Application Modernization - With Jermaine Ed...Modern Security Pain Points with Application Modernization - With Jermaine Ed...
Modern Security Pain Points with Application Modernization - With Jermaine Ed...Konveyor Community
 
Best Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterBest Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterStefano Tempesta
 
Cloud of tomorrow
Cloud of tomorrowCloud of tomorrow
Cloud of tomorrowKevin Clarke
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpskieranjacobsen
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeCybera Inc.
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security ServicesAlert Logic
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Launching a Highly-regulated Startup in the Public Cloud
Launching a Highly-regulated Startup in the Public CloudLaunching a Highly-regulated Startup in the Public Cloud
Launching a Highly-regulated Startup in the Public CloudPoornaprajna Udupi
 
Richard Chang Uvp
Richard Chang UvpRichard Chang Uvp
Richard Chang Uvprchang1967
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Sebastian Taphanel CISSP-ISSEP
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic
 
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicIntroduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicAlert Logic
 
Secure rest api on microservices vws2016
Secure rest api on microservices vws2016Secure rest api on microservices vws2016
Secure rest api on microservices vws2016Quý Nguyễn Minh
 
Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016aspyker
 

More Related Content

What's hot

Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockAmazon Web Services
 
Open faas and linkerd
Open faas and linkerdOpen faas and linkerd
Open faas and linkerdKeiran Smith
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElasticsearch
 
Modern Security Pain Points with Application Modernization - With Jermaine Ed...
Modern Security Pain Points with Application Modernization - With Jermaine Ed...Modern Security Pain Points with Application Modernization - With Jermaine Ed...
Modern Security Pain Points with Application Modernization - With Jermaine Ed...Konveyor Community
 
Best Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterBest Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterStefano Tempesta
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpskieranjacobsen
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeCybera Inc.
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security ServicesAlert Logic
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Launching a Highly-regulated Startup in the Public Cloud
Launching a Highly-regulated Startup in the Public CloudLaunching a Highly-regulated Startup in the Public Cloud
Launching a Highly-regulated Startup in the Public CloudPoornaprajna Udupi
 
Richard Chang Uvp
Richard Chang UvpRichard Chang Uvp
Richard Chang Uvprchang1967
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCarlos Andrés García
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic
 
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicIntroduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicAlert Logic
 

What's hot (20)

Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - Twistlock
 
Open faas and linkerd
Open faas and linkerdOpen faas and linkerd
Open faas and linkerd
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computing
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
 
Modern Security Pain Points with Application Modernization - With Jermaine Ed...
Modern Security Pain Points with Application Modernization - With Jermaine Ed...Modern Security Pain Points with Application Modernization - With Jermaine Ed...
Modern Security Pain Points with Application Modernization - With Jermaine Ed...
 
Best Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes ClusterBest Practices to Secure Your Kubernetes Cluster
Best Practices to Secure Your Kubernetes Cluster
 
Cloud of tomorrow
Cloud of tomorrowCloud of tomorrow
Cloud of tomorrow
 
Infrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOpsInfrastructure Saturday - Level Up to DevSecOps
Infrastructure Saturday - Level Up to DevSecOps
 
OpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information ExchangeOpenStack - Security Professionals Information Exchange
OpenStack - Security Professionals Information Exchange
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
 
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Launching a Highly-regulated Startup in the Public Cloud
Launching a Highly-regulated Startup in the Public CloudLaunching a Highly-regulated Startup in the Public Cloud
Launching a Highly-regulated Startup in the Public Cloud
 
Richard Chang Uvp
Richard Chang UvpRichard Chang Uvp
Richard Chang Uvp
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New Reality
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017
 
Alert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the CloudAlert Logic: Realities of Security in the Cloud
Alert Logic: Realities of Security in the Cloud
 
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert LogicIntroduction to Security in the Cloud - Mark Brooks, Alert Logic
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
 

Viewers also liked

Secure rest api on microservices vws2016
Secure rest api on microservices vws2016Secure rest api on microservices vws2016
Secure rest api on microservices vws2016Quý Nguyễn Minh
 
Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016aspyker
 
Industrial mkt segmentation
Industrial mkt segmentationIndustrial mkt segmentation
Industrial mkt segmentationSarthak Gulati
 
AWS re:Invent 2016: Microservices, Macro Security Needs: How Nike Uses a Mult...
AWS re:Invent 2016: Microservices, Macro Security Needs: How Nike Uses a Mult...AWS re:Invent 2016: Microservices, Macro Security Needs: How Nike Uses a Mult...
AWS re:Invent 2016: Microservices, Macro Security Needs: How Nike Uses a Mult...Amazon Web Services
 
Marketing Management - Industrial Market Segmentation OR B2B Market Segmentation
Marketing Management - Industrial Market Segmentation OR B2B Market SegmentationMarketing Management - Industrial Market Segmentation OR B2B Market Segmentation
Marketing Management - Industrial Market Segmentation OR B2B Market SegmentationArjun Parekh
 
Nested approach to the segmentation of B2B markets
Nested approach to the segmentation of B2B marketsNested approach to the segmentation of B2B markets
Nested approach to the segmentation of B2B marketsSana Sadiq
 
Business to business marketing ppt
Business to business marketing pptBusiness to business marketing ppt
Business to business marketing pptSukriti Mal
 

Viewers also liked (9)

Secure rest api on microservices vws2016
Secure rest api on microservices vws2016Secure rest api on microservices vws2016
Secure rest api on microservices vws2016
 
Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016
 
Steel Industry
Steel IndustrySteel Industry
Steel Industry
 
Industrial mkt segmentation
Industrial mkt segmentationIndustrial mkt segmentation
Industrial mkt segmentation
 
AWS re:Invent 2016: Microservices, Macro Security Needs: How Nike Uses a Mult...
AWS re:Invent 2016: Microservices, Macro Security Needs: How Nike Uses a Mult...AWS re:Invent 2016: Microservices, Macro Security Needs: How Nike Uses a Mult...
AWS re:Invent 2016: Microservices, Macro Security Needs: How Nike Uses a Mult...
 
Marketing Management - Industrial Market Segmentation OR B2B Market Segmentation
Marketing Management - Industrial Market Segmentation OR B2B Market SegmentationMarketing Management - Industrial Market Segmentation OR B2B Market Segmentation
Marketing Management - Industrial Market Segmentation OR B2B Market Segmentation
 
B2B Strategy Making and Planning
B2B Strategy Making and PlanningB2B Strategy Making and Planning
B2B Strategy Making and Planning
 
Nested approach to the segmentation of B2B markets
Nested approach to the segmentation of B2B marketsNested approach to the segmentation of B2B markets
Nested approach to the segmentation of B2B markets
 
Business to business marketing ppt
Business to business marketing pptBusiness to business marketing ppt
Business to business marketing ppt
 

Similar to Micro segmentation – a perfect fit for microservices

Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Microservices Design Principles.pdf
Microservices Design Principles.pdfMicroservices Design Principles.pdf
Microservices Design Principles.pdfSimform
 
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...Cisco DevNet
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigmfanc1985
 
The 6 Critical Cloud-Native Computing Components
The 6 Critical Cloud-Native Computing ComponentsThe 6 Critical Cloud-Native Computing Components
The 6 Critical Cloud-Native Computing ComponentsGavin Dawson
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Bill Annibell
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26TT L
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesIOSR Journals
 
Microservices: A Step Towards Modernizing Healthcare Applications
Microservices: A Step Towards Modernizing Healthcare ApplicationsMicroservices: A Step Towards Modernizing Healthcare Applications
Microservices: A Step Towards Modernizing Healthcare ApplicationsCitiusTech
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesFayçal Bziou
 
Implementing security groups in open stack
Implementing security groups in open stackImplementing security groups in open stack
Implementing security groups in open stackRishabh Agarwal
 
A Guide on What Are Microservices: Pros, Cons, Use Cases, and More
A Guide on What Are Microservices: Pros, Cons, Use Cases, and MoreA Guide on What Are Microservices: Pros, Cons, Use Cases, and More
A Guide on What Are Microservices: Pros, Cons, Use Cases, and MoreSimform
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...apidays
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
Comparative Analysis of Software Architectures.pptx
Comparative Analysis of Software Architectures.pptxComparative Analysis of Software Architectures.pptx
Comparative Analysis of Software Architectures.pptxssuserecd44f
 
Presentation Wsta
Presentation WstaPresentation Wsta
Presentation Wstawill4468
 
Presentation wsta
Presentation wstaPresentation wsta
Presentation wstawill4468
 
WSTA PRESENTATION
WSTA PRESENTATIONWSTA PRESENTATION
WSTA PRESENTATIONwill4468
 

Similar to Micro segmentation – a perfect fit for microservices (20)

nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
Microservices Design Principles.pdf
Microservices Design Principles.pdfMicroservices Design Principles.pdf
Microservices Design Principles.pdf
 
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
 
Effectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing ParadigmEffectively and Securely Using the Cloud Computing Paradigm
Effectively and Securely Using the Cloud Computing Paradigm
 
The 6 Critical Cloud-Native Computing Components
The 6 Critical Cloud-Native Computing ComponentsThe 6 Critical Cloud-Native Computing Components
The 6 Critical Cloud-Native Computing Components
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
Presentation on Effectively and Securely Using the Cloud Computing Paradigm v26
 
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
Presentation On Effectively And Securely Using The Cloud Computing Paradigm V26
 
Requirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and ServicesRequirements and Challenges for Securing Cloud Applications and Services
Requirements and Challenges for Securing Cloud Applications and Services
 
Microservices: A Step Towards Modernizing Healthcare Applications
Microservices: A Step Towards Modernizing Healthcare ApplicationsMicroservices: A Step Towards Modernizing Healthcare Applications
Microservices: A Step Towards Modernizing Healthcare Applications
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Implementing security groups in open stack
Implementing security groups in open stackImplementing security groups in open stack
Implementing security groups in open stack
 
A Guide on What Are Microservices: Pros, Cons, Use Cases, and More
A Guide on What Are Microservices: Pros, Cons, Use Cases, and MoreA Guide on What Are Microservices: Pros, Cons, Use Cases, and More
A Guide on What Are Microservices: Pros, Cons, Use Cases, and More
 
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
APIdays Paris 2019 - Cloud native API Management for Microservices on a Servi...
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 
Comparative Analysis of Software Architectures.pptx
Comparative Analysis of Software Architectures.pptxComparative Analysis of Software Architectures.pptx
Comparative Analysis of Software Architectures.pptx
 
Presentation Wsta
Presentation WstaPresentation Wsta
Presentation Wsta
 
Presentation wsta
Presentation wstaPresentation wsta
Presentation wsta
 
WSTA PRESENTATION
WSTA PRESENTATIONWSTA PRESENTATION
WSTA PRESENTATION
 

More from Anthony Chow

Build your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationBuild your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationAnthony Chow
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Understanding gRPC Authentication Methods
Understanding gRPC Authentication MethodsUnderstanding gRPC Authentication Methods
Understanding gRPC Authentication MethodsAnthony Chow
 
Api security with o auth2
Api security with o auth2Api security with o auth2
Api security with o auth2Anthony Chow
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
V brownbag sept-14-2016
V brownbag sept-14-2016V brownbag sept-14-2016
V brownbag sept-14-2016Anthony Chow
 
Understanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsUnderstanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsAnthony Chow
 
Getting over the barrier and start contributing to OpenStack
Getting over the barrier and start contributing to OpenStackGetting over the barrier and start contributing to OpenStack
Getting over the barrier and start contributing to OpenStackAnthony Chow
 
Introduction to go
Introduction to goIntroduction to go
Introduction to goAnthony Chow
 
An overview of OpenStack for the VMware community
An overview of OpenStack for the VMware communityAn overview of OpenStack for the VMware community
An overview of OpenStack for the VMware communityAnthony Chow
 
VXLAN in the contemporary data center
VXLAN in the contemporary data centerVXLAN in the contemporary data center
VXLAN in the contemporary data centerAnthony Chow
 
What a Beginner Should Know About OpenStack
What a Beginner Should Know About OpenStackWhat a Beginner Should Know About OpenStack
What a Beginner Should Know About OpenStackAnthony Chow
 

More from Anthony Chow (14)

Build your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your applicationBuild your own Blockchain with the right tool for your application
Build your own Blockchain with the right tool for your application
 
Container security
Container securityContainer security
Container security
 
MQTT security
MQTT securityMQTT security
MQTT security
 
Understanding gRPC Authentication Methods
Understanding gRPC Authentication MethodsUnderstanding gRPC Authentication Methods
Understanding gRPC Authentication Methods
 
Api security with o auth2
Api security with o auth2Api security with o auth2
Api security with o auth2
 
Container security
Container securityContainer security
Container security
 
Container security
Container securityContainer security
Container security
 
V brownbag sept-14-2016
V brownbag sept-14-2016V brownbag sept-14-2016
V brownbag sept-14-2016
 
Understanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsUnderstanding the container landscape and it associated projects
Understanding the container landscape and it associated projects
 
Getting over the barrier and start contributing to OpenStack
Getting over the barrier and start contributing to OpenStackGetting over the barrier and start contributing to OpenStack
Getting over the barrier and start contributing to OpenStack
 
Introduction to go
Introduction to goIntroduction to go
Introduction to go
 
An overview of OpenStack for the VMware community
An overview of OpenStack for the VMware communityAn overview of OpenStack for the VMware community
An overview of OpenStack for the VMware community
 
VXLAN in the contemporary data center
VXLAN in the contemporary data centerVXLAN in the contemporary data center
VXLAN in the contemporary data center
 
What a Beginner Should Know About OpenStack
What a Beginner Should Know About OpenStackWhat a Beginner Should Know About OpenStack
What a Beginner Should Know About OpenStack
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Micro segmentation – a perfect fit for microservices

  • 1. Microsegmentation – a perfect fit for Microservices security Anthony Chow @vCloudernBeer http://cloudn1n3.blogspot.com VMworld 2015 vBrownBag TechTalk
  • 2. What is Microservices?  It is an architecture for application deployment  Monolithic -> small and autonomous  Deployed as separate service/entity  Communicate via network calls  A new trend to deploy application  Agile  Scalable  High Availability
  • 3. Monolithic vs Microservices (Star Wars version)
  • 4. Microservices companion technologies  DevOps – share same idea with Microservices  Agile  Scalable
  • 5. Microservices companion technologies  Docker – enables streamlined Microservices architecture  Minimum overhead  Quick provisioning
  • 6. Cloud Native Application  Microservices part of the equation along with DevOps and Linux Containers for building Cloud Native Application  Application that takes full advantage of the cloud platform.  Agile  Scalable  High Availability  Not a “One Size fit All” solution
  • 7. Microservices – opens up security risk  Frequent and short life span  Increase east-west traffic  Services are not as isolated
  • 8. What is Microsegmentation?  A security feature  Group entities within a network into one unit and to apply rules/polices to control the traffic in and out of the segment.  Concept is not new  Miro level not feasible to implement before network virtualization  Supporting principles  Apply security policy to the smallest granular level  Zero trust security model
  • 9. Major component for effective Microsegmentation  From an article by Scott Lowe  Network independent policy definition  Centralized policy repository  Distributed policy enforcement
  • 10. How does Microsegmentation fit into Microservices security?  Network independent definition  Security rule tailor to Microservices  Centralized policy repository and distributed enforcement  Able to adapt to dynamic and elastic nature of Microservices
  • 11. VMware - NSX  An networking and security solution  Security is supported inherently by its architecture/design:  Isolation  Segmentation  Segmentation with Advanced Services
  • 12.
  • 13.
  • 14.
  • 15. Cisco – ACI (Application Centric Infrastructure)  Policy definition separating segments from the broadcast domain  “tags” or “attributes” that identify an endpoint regardless of its IP address  End-point Groups as Microsegmenations
  • 16.
  • 17. A new chapter in Docker networking - libnetwork  Still under development ◦ Docker 1.7 (libnetwork rev 0.3) ◦ Docker 1.8 (libnetwork rev 1.0)  Container Network Model  A plugin model – able to take advantage 3rd party well developed networking and security infrastructure.
  • 18. libnetwork- a pluggable interface  Container Network Model (CNM)  Sandbox  Endpoint  Network