BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud

Uploaded on

BreakingPoint and Juniper presentation "Practical Advice for Securing the High Performance Cloud" at the 2011 RSA Conference.

BreakingPoint and Juniper presentation "Practical Advice for Securing the High Performance Cloud" at the 2011 RSA Conference.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Practical Advice for Securing the High-Performance CloudFebruary 16th at 4:30 PM
  • 2. You Deal With An IT Firestorm Every Day…
  • 3. …And Now You Are Moving To The Cloud Can you stay compliant? Will it be secure? Will it remain high-performing?3
  • 4. Market DYNAMICS 50% of the world’s workloads will be virtualized by 2012 –Gartner Virtualization is near de-facto architecture for clouds –GigaOM Security is a top concern for virtualization adoption –CDW Survey 37% of large enterprises expect to adopt IaaS (cloud) in the next year –Yankee Group
  • 5. The Challenge & Opportunity 5
  • 6. How IS virtualization Different Page 6
  • 7. Virtualization/Cloud Security Challenges• Monitoring and auditing breaks – Physical security is blind to traffic – VMs can “move” to low trust zones• Continuous enforcement is very difficult – VM replicate on a click and sprawl – VM users can self provision – “Bad” configurations proliferate easily• Separation of duties is lost – Server, network boundaries are blurred – Unified administration gives too• Least privilege access policy enforcement is lost – VM access patterns can change with “migration” – Too much change means errors Page 7
  • 8. Goal: Enable Cloud/Retain Control 1. VLANs offer no 1. Agents are very 1. Superior security granular security costly to manage 2. “Wire-line” perf 2. Physical FWs 2. Significant perf 3. Minimal are expensive degradation overhead 4. 10x cost reduction Page 8
  • 9. The IDEAL MIX: Hypervisor-BASED Security 1. Using a custom kernel enforcement embeds into the ESX hypervisor in “fast path” mode 2. All packets flow through the hypervisor-embedded security engine Page 9
  • 10. vGW & The Hypervisor-based ArchitectureEnterprise-grade VMware “VMsafe Certified” Protects each VM and the hypervisor Fault-tolerant architecture (i.e. HA) Virtual Center Security Design VM for VGW VM1 VM2 VM3Virtualization Aware “Secure VMotion” scales to ESX Host 1,000+ ESX Partner Server (IDS, SIM, “Auto Secure” detects/protects Syslog, Netflow) new VMs Packet Data THE vGW ENGINE ESX Kernal VMWARE DVFILTERGranular, Tiered Defense VMWARE VSWITCH OR CISCO 1000V Stateful firewall and integrated IDS Flexible Policy Enforcement – Zone, VM group, VM, Application, Port, HYPERVISOR Protocol, Security state
  • 11. Traditional Cloud Validation Approach• 100-1000+ servers• $ Millions in software licenses• Multiple products with separate interfaces• Many disassociated reports Load• No security validation Balancer Application Traffic Test Software Router Firewall IPS Switch• High total cost of ownership Virtual or• Limited performance Physical• Doesn’t effectively stress SSL Server, infrastructure Accelerator Server• Inaccurate and error-prone Farm, Data• Complex and labor intensive Center
  • 12. BreakingPoint’s Approach• Stresses infrastructure with mix of stateful application traffic• Validates performance/effectiveness under extreme load conditions• Validates the integrity of server transactions• Integrates security for ability to assess performance under attack
  • 13. Questions and Answers13