Your SlideShare is downloading. ×
HP Networking Secure Virtualisation Framework
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

HP Networking Secure Virtualisation Framework

1,011
views

Published on

Secure Virtual Framework (SVF) for secure private and public cloud computing This session will present SVF as a solution for securing consolidating data centers. Through virtualization-specific …

Secure Virtual Framework (SVF) for secure private and public cloud computing This session will present SVF as a solution for securing consolidating data centers. Through virtualization-specific security challenges and solution examples, you will learn how the SVF converges virtualisation, networking and security technologies to accelerate virtualisation and improve security for public and private cloud computing.

A key take-away from this session will be a better understanding of how a converged solution increases security and automation throughout the data center, while reducing complexity and costs

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,011
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
50
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SECURE VIRTUALFRAMEWORKGlen Gibson, Solution Architect – HP ESSNGary Boniface, Solution Architect - HP TippingPoint
  • 2. TECH AT WORK 201 -- AGENDA 1– DataCenter Trends => Cloud Computing– HP Intrusion Prevention Systems Overview– Virtual Visibility Gap– vController Technology– Automated Policy Enforcement– VMware Partnership
  • 3. DATA CENTER TRENDS Past Present & Future Connect everyone to everything Do more with less Efficiency Drives Virtualisation, Blades, Dispersed, Physical Consolidation Increased Bandwidth 11KFlawed Software is OSVDB Data: Yeardeveloped almost daily 8.8K Total vulnerabilities 6.6KOver the last 5 years onaverage, roughly 4.4K8k vulnerabilities are 2.2Kdisclosed each year 0K 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
  • 4. HP CLOUDSYSTEMINTEGRATED SYSTEM, PROVEN TECHNOLOGY HP 3PAR Scalable utility storage HP Cloud Service Securing physical & virtual Automation + High performance fabric HP Networking HP BladeSystem Matrix Mission critical computing SAAS aggregation Service Provider Enhancements
  • 5. WHY NIPS?Layer3-4 Filters are not enough to block common attacks Internet DMZ LAN FW FW NIPS NIPS Security Zone 1 Security Zone 2 Security Zone 3
  • 6. WHY NIPS?Layer3-4 Filters are not enough to block common attacks Remote LAN Production router switch NIPS NIPS Security Zone 1 Security Zone 2 Security Zone 3
  • 7. WHY NIPS?Layer3-4 Filters are not enough to block common attacks Guest Guest Guest OS 1 vSwitch OS 2 vSwitch OS 3 - n NIPS NIPS Security Zone 1 Security Zone 2 Security Zone 3
  • 8. HP TIPPINGPOINT DVLABS LEADS THE INDUSTRY Cumulative vulnerability discoveries 2010 vulnerability discoveries (September 2005 to December 2010) 1000 350 319 300 800 719 250 600 200 400 150 100 200 48 94 50 53 10 8 7 0 7 0 0Security research withreal-world application
  • 9. VIRTUAL SECURITY GAPHP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE
  • 10. THE VIRTUAL NETWORK VISIBILITY GAPHypervisor Security– Mission criticalHost to Host Threats– Can‟t deploy IPS in front of every serverVM to VM Threats– Virtual trust zones 2– Traffic does not enter the physical network for inspection Virtualised Host Virtualised Host Virtualised Host– A victim VM can attack other VMs 3 1 VM VM VM VM VM VMVM Mobility OS OS OS OS OS OS– vMotion launches VMs in App App App App App App separate sites for DR– Physical IPS options are cost 4 VMs moved to prohibitive for these uses separate site
  • 11. SECURE VIRTUALISATION FRAMEWORK (SVF) VMCComponents– vController VMware– Virtual Management Center (vMC) vCenter TippingPoint IPS– IPS PlatformFlexibly Inspect Data in both thephysical and virtual DC ESX Virtual Hosts ESX Virtual Hosts ESX Virtual HostsSingle set of security policies forentire DC protection. Hypervisor vSwitch VMsafe Kernel Module Redirect Policy OS OS OS OS vController App App App App Application VMs Service VM
  • 12. SECURE VIRTUALISATION FRAMEWORK (SVF) VMC VMware vCenter TippingPoint IPS Hypervisor vSwitch VMsafe Kernel Module Redirect Policy OS OS OS OS vController App App App App Application VMs Service VM
  • 13. TIPPINGPOINT VMC It‟s all about the inspection policies• Assign policies by VM and/or zone, not location or network connection• Automate trust zone assignment for new or untrusted workloads• Ensure policies follow VM regardless of state (in motion, powered on, powered off)• Cloned VMs must automatically inherit parent policies
  • 14. VQL BASED TRUST ZONE DEFINITION• Assign policies by VM and/or zone, Example – card data holder environment not location or network connection• Automate trust zone assignment for – Automated and highly scalable zone/policy definition new or untrusted workloads • All VMs residing on datastore „pci_ide‟ in zone • Zone/Policy definitions follow VMs throughout lifecycle• Ensure policies follow VM regardless of state (in motion, powered on, – Visualise security policies powered off) • VMs in „pci_cde‟ zone prohibited from communicating with „dmz‟ zone VMs• Cloned VMs must automatically inherit parent policies • VMs within „pci_cde‟ are allowed to communicate
  • 15. VMWARE CERTIFIEDVMware VMSafe Hypervisor Integration– vController is fully integrated with VMware vSphere using the VMSafe APIVMware vCenter Integration– VMC is fully integrated with VMware‟s vCenter management consoleCertified “VMware Ready”– Supports Vmware vShere 4 (ESX / ESXi4)
  • 16. DEMO
  • 17. HP TIPPINGPOINT ANDVMWARE PARTNERSHIPHP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE
  • 18. FEBRUARY 15 ANNOUNCEMENTHP TippingPoint and VMware Strategic Partnership Strategic Development Partnership Today: HP TippingPoint‟s vController and Building Next Generation Security VMware‟s vShield protect today‟s APIs for Cloud Environments virtual environments Virtual Security Solutions today with vController and vShield Tomorrow: HP TippingPoint and VMware VMware jointly develop next generation #1 Virtualization Platform security APIs to protect complex cloud environments HP TippingPoint #1 Security Research/Architecture
  • 19. HP TIPPINGPOINT & VMWARE: SECURE THE CLOUD HP TippingPoint Network Intrusion Prevention Best of Breed Pervasive Ubiquitous Instant-On Enterprise VMware vSphere and vShieldAnchored Enterprise Traditional IT Private Cloud Public Cloud Hybrid Cloud
  • 20. NEXT STEPSVisit: The Cloud System FeatureEngage: See the HP Rep at rear of clinicSeek more: Request follow up via Eval FormRe-Live: www.hp.com.au/taw11postHP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE
  • 21. QUESTIONS?HP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE
  • 22. VIRTUAL CONNECT – MAPPED & TUNNELED VLANS Eg: Mapped Mode vNIC vNIC vNIC Server VID 50 blades VID 40 vSwitch VID 60 pNIC pNIC pNIC UT UT T-40,50,60 MultipleVC Ethernet vNet2 vNet3 vNets vNet-Out vNet-In modules VID 20 VID 30 VIDs 40,50,60 VID 190 VID 191 SUS SUS T-40,50,60,190,191 T-190 Top of taggedRack Switch multiple VLANs T-191
  • 23. VCONTROLLER23
  • 24. VCONTROLLER24
  • 25. VCONTROLLER25
  • 26. HP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE