HP Converged Infrastructure - Break the IT innovation gridlock


Published on

Business thrives on innovation. Despite that, most business IT departments spend 70% of their resources on maintenance and only 30% on innovation. It’s time to turn that ratio on its head and with HP Converged Infrastructure you can. HP Converged Infrastructure can help you shift resources from operations to innovation by delivering the data centre of the future.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Welcome to the HP Networking breakout session.The focus of this short presentation is to highlight the key challenges companies are facing, in the data centre, as a result of significant changes in how we’re doing computing today.Having covered these points and how the HP Converged Infrastructure addresses them, we will quickly introduce innovative networking solutions by HP, explaining how they bring differentiation to the overall Converged Infrastructure and how they offer great value to our customers and their businesses.[Next slide]
  • HP FlexFabric is the next-generation of highly scalable data center architecture for an HP Converged Infrastructure. With FlexFabric, you can provision your network resources efficiently and securely toaccelerate deployment of virtualized workloads.There are three main values which define the HP FlexFabric blueprint : First, HP FlexFabric converges server, storage and networking resources, unifying previously separate silosonto a common server-edge infrastructure.This flattens the conventional network structure enabling higher performance, additional flexibility and improved workload mobility.Next, HP FlexFabric virtualizes and orchestrates the unified resource pool, using a seamless management architecture for dynamic, automated provisioning. [Jump to the next point]Connections to the fabric move with workloads as they migrate across or between data centers without intervention from network administrators. [No need to say this]Wereduce the time spent on manual configuration changes. [No need to say this]This virtual fabric enables a wire-once operating model. [No need to say this]FlexFabricallows server, storage, networking, and application administrators to accurately set governance, security, and SLA policies. [No need to say this]Finally, HP FlexFabric includes highly scalable building blocks based on open standards, allowing for a fully modular, interoperable, and cost effective networking architecture. These building blocks fully interoperate with existing DC core devices to further ensure investment protection and flexibility.Let’s take a quick look at the FlexFabric Network architecture.[Next slide]
  • [Before the first click – don’t start the animation yet]So the CI architecture includes modular and virtual, server and storage resources. It is then brought together by [Click here for first animation] the networking solutions which allow further virtualisation of the network into a much flatter, more resilient and higher performance design.[Next click – start next animation] The management of this entire converged infrastructure is made simple by single-pane-of-glass tools, allowing comprehensive resource provisioning, management and automation.Finally, [Next click – start next animation]in order to ensure security and business continuity [pause] Intrusion Prevention, Load Balancing and a number of other solutions are provided to deliver the best QoS to the network and application users.So [Final click – last animation]HP’s FlexFabric blueprint approaches the modern data center design with a view to:operational simplicitysuperior performance & scalabilitySecurityEnergy efficiency and low total cost of ownership [Next slide]Central to FlexFabric is policy-driven network provisioning tightly integrated with server and storage management.HP’s data center solutions are purpose built using the latest advanced systems and ASIC technologies. Our “A” family data center networking platforms leverage a common operating system, Comware™ and are managed with a single-pane manager, Intelligent Management Center (IMC). HP switches make use of an HP-developed technology; Intelligent Resilient Framework (IRF), to enable the creation of a resilient virtual switching fabric. IRF delivers geographic independence, distributed high-availability, resiliency and millisecond re-convergence across layer 2 and layer 3 protocols. These innovations allow customers to build a simplified, higher performing, highly resilient and flatter (two-tier) data center network design – overcoming the limitations of low performance/scale, high cost/latency inherent to legacy solutions which rely on multi-tier, disjointed platform operating systems and resiliency protocol complexity.
  • Now let’s quickly look at 3 tools that enable FlexFabric in the way I’ve just described.After this presentation, we’ll take quick look at one of them in more detail.[Next slide]
  • The HP Intelligent ResilientFramework or IRF is a technology enabling the virtualisation of networking switches, making multiple switches simply operate and behave as one.As you can see on the left hand side of the diagram, IRF can transform a complex 3-tier data centre architecture into a much simpler 3 layer or even 2 layer design, with far less equipment to manage and with all links active at the same time. This is important! Therefore avoiding blocked and unused links/ports as exists in current designs.This approach allows us to simply do away with certain slow and high latency protocols such as SPANNING TREE and VRRP [Virtual Router Redundancy Protocol].As a whole you not only reduce costs and complexity, you also make the most efficient use of all your resources as well as improving reliability.For example, by deploying IRF, you can reduce failover latency from seconds to milliseconds.
  • The second solution in we’ll introduce here is the HP Intelligent Management Centre, or IMC, which is an enterprise class, multi-vendor network management tool from HP Networking.The key things to take away about IMC are the following:It is made for managing big networksIt manages HP Networking solution as well as CISCO solutionsIMC can manage both wired and wireless infrastructuresIt has a full set of features for policy based device and user managementMost importantly it provides visibility on both physical and virtual server environments
  • The second solution in we’ll introduce here is the HP Intelligent Management Centre, or IMC, which is an enterprise class, multi-vendor network management tool from HP Networking.The key things to take away about IMC are the following:It is made for managing big networksIt manages HP Networking solution as well as CISCO solutionsIMC can manage both wired and wireless infrastructuresIt has a full set of features for policy based device and user managementMost importantly it provides visibility on both physical and virtual server environments
  • Finally lets take a quick look at the HP TippingPoint Secure Virtualisation Framework.In a highly virtualised environment, security threats to virtual machines become a real problem. All that, added to the usual threats in the physical world. HP TippingPoint Secure Virtualisation Framework addresses this issue head-on.There are many solutions in this portfolio. But the ones we’ll focus on here are:-        Intrusion Prevention Systems for in-line, policy based threat detection and prevention-        Virtual Management Centre [VMC] for discovering virtual hosts and managing virtual network security policies-        vController which simply intercepts traffic from VMs and redirects  it to the external IPS to make sure that there is no malicious content. Clean traffic is then sent on to the destination, whilst the malicious content is dropped.This overall offering has been reported by analysts as one of the most successful network threat prevention solutions on the market, both in the physical and virtual server and client environments.[Next slide]
  • A quick summary look at the networking solutions from a virtualisation enablement perspective:Virtual Connect Flex-10 allows connectivity for VMs to be deployed quickly and efficiently without requiring network intervention when VM connectivity is changed or migratedCombining highly-scalable HP A12500 or HP A5820 data centre switches with the HP Intelligent Resilient Framework (IRF) we create virtual switches that greatly simplify 3-tier architectures.HP IMC can subscribe to VMware APIs for VM provisioning and vMotion events, allowing it [IMC] to inject policies into edge switches to control VM-aligned security and QoS.
  • So this is how HP is committed to delivering the next generation network for the converged infrastructure, based on simplicity, business agility and cost-effective designs.Let’s now move on to a more detailed look at … [HP TippingPoint vController] or [HP Intelligent Resilient Framework].Thank you for your time and attention.
  • HP Converged Infrastructure - Break the IT innovation gridlock

    1. 1. 1 HP FlexFabric - Data center network for the HP Converged Infrastructure Data center network for the HP Converged Infrastructure HP Networking Andy Sawyer andys@hp.com
    2. 2. 2 HP FlexFabric - Data center network for the HP Converged Infrastructure2 Business / IT initiatives The network underpins all of these major data center initiatives… It must evolve and keep pace Users, Customers Server virtualization I/O virtualization Cloud computing Security & BC/DR Desktop virtualization
    3. 3. 3 HP FlexFabric - Data center network for the HP Converged Infrastructure3 Today’s network architectures can’t keep pace LAN switching Branch routing Wireless DC routing DC switchingData traffic Voice traffic Network Convergence Unified communication & collaboration Cloud computing Storage Server virtualization Video traffic Desktop virtualization Supply: Network evolution Demand:Networkservices Network architecture gap
    4. 4. 4 HP FlexFabric - Data center network for the HP Converged Infrastructure4 A blueprint to deliver “networking as a service” to the HP Converged Infrastructure Converge  Consolidate storage- server I/O connects  Prepare for future network Orchestrate  Centrally-manage connection policies  Provision via data center orchestration Scale + Secure  Scale for 1000’s of servers, TBs of storage  Assure security, HP FlexFabric design
    5. 5. 5 HP FlexFabric - Data center network for the HP Converged Infrastructure5 Data Center HP FlexFabric architecture Network Management Network Virtual Resource Pools Storage Interconnect Server Edge ServersMatrix Operating Environment Network Security Backbone Comprehensive resource management + virtualisation- aligned connection management Assured business continuity Modern; Standards-Based; Single OS; Resilient; Virtualised; Flatter Simplicity; Performance; Reduced costs
    6. 6. 6 HP FlexFabric - Data center network for the HP Converged Infrastructure 3 Solutions Switch virtualisation: IRF Enterprise network management: IMC Intrusion Prevention for virtual hosts: vController/VMC
    7. 7. 7 HP FlexFabric - Data center network for the HP Converged Infrastructure7 HP FlexFabric technology Intelligent Resilient Framework (Simplify) Traditional 3 Tier Data Center HPN Simplified 2 Tier Data Center HPN Simplified 1 Tier Data Center
    8. 8. 8 HP FlexFabric - Data center network for the HP Converged Infrastructure8 HP FlexFabric technology Intelligent Management Center (IMC) Comprehensive Management, better service, lower OpEx Align demands for business-critical service delivery with network management Comprehensive visibility across all layers and functions Improving endpoint defense, control and visibility Common operations view with extensions for IT orchestration Unified resource management Multi-vendor, single pane visibility across networking Integrated access & user management Common management integrated with HP Software
    9. 9. 9 HP FlexFabric - Data center network for the HP Converged Infrastructure9 HP FlexFabric technology Intelligent Management Center (VM Aware) Comprehensive Management, better service, lower OpEx Topology Health Location Vmotion aware VLAN QoS CAR ACL Common operations view with extensions for IT orchestration Visualise Virtual Machines Track Provision Common management integrated with HP Software
    10. 10. 10 TippingPoint Overview 2001: Pioneered In-line IPS 2005: Acquired by 3Com 2005: Gartner Leader’s Quadrant 2006: Gartner Leader’s Quadrant 2007: Gartner Leader’s Quadrant 2008: Gartner Leader’s Quadrant 2009: Gartner Leader’s Quadrant 2010: Acquired by HP 7,000+ customers Gartner “Magic Quadrant” Network IPS Appliances 2009
    11. 11. 11 TippingPoint IPS Platform January 30, 2015 11 Availability • In-line reliability • High throughput • Low latency Dirty Traffic Goes In Clean Traffic Comes Out IPS Platform Security Management System Security • Filter quality • Fastest coverage • Broadest coverage Costs • Quick to deploy • Recommended settings • Easy to manage
    12. 12. 12 TippingPoint IPS Reliability Hardware: Zero Power High Availability (ZPHA) • Maintains traffic if power fails Dual hot-swappable power supplies Software: Automated L2 fallback and recovery • Self monitoring of Security and Mgmt • L2 fallback option if thresholds exceeded Hitless OS upgrades and reboots Link down synchronization • Links mirrored and brought down together IPS synchronise blocked flows › Efficient HA Multiple redundancy options › Active-Active, or Active-Passive › No requirement to waste segments/ports No IP address or MAC address Transparent to network HA and routing protocols › HSRP, VRRP, OSPF, EIGRP, BGP January 30, 2015 12 RedundancyHigh Availability Features Internal Security Processing Normal Operating Mode Internal Security Processing Layer 2 Fallback
    13. 13. 13 Broadest Protection 13January 30, 2015 Vulnerability Coverage 2009 Microsoft Vulnerabilities • Malware – worms, viruses, Trojans, etc. • Spyware • Phishing, Whaling and Spear Phishing • Un-patched devices, O/S and applications • Web Application Attacks – XSS, PHP Includes and SQL Injection, etc. • Unwanted Applications – IM and P2P • Policy Settings • Protocol Anomaly Checks • Microsoft • Cisco • SAP • EMC • CA • Sun • Mozilla • Novell • Oracle • Apple • Citrix • Adobe… Application & O/S Coverage Threat Coverage 146/163 Covered
    14. 14. 14 0% 10% 20% 30% 40% 50% Tipping Point McAfee Cisco IBM ISS Sourcefire 50% 15% 10% 8% 20% % of Respondents Zero-Day Threat Coverage Pre-existing coverage Infonetics Research IPS Survey – August 2008 Fastest Protection January 30, 2015 14 2009 Microsoft Vulnerabilities Infonetics 2008 “IPS Customer Survey” Speed of Coverage -31 days; 146/163 Covered
    15. 15. 15 TippingPoint IPS Platform DVLabs security research DVLabs Services: › Digital Vaccine › Web App DV & Scanning › Reputation DV › Custom DV › ThreatLinQ 15January 30, 2015 DVLabs Leading security research and filter development Partners SANS, CERT, NIST, etc. Software & Reputation Vendors ThreatLinQ Monitoring 2,000+ Customers Participating DVLabs Research & QA 30+ Dedicated Researchers Zero-Day Initiative 1,200+ Independent Researchers An IPS Platform is Only as Good As its Security Intelligence
    16. 16. 16 Virtual Software Patch Term Definition Vulnerability Security flaw in a software program Exploit Method that takes advantage of a vulnerability to: • Gain unauthorized access • Create a denial of service Exploit Filter Covers a single exploit, not the vulnerability • Typically produced due to IPS performance or research limitations • Results in false negatives (missed attacks) and false positives (block good traffic) Vulnerability Filter Covers entire vulnerability and all possible exploits • Single filter protects against all exploits Vulnerability False Positives (coarse filter) Standard IPS Exploit Filter for Exploit A Exploit A Exploit B (missed by Exploit Filter A) HP TippingPoint’s vulnerability filter acts as a Virtual Software Patch, streamlining the patching process
    17. 17. 17 Vulnerability filters An old example (we have been doing this for a long time) • The Blaster/Nachi RPC DCOM Buffer Overflow • Microsoft proprietary implementation • How it should work: − Open connection (TCP ports 135, 139, 445, 593, UDP 135) − Bind to interface − Call function − Supply arguments Server expects the arguments to include a filename in the format: serverfile where server is a NetBIOS name and therefore no longer than 32 bytes. One published exploit the value of serverfile was ...long_string_with_shellcode...filename • This caused a buffer overflow on the target system – allowed injection of arbitrary code to run with system privileges
    18. 18. 18 Vulnerability filters No false negatives: • The following must be in place for any exploit: 1. Open connection (TCP ports 135, 139, 445, 593, UDP 135) 2. Bind to interface 3. Call function 4. Supply arguments − All exploits must comply to the above – if we detect the above we detect all possible exploits • We have a no false negative filter – we won’t miss any attacks No false positives: • One step is never seen in good traffic − Step 4 includes a server NetBIOS name never seen in good traffic (anything greater than 32 bytes) − We also have a no false positive filter – we won’t block good traffic
    19. 19. 19 HP TippingPoint Product Line HP S 10 IPS 20Mbps • 2 Segments HP S 110 IPS 100Mbps • 4 Segments HP S 330 IPS 300Mbps • 4 Segments HP S 660N IPS 750Mbps • 10 Segments HP S 1400N IPS 1.5Gbps • 10 Segments HP S 2500N IPS 3Gbps • 11 Segments HP S 5100N IPS 5Gbps • 11 Segments HP Core Controller 20Gbps • 3x10GbE Segments HP Security Management System (SMS) Manage Multiple Units • Central Dashboard HP Digital Vaccine Broadest Coverage • Evergreen Protection HP Web App DV and Scanning Web Scan• Custom Filters • PCI Report IPS Platform Solutions Security Intelligence HP Reputation DV IP Reputation • DNS Reputation ROBO, Perimeter, Zone isolation, MSPs… 10GE Networks, Core, Data Center, Service Providers… Management, Accessories DVLabs Services Reputation DV HP SSL Appliance 1500S Transparent SSL Bridging and Off-Loading IPS for Virtualisation VMC and V-controller Visibility &control in virtualised data centres HP Custom DV Customised DV DV toolkit 1200 N IPS module (HP A 7500) 1.3 Gbps • VLAN segments
    20. 20. 20 TippingPoint Deployment Options • INTERNAL ATTACKS AGAINST – WIRED / WIRELESS LAN INFRASTRUCTURE – DATA CENTER • INTERNAL & EXTERNAL ATTACKS – MAJOR NETWORK SEGMENTS • EXTERNAL ATTACKS THROUGH – CORPORATE WAN PERIMETER – Web APPLICATION INFRASTUCTURE – PCI – ROBO Centralized Policy and Configuration Management TippingPoint Digital Vaccine Service Perimeter and internal network deployment extends threat coverage across the network
    21. 21. 21 HP FlexFabric - Data center network for the HP Converged Infrastructure21 Single Security Model for the Physical AND Virtual Data Center Data Center Security With HP TippingPoint DMZ Zone Finance ZoneR&D Zone OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP OS APP Distributed vSwitch vController vControllervControllerPhysical R&D Servers Physical Finance Servers Virtualized Servers Cluster N-Platform IPS Security Blade or N-Platform IPS
    22. 22. 22 HP FlexFabric - Data center network for the HP Converged Infrastructure22 HP FlexFabric for client virtualisation Virtualised server edge agility • Seamless provisioning, network-transparent migration of VM connectivity, precise VM-level bandwidth allocation Virtual Connect Flex-10 Virtual Connect FlexFabric Virtualisation-enabling network designs Highly-scalable platforms Intelligent Resilient Framework (IRF)+ = Virtualization- enabling Large Scale Layer 2 Interconnect Virtualisation-integrated management & security • QoS policy management via VM provisioning/VMotion API integration • High performance IPS technology, VM security offload Intelligent Management Center (IMC) TippingPoint IPS + vController Ideally suited to propel virtualisation agility and scale
    23. 23. 23 HP FlexFabric - Data center network for the HP Converged Infrastructure23 Simplicity – streamlined network designs, centralized management Agility – wire-once, high performance, accelerated provisioning Reduced Cost – fewer systems, lower power, lower cost-of-acquisition, security HP FlexFabric delivers…
    24. 24. 24 HP FlexFabric - Data center network for the HP Converged Infrastructure Outcomes that matter. Stand 430