Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

HP Converged Infrastructure - Break the IT innovation gridlock

on

  • 1,736 views

Business thrives on innovation. Despite that, most business IT departments spend 70% of their resources on maintenance and only 30% on innovation. It’s time to turn that ratio on its head and with ...

Business thrives on innovation. Despite that, most business IT departments spend 70% of their resources on maintenance and only 30% on innovation. It’s time to turn that ratio on its head and with HP Converged Infrastructure you can. HP Converged Infrastructure can help you shift resources from operations to innovation by delivering the data centre of the future.

Statistics

Views

Total Views
1,736
Views on SlideShare
1,736
Embed Views
0

Actions

Likes
1
Downloads
83
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Welcome to the HP Networking breakout session.The focus of this short presentation is to highlight the key challenges companies are facing, in the data centre, as a result of significant changes in how we’re doing computing today.Having covered these points and how the HP Converged Infrastructure addresses them, we will quickly introduce innovative networking solutions by HP, explaining how they bring differentiation to the overall Converged Infrastructure and how they offer great value to our customers and their businesses.[Next slide]
  • HP FlexFabric is the next-generation of highly scalable data center architecture for an HP Converged Infrastructure. With FlexFabric, you can provision your network resources efficiently and securely toaccelerate deployment of virtualized workloads.There are three main values which define the HP FlexFabric blueprint : First, HP FlexFabric converges server, storage and networking resources, unifying previously separate silosonto a common server-edge infrastructure.This flattens the conventional network structure enabling higher performance, additional flexibility and improved workload mobility.Next, HP FlexFabric virtualizes and orchestrates the unified resource pool, using a seamless management architecture for dynamic, automated provisioning. [Jump to the next point]Connections to the fabric move with workloads as they migrate across or between data centers without intervention from network administrators. [No need to say this]Wereduce the time spent on manual configuration changes. [No need to say this]This virtual fabric enables a wire-once operating model. [No need to say this]FlexFabricallows server, storage, networking, and application administrators to accurately set governance, security, and SLA policies. [No need to say this]Finally, HP FlexFabric includes highly scalable building blocks based on open standards, allowing for a fully modular, interoperable, and cost effective networking architecture. These building blocks fully interoperate with existing DC core devices to further ensure investment protection and flexibility.Let’s take a quick look at the FlexFabric Network architecture.[Next slide]
  • [Before the first click – don’t start the animation yet]So the CI architecture includes modular and virtual, server and storage resources. It is then brought together by [Click here for first animation] the networking solutions which allow further virtualisation of the network into a much flatter, more resilient and higher performance design.[Next click – start next animation] The management of this entire converged infrastructure is made simple by single-pane-of-glass tools, allowing comprehensive resource provisioning, management and automation.Finally, [Next click – start next animation]in order to ensure security and business continuity [pause] Intrusion Prevention, Load Balancing and a number of other solutions are provided to deliver the best QoS to the network and application users.So [Final click – last animation]HP’s FlexFabric blueprint approaches the modern data center design with a view to:operational simplicitysuperior performance & scalabilitySecurityEnergy efficiency and low total cost of ownership [Next slide]Central to FlexFabric is policy-driven network provisioning tightly integrated with server and storage management.HP’s data center solutions are purpose built using the latest advanced systems and ASIC technologies. Our “A” family data center networking platforms leverage a common operating system, Comware™ and are managed with a single-pane manager, Intelligent Management Center (IMC). HP switches make use of an HP-developed technology; Intelligent Resilient Framework (IRF), to enable the creation of a resilient virtual switching fabric. IRF delivers geographic independence, distributed high-availability, resiliency and millisecond re-convergence across layer 2 and layer 3 protocols. These innovations allow customers to build a simplified, higher performing, highly resilient and flatter (two-tier) data center network design – overcoming the limitations of low performance/scale, high cost/latency inherent to legacy solutions which rely on multi-tier, disjointed platform operating systems and resiliency protocol complexity.
  • Now let’s quickly look at 3 tools that enable FlexFabric in the way I’ve just described.After this presentation, we’ll take quick look at one of them in more detail.[Next slide]
  • The HP Intelligent ResilientFramework or IRF is a technology enabling the virtualisation of networking switches, making multiple switches simply operate and behave as one.As you can see on the left hand side of the diagram, IRF can transform a complex 3-tier data centre architecture into a much simpler 3 layer or even 2 layer design, with far less equipment to manage and with all links active at the same time. This is important! Therefore avoiding blocked and unused links/ports as exists in current designs.This approach allows us to simply do away with certain slow and high latency protocols such as SPANNING TREE and VRRP [Virtual Router Redundancy Protocol].As a whole you not only reduce costs and complexity, you also make the most efficient use of all your resources as well as improving reliability.For example, by deploying IRF, you can reduce failover latency from seconds to milliseconds.
  • The second solution in we’ll introduce here is the HP Intelligent Management Centre, or IMC, which is an enterprise class, multi-vendor network management tool from HP Networking.The key things to take away about IMC are the following:It is made for managing big networksIt manages HP Networking solution as well as CISCO solutionsIMC can manage both wired and wireless infrastructuresIt has a full set of features for policy based device and user managementMost importantly it provides visibility on both physical and virtual server environments
  • The second solution in we’ll introduce here is the HP Intelligent Management Centre, or IMC, which is an enterprise class, multi-vendor network management tool from HP Networking.The key things to take away about IMC are the following:It is made for managing big networksIt manages HP Networking solution as well as CISCO solutionsIMC can manage both wired and wireless infrastructuresIt has a full set of features for policy based device and user managementMost importantly it provides visibility on both physical and virtual server environments
  • Finally lets take a quick look at the HP TippingPoint Secure Virtualisation Framework.In a highly virtualised environment, security threats to virtual machines become a real problem. All that, added to the usual threats in the physical world. HP TippingPoint Secure Virtualisation Framework addresses this issue head-on.There are many solutions in this portfolio. But the ones we’ll focus on here are:-        Intrusion Prevention Systems for in-line, policy based threat detection and prevention-        Virtual Management Centre [VMC] for discovering virtual hosts and managing virtual network security policies-        vController which simply intercepts traffic from VMs and redirects  it to the external IPS to make sure that there is no malicious content. Clean traffic is then sent on to the destination, whilst the malicious content is dropped.This overall offering has been reported by analysts as one of the most successful network threat prevention solutions on the market, both in the physical and virtual server and client environments.[Next slide]
  • A quick summary look at the networking solutions from a virtualisation enablement perspective:Virtual Connect Flex-10 allows connectivity for VMs to be deployed quickly and efficiently without requiring network intervention when VM connectivity is changed or migratedCombining highly-scalable HP A12500 or HP A5820 data centre switches with the HP Intelligent Resilient Framework (IRF) we create virtual switches that greatly simplify 3-tier architectures.HP IMC can subscribe to VMware APIs for VM provisioning and vMotion events, allowing it [IMC] to inject policies into edge switches to control VM-aligned security and QoS.
  • So this is how HP is committed to delivering the next generation network for the converged infrastructure, based on simplicity, business agility and cost-effective designs.Let’s now move on to a more detailed look at … [HP TippingPoint vController] or [HP Intelligent Resilient Framework].Thank you for your time and attention.

HP Converged Infrastructure - Break the IT innovation gridlock HP Converged Infrastructure - Break the IT innovation gridlock Presentation Transcript

  • Data center network for the HP Converged InfrastructureHP NetworkingAndy Sawyerandys@hp.com
  • Business / IT initiatives
    Desktop virtualization
    I/O virtualization
    Users, Customers
    Server virtualization
    Security & BC/DR
    Cloud computing
    The network underpins all of thesemajor data center initiatives…
    It must evolve and keep pace
  • Today’s network architectures can’t keep pace
    Cloud computing
    Network Convergence
    Desktop virtualization
    Networkarchitecturegap
    Server virtualization
    Unified communication & collaboration
    Demand: Network services
    Video traffic
    Storage
    Voice traffic
    DC routing
    DC switching
    Data traffic
    Wireless
    Branch routing
    LAN switching
    Supply: Network evolution
  • HP FlexFabric design
    A blueprint to deliver “networking as a service”
    to the HP Converged Infrastructure
    Converge
    • Consolidate storage-server I/O connects
    • Prepare for future network convergence
    Orchestrate
    • Centrally-manage connection policies
    • Provision via data center orchestration
    Scale + Secure
    • Scale for 1000’s of servers, TBs of storage
    • Assure security, performance, flexibility
  • HP FlexFabric architecture
    Comprehensive resource management + virtualisation-aligned connection management
    Data Center
    Assured business continuity
    Network
    Management
    Network
    Security
    Network
    Backbone
    Interconnect
    Server Edge
    Virtual Resource Pools
    Matrix Operating Environment
    Storage
    Servers
    Modern; Standards-Based; Single OS; Resilient; Virtualised; Flatter
    Simplicity; Performance; Reduced costs
  • 3 Solutions
    Switch virtualisation: IRF
    Enterprise network management: IMC
    Intrusion Prevention for virtual hosts: vController/VMC
  • Intelligent Resilient Framework (Simplify)
    HP FlexFabric technology
    Traditional
    3 Tier Data Center
    HPN Simplified
    1 Tier Data Center
    HPN Simplified
    2 Tier Data Center
  • Intelligent Management Center (IMC)
    HP FlexFabric technology
    Comprehensive Management, better service, lower OpEx
  • Intelligent Management Center (VM Aware)
    HP FlexFabric technology
    Comprehensive Management, better service, lower OpEx
  • TippingPoint Overview
    2001: Pioneered In-line IPS
    2005: Acquired by 3Com
    2005: Gartner Leader’s Quadrant
    2006: Gartner Leader’s Quadrant
    2007: Gartner Leader’s Quadrant
    2008: Gartner Leader’s Quadrant
    2009: Gartner Leader’s Quadrant
    2010: Acquired by HP
    7,000+ customers
    Gartner “Magic Quadrant”
    Network IPS Appliances 2009
  • TippingPoint IPS Platform
    Security Management System
    Dirty Traffic
    Goes In
    Clean Traffic
    Comes Out
    IPS Platform
    Availability
    • In-line reliability
    • High throughput
    • Low latency
    Security
    • Filter quality
    • Fastest coverage
    • Broadest coverage
    Costs
    • Quick to deploy
    • Recommended settings
    • Easy to manage
    October 20, 2010
    11
  • TippingPoint IPS Reliability
    Hardware:
    Zero Power High Availability (ZPHA)
    Maintains traffic if power fails
    Dual hot-swappable power supplies
    Software:
    Automated L2 fallback and recovery
    Self monitoring of Security and Mgmt
    L2 fallback option if thresholds exceeded
    Hitless OS upgrades and reboots
    Link down synchronization
    Links mirrored and brought down together
    Redundancy
    High Availability Features
    IPS synchronise blocked flows
    Efficient HA
    Multiple redundancy options
    Active-Active, or Active-Passive
    No requirement to waste segments/ports
    No IP address or MAC address
    Transparent to network HA and routing protocols
    HSRP, VRRP, OSPF, EIGRP, BGP
    October 20, 2010
    12
  • Broadest Protection
    Application & O/S Coverage
    2009 Microsoft Vulnerabilities
    • Microsoft
    • Cisco
    • SAP
    • EMC
    • CA
    • Sun
    • Mozilla
    • Novell
    • Oracle
    • Apple
    • Citrix
    • Adobe…
    Vulnerability Coverage
    146/163 Covered
    Threat Coverage
    • Malware – worms, viruses, Trojans, etc.
    • Spyware
    • Phishing, Whaling and Spear Phishing
    • Un-patched devices, O/S and applications
    • Web Application Attacks
    • XSS, PHP Includes and SQL Injection, etc.
    • Unwanted Applications – IM and P2P
    • Policy Settings
    • Protocol Anomaly Checks
    13
    October 20, 2010
  • Fastest Protection
    Infonetics 2008 “IPS Customer Survey”
    2009 Microsoft Vulnerabilities
    Speed of Coverage
    -31 days; 146/163 Covered
    October 20, 2010
    14
  • DVLabs security research
    An IPS Platform is Only as Good
    As its Security Intelligence
    Zero-Day Initiative
    DVLabs
    Leading security research and filter development
    1,200+ Independent Researchers
    DVLabs Research & QA
    ThreatLinQ Monitoring
    TippingPoint IPS Platform
    30+ Dedicated Researchers
    2,000+ Customers Participating
    DVLabs Services:
    Digital Vaccine
    Web App DV & Scanning
    Reputation DV
    Custom DV
    ThreatLinQ
    Lighthouse Program
    Partners
    SANS, CERT, NIST, etc.
    Software & Reputation Vendors
    15
    October 20, 2010
  • Virtual Software Patch
    Vulnerability
    False Positives
    (coarse filter)
    Virtual Software Patch
    (TippingPoint Filter )
    Exploit B
    (missed by
    Exploit Filter A)
    Exploit A
    Standard IPS Exploit Filter
    for Exploit A
    HP TippingPoint’svulnerability filter acts as a Virtual Software Patch, streamlining the patching process
  • Vulnerability filters
    An old example (we have been doing this for a long time)
    The Blaster/Nachi RPC DCOM Buffer Overflow
    Microsoft proprietary implementation
    How it should work:
    Open connection (TCP ports 135, 139, 445, 593, UDP 135)
    Bind to interface
    Call function
    Supply arguments
    Server expects the arguments to include a filename in the format: erverfile
    where server is a NetBIOS name and therefore no longer than 32 bytes.
    One published exploit the value of erverfile was ..long_string_with_shellcode...filename
    This caused a buffer overflow on the target system – allowed injection of arbitrary code to run with system privileges
  • Vulnerability filters
    No false negatives:
    The following must be in place for any exploit:
    Open connection (TCP ports 135, 139, 445, 593, UDP 135)
    Bind to interface
    Call function
    Supply arguments
    All exploits must comply to the above – if we detect the above we detect all possible exploits
    We have a no false negative filter – we won’t miss any attacks
    No false positives:
    One step is never seen in good traffic
    Step 4 includes a server NetBIOS name never seen in good traffic (anything greater than 32 bytes)
    We also have a no false positive filter – we won’t block good traffic
  • HP TippingPoint Product Line
    IPS Platform Solutions
    Security Intelligence
    10GE Networks, Core, Data Center, Service Providers…
    ROBO, Perimeter, Zone isolation, MSPs…
    Management, Accessories
    DVLabs Services
    HP S 10 IPS
    HP S 660N IPS
    HP Core Controller
    HP Digital Vaccine
    20Mbps • 2 Segments
    750Mbps • 10 Segments
    20Gbps • 3x10GbE Segments
    Broadest Coverage • Evergreen Protection
    HP S 110 IPS
    HP S 1400N IPS
    HP Security Management System (SMS)
    HP Web App DV and Scanning
    100Mbps • 4 Segments
    1.5Gbps • 10 Segments
    Manage Multiple Units • Central Dashboard
    Web Scan• Custom Filters • PCI Report
    HP S 330 IPS
    HP S 2500N IPS
    HP SSL Appliance 1500S
    HP Reputation DV
    Reputation DV
    300Mbps • 4 Segments
    3Gbps • 11 Segments
    Transparent SSL Bridging and Off-Loading
    IP Reputation • DNS Reputation
    HP S 5100N IPS
    VMC and V-controller
    1200 N IPS module (HP A 7500)
    HP Custom DV
    IPS for Virtualisation
    DV
    toolkit
    5Gbps • 11 Segments
    Visibility &control in virtualised data centres
    1.3 Gbps• VLAN segments
    Customised DV
  • TippingPoint Deployment Options
    TippingPoint
    Digital Vaccine
    Service
    Centralized Policy and
    Configuration Management
    • INTERNAL ATTACKS AGAINST
    • WIRED / WIRELESS LAN INFRASTRUCTURE
    • DATA CENTER
    • INTERNAL & EXTERNAL ATTACKS
    • MAJOR NETWORK SEGMENTS
    • EXTERNAL ATTACKS THROUGH
    • CORPORATE WAN PERIMETER
    • Web APPLICATION INFRASTUCTURE
    • PCI
    • ROBO
    • PERRING POINTS
    Perimeter and internal network deployment extends threat coverage across the network
  • Single Security Model for the Physical AND Virtual Data Center
    Data Center Security With HP TippingPoint
    Virtualized Servers Cluster
    DMZ Zone
    R&D Zone
    Finance Zone
    APP
    APP
    APP
    APP
    APP
    APP
    APP
    APP
    APP
    APP
    APP
    APP
    Physical R&D Servers
    Physical Finance Servers
    OS
    OS
    OS
    OS
    OS
    OS
    OS
    OS
    OS
    OS
    OS
    OS
    Distributed vSwitch
    vController
    vController
    vController
    Security Blade or
    N-Platform IPS
    N-Platform IPS
  • HP FlexFabric for client virtualisation
    Virtualisedserver edge agility
    • Seamless provisioning, network-transparent migration of VM connectivity, precise VM-level bandwidth allocation
    Virtual Connect Flex-10
    Virtual Connect FlexFabric
    Virtualisation-enabling network designs
    Highly-scalable platforms
    Intelligent Resilient Framework (IRF)
    Virtualization-enabling Large Scale Layer 2 Interconnect
    =
    +
    Virtualisation-integrated management & security
    • QoS policy management via VM provisioning/VMotion API integration
    • High performance IPS technology, VM security offload
    TippingPoint IPS + vController
    Intelligent Management Center (IMC)
    Ideally suited to propel virtualisationagility and scale
  • HP FlexFabric delivers…
    Simplicity – streamlined network designs, centralized management
    Agility – wire-once, high performance, accelerated provisioning
    Reduced Cost – fewer systems, lower power, lower cost-of-acquisition, security
  • Stand 430
    Outcomes that matter.