Software-Based Networking & Security for the Cloud
Upcoming SlideShare
Loading in...5
×
 

Software-Based Networking & Security for the Cloud

on

  • 839 views

As the old appliance model in network infrastructures of datacenters and clouds is being replaced by software and virtual machines, next-generation network security is paving the way for secure ...

As the old appliance model in network infrastructures of datacenters and clouds is being replaced by software and virtual machines, next-generation network security is paving the way for secure migration into the cloud. While one of the key benefits of the cloud is network access from any location, this brings to light critical issues including access restrictions and, more importantly, who controls it. Can providers support VPNs or dedicated connections in the IaaS cloud? This session will cover secure cloud migrations and detail the benefits of the customer-controlled virtual firewall, VPN and IPS in the IaaS cloud.

Statistics

Views

Total Views
839
Views on SlideShare
838
Embed Views
1

Actions

Likes
0
Downloads
43
Comments
0

1 Embed 1

http://paper.li 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Software-Based Networking & Security for the Cloud Software-Based Networking & Security for the Cloud Presentation Transcript

  • SOFTWARE-BASEDNETWORKING & SECURITY FOR THE CLOUD Jae Lee, Director of Product Management
  • WHY USE CLOUD SERVICES?No CAPEX, low operational costFast, flexible, elasticYou can focus on business 2
  • WHY OFFER CLOUD SERVICES?Significant increase in demandFaster time-to-market for new servicesHigher value = greater revenue 3
  • CLOUD NETWORKING CHALLENGESHardware limitations – cost, inflexibilityScale servicesMinimize latencyConnect securely to DCMaintain security policy and complianceDecrease complexityAutomate provisioning 4
  • STEP 1: VIRTUALIZE BORDER ROUTER FIREWALL VPN INTRUSION PREVENTION SWITCH 10.0.0.0/24 WEBSERVERS 10.3.0.0/24 APPS & STORAGEENTERPRISE DATACENTER 10.4.0.0/24- UNDER-UTILIZED HARDWARE DATABASE- NO AUTOMATION IN NETWORK MAINTENANCE- EXPENSIVE TO SCALE- HARD LIMITATIONS FORCE OVERPROVISIONING 5
  • VIRTUALIZATION STALL Web Servers Applications Database VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 vSWITCH Hypervisor 1 Hypervisor 2 Hypervisor 3System ACCESS SWITCHNetwork AGGREGATION SWITCH FIREWALL LEGACY VIRTUAL DATACENTER CORE - LATENCY - NO PROTECTION BETWEEN VLANS BORDER ROUTER - NOT SCALABLE - HARDWARE FIREWALL COSTS - REQUIRES NETWORK ADMIN TO INSTALL / SCALE 6
  • IN-HYPERVISOR NETWORK SECURITY Web Servers Applications Database VLAN2 VLAN1 VLAN2 VLAN1 VLAN2 VLAN1 vNIC vNIC vNIC vSWITCH Hypervisor 1 Hypervisor 2 Hypervisor 3System ACCESS 10.0.0.0/12 SWITCHNetworkVIRTUAL DATACENTER W/ VIRTUAL APPLIANCEALL TRAFFIC IS INSPECTED WITHIN HYPERVISOR SWITCH- FIREWALL PROTECTS ALL TRAFFIC DIRECTIONS AGGREGA TION ELIMINATES LATENCY FIREWALL INTER-VLAN TRAFFIC INSPECTION BORDER ROUTER- PER-TENANT DEDICATED NETWORK CONTROLS PROVISIONED ON DEMAND 7
  • APPLICATION ON-BOARDING Data Center Cloud Environment VM App Servers Web Servers Database Servers VM VM Application VM Workload VM VM VM VM VM VM VM VM VM VM VM VM Other Tools WAN VM TestDev vSwitch VM VM Management Hypervisor VM VDI VM VMActive Directory DNS Vyatta Vyatta L2 GRE Tunnel + IPSec VPN or OpenVPN (SSL) 8
  • APPLICATION ON-BOARDING Enterprise Data Center Cloud Environment VM VM VM Database Tier Compliance / Application Tier Trust Model Preserved Web Services Tier VM VM VM VM Other Tools VM WAN VM VM TestDev VMPhysical vSwitch N-Tier VM VM Management Hypervisor VM VDI VM VM Active Directory DNS Vyatta Vyatta L2 GRE Tunnel + IPSec VPN or OpenVPN (SSL) 9
  • LEVERAGING AMAZON VPN Cloud Bridge s NAT + Firewall er rv Se Remote Workers eb W Public Enterprise Datacenter Internet Vyatta AMI VM VM VPC s er VM VM Internet rv Se Gateway V e VM M bas ta PrivateDa Private or Public Cloud VYATTA AMI – COMPLETE NETWORKING IN AMAZON VPC AGGREGAT - NO LIMIT TO # OF VPN TUNNELS ION - SECURELY CONNECT INTO MULTIPLE VPCs FROM A SINGLE - CREATE FULL VPN MESH BETWEEN MULTIPLE VPCs - SECURELY BRIDGE CLOUD TO CLOUD OR DATACENTER TO CLOUD - SINGLE INTEGRATED PACKAGE OF FW, VPN, IPS, URL FILTERING, FULL LAYER 3 10
  • Vyatta Enterprise With Vyatta ROUTER FIREWALL VPN IPS SWITCH 10.0.0.0/24 WEBSERVERS 10.3.0.0/24 APPS & STORAGE 10.3.0.0/24 VYATTA ENTERPRISE DATACENTER 10.4.0.0/24 NETWORK EDGE AND LAN COMPRISED OF STANDARD x86- BASED SYSTEMS APPS & STORAGE and VYATTA SOFTWARE - LEVERAGE STANDARD x86 SERVER HARDWARE DATABASE - MODERN QUAD CORE + SYSTEMS DELIVER 10Gbps PERFORMANCE 10.4.0.0/24 - SYSTEM SCALABILITY USING STANDARD COMPONENTS - SOFTWARE – BASED UPGRADE PATH - COST A FRACTION OF COMPARABLE CISCO / JNPR GEAR DATABASE 11
  • 12