Open Security Controller enables orchestration of multiple security functions in an OpenStack DC. OSC integrates with multiple SDN controllers and Security VNFs to automate protection of DC resources.
(Source: RSA Conference USA 2017)
8. #RSAC
OSC API Interaction Model
PoliciesUser IntentCloud AppsApplications, User Intent, and Policies
Nuage VSP* Midokura*, Brocade*…NSX*
SDN
Controllers
Virtualization Layer
Physical
Infrastructure
Computing
Hardware
Storage
Layer
Network
Hardware
Virtual Infra
OpenStack*
Virtual
Compute
Virtual
Storage
Virtual
NetworkVirtualized Security Functions
CPA
DPA
Security Function/Element Managers
IPS
Managers
NGFW
Managers
ADC
Managers
Open Security Controller
Manager
Plug-ins
VNF Agent
Plug-ins
Business
Logic
Service Dispatcher
Jobs
Engine
SDN
Plug-ins
Virtualization
Connectors
Security Functions
Catalog
H2 Database
User Interface API
GUI
NB Rest API1
Rest API
Web Sockets
4 Rest API IPC5
Rest API
SFC Policy
3 Rest API
Images,
deployment,
notifications,
authentication
2
• Policy interface
• User intent
• Application intent
• Lifecycle
management
• Deployment
specs, auto-
scaling and HA
• Authentication
• Image services
• Notification for
events
• Role based
access control
• Traffic redirection API
• SFC policy API
• Advanced visibility functionality
(example 6 tuple visibility)
• Dynamic policy updates
and mapping
• Domain/sub domain
updates and mapping
• Control path agent:
provisioning, de-
provisioning,
heartbeats, etc.
• Data path agent:
instrumentation and
real time statistics
12. #RSAC
Customer deployment Workflow
One Time Setup
1. Openstack Connector
2. Create Security Services
a) Policy manager Plugins
for NGFW 1, NGFW 2
3. Configure Security
Services
a) Distributed Appliance
b) Deployment-
Specifications
Protection Policy
1. Define Global Risk based
Sec-Groups
2. All Policy managers
dynamically updated
3. Automated traffic
redirection via SDN
Plugin
Automated Zero-
Trust Security
Network flows automatically
updated to redirect traffic to
security service chain
Security Admin
Spins workload up or down
Dev-Ops