SlideShare a Scribd company logo

Juniper and VMware: Taking Data Centre Networks to the Next Level

Juniper Networks
Juniper Networks

Kevin Piper's presentation from VForum Sydney on vGW architecture, functional modules and automation and customer examples.

Technology
1 of 33
Download to read offline
Juniper and VMware: Taking Data Centre Networks to the Next Level Kevin Piper, Senior Product Line Manager for Virtual Security Juniper Networks
AGENDA 1 Virtualization Market & Challenges 2 vGW Architecture Overview 3 vGW Functional Modules 4 Automation and Customer Examples 5 Virtual and Physical 2
Market summary & challenges 3
Market Dynamics Cloud Computing Services, Virtualization Top CIO 2011 Priorities –Gartner, CIO Survey, January 2011 Virtualization 2.0 includes a host of new use cases that range from high availability and DR to hosted clients and true utility computing –IDS, Worldwide Virtual Machine Software Forecast, August 2011 91% of respondents told Forrester that they are using virtual servers for production workloads. That’s up dramatically from 78% in 2010 –Forrester, Storage Choices for Virtual Server Environments, March 2011 The top 3 drivers for deploying new security solutions for virtualized environments are preventing new threats specific to virtual environments, preventing inter-VM threats, and maintaining secure server configurations –Infonetics, Security for Virtualized Infrastructure, April 2011 “Data sprawl” was rated as a top security issue by the IT professionals surveyed on their opinions about server virtualization –Kuppinger Cole, Virtualization Security Trends & Insights Surveys, November 2010 4
Security implication of virtualization Physical Network Virtual Network VM1 VM2 VM3 ESX/ESXi Host Virtual Switch HYPERVISOR Firewall/IDS Sees/Protects Physical Security Is “Blind” to All Traffic between Servers Traffic between Virtual Machines 5
THE ISOLATION CHALLENGE IN THE VSWITCH VM Isolation Challenge • vSwitches provide only basic connectivity • VMs plugged into the same vSwitch have direct access via the hypervisor • Port groups that are assigned VLAN IDs need a layer 3 device for routing • Distributed vSwitches don’t realistically address security • VM admins can assign vNICs to any network (even accidentally) 6
APPROACHES TO SECURING VIRTUAL NETWORKS VLANs & Physical Traditional Security Integrated 1 Segmentation 2 Agents 3 Virtual Security VM1 VM2 VM3 VM1 VM2 VM3 VM1 VM2 VM3 ESX/ESXi Host ESX/ESXi Host ESX/ESXi Host VS VS Virtual Security Layer VS HYPERVISOR HYPERVISOR HYPERVISOR Regular Thick Agent for FW & AV 7
Vgw architecture OVERVIEW 8
INDUSTRY RECOGNITION OF VGW  Distinction • 1st purpose-built virtual firewall • Widely recognized innovation leader Most Innovative Company RSA® Conference 2010 9
THE VGW PURPOSE-BUILT APPROACH  Service Provider & Enterprise Grade • Three Tiered Model 1 • VMware Certified (signed binaries!) Virtual Security 2 Design • Protects each VM and the hypervisor Center for vGW VM VM1 VM2 VM3 • Fault-tolerant architecture (i.e., HA) ESX or ESXi Host  Virtualization-aware Partner Server (IDS, SIM, Syslog, Netflow) • “Secure VMotion” scales to 3 1,000+ hosts THE vGW ENGINE Packet Data VMware Kernel • “Auto Secure” detects/protects VMWARE API’s Any vSwitch new VMs (Standard, DVS, 3rd Party)  Granular, Tiered Defense HYPERVISOR • Stateful firewall, integrated IDS, and AV • Flexible Policy Enforcement – zone, VM group, VM, individual vNIC 10
vGW Security Design VM Architecture vGW Security Design Firewall vGW Security Design Management Install VMware VI-API Connector VM Inventory Admin/User Web UI & Status XML – RPC vCenter Server Time Server Provisioning server Connector (NTP) Certificate Authority Management Connector Admin/User (vGW Security VM) Netflow Policy Connector Netflow Collector VM Ownership Flow Statistics Reporting Processor Processor Engine Engine Engine Syslog Connector SEIM/Syslog Collector Caching & DB Optimization Engine VMWARE VSWITCH OR CISCO 1000V Alerting SMTP Engine Policy DB Netflow & Firewall Log DB SNMP 11
vGW Svm and kernel Architecture ESX/ESX(i) Host vGW Security VM Management Connector Netflow Connector Netflow vGW Security Design Collector Policy Engine AV & IDS Log (XML) Signatures Distribution Syslog Control Connector Connector SEIM/Syslog Collector ESX/ESX(i) Kernel vGW VMsafe FastPath Control Span Connector Connector IDS/IPS Connection Server Table Connection Table VM-Firewall Engines VM-Firewall Engines Wireshark Packet Packet Endpoint VMWARE VSWITCH OR Ingress Egress CISCO 1000V VMware DvFilter Virtual Switch: VMware vSwitch, VMware dvSwitch, or 3rd Party 12
VGW - PERFORMANCE TCP Throughput Test (Standard 1500 Byte packet size). See slide notes for details 13
VGW – MANAGEMENT SCALABILITY & FLEXIBILITY Multi-Center allows linking of configuration information for Select which objects multiple Security you want to sync Design vGW VM’s with delegate centers (‘linked-mode’) Split-Center allows you to divide one vCenter into separate logical entities for Complete isolation of data centers different Security Design vGW VMs. 14
Vgw functional modules 15
vGW modules Main Firewall AntiVirus Compliance Dashboard view of Firewall policy Full AV protection Out-of-box and the virtual system management for VMs custom rules engine threats (including and logs alerts on VM/host VM quarantine view) config changes Network IDS Introspection Reports Visibility of Centralized view Centralized VM Automated reports inter-VM traffic flows of IDS alerts and view (includes OS, for all functional ability to drill-down apps, hot fixes, modules on attacks etc.) 16
VGW – NETWORK VISIBILITY All VM traffic flows stored in database and available for analysis Benefits: • Visibility to all VM communications • Ability to spot design issues with security policies Connections • Single click to more detail on VMs tab shows open traffic flow Custom time Left-hand tree interval for selection troubleshooting navigates right-hand pane 17
VGW – FIREWALL Complete firewall protection for any network traffic to or from a VM Benefits: • Extremely flexible protection down to the vNIC • Ability to automatically assign policies to VMs • Ability to quarantine VMs for immediate isolation • Kernel implementation isolates connection table and rule base Define a quarantine policy for use on AV, Compliance or Image Enforcer violations 18
VGW – IDS Send selectable traffic flows to internal IDS engine for deep-packet analysis against dynamic signature set. Security rule filters what is IDS inspected Review IDS Alerts by Targets and Sources Click on Alert Change “Time Type to get Interval” to further details expand time slot about the or set “Custom Signature that Time Period” to triggered the review historical Alert data 19
VGW – ANTIVIRUS AntiVirus components controlled centrally (scanner config, alert viewing, infected file remediation) On-Demand and On- Access Scan Configurations AV Dashboard for quick status understanding File Quarantine 20
VGW ANTIVIRUS PERFORMANCE % Performance Degradation 1 (30 VMs – MS Office On-Access Execution Time) 2 On-Demand File Scans Run at ~5MB/second!! 3 VM Memory Usage (MB) 4 VM Disk Usage (MB) 21
VGW – INTROSPECTION  Introspection is the agent-less ability to scan a VM’s virtual disk contents to understand what’s installed – OS, SP, Applications, Registry Values  Benefits: • Know exactly what’s installed in a VM and automatically attach relevant security policy! • Categorize discovered values and easily determine install states (Application and VM views) • Use Image Enforcer to define a ‘”gold” image (template or VM) then discover how VMs deviate from this across time • Works for Windows and Linux 22
VGW – COMPLIANCE The compliance module includes pre-defined rules based on virtual security best practices and an engine so customers can define their own rules.  Benefits: • Define rules on any VM or VM group (alerts and reports for compliance rule violations) • Automatically quarantine VMs into an isolated network if they violate a rule • Rules relevant to both VM and host configuration Classifications of checks (VMware best • Enhanced rule editor for intuitive manipulation of attributes practices, etc.) Easily see rule violations 23
VGW – REPORTS Pre-defined and customizable reports covering all of solution modules Benefits: • Generate reports in PDF or CSV formats • Automatically send scheduled reports via email or store directly in vGW management center • Scoping mechanism isolates contents (Customer/Dept A’s VMs never show up in Customer/Dept B’s report) AntiVirus Reports Report on Image Enforcer profiles 24
automation AND CUSTOMER EXAMPLES 25
AUTOMATION - SMART GROUPS Smart Groups allow for the use of attributes to create dynamic system associations. Benefits: • Tie vGW product discoveries to Smart Group definitions. • Tie vCenter and VM config attributes to Smart Group definitions • Attributes are read real time so if a VM changes in vCenter, it’s instantly updated in vGW Smart Groups help capability allows administrator to see name, description and values of attributes Priority and precedence level can be defined to Tier Groups easily 26
xerox implementation Customer Goals  Develop a multi-tenant virtualized data hosting cloud on VMware  Ability to secure each guest VM in a mixed workload environment  Utilize custom portal for customers (long term)  Resolved firewall complexity and increased network visibility Why Juniper?  vGW was selected because of the tight integration with vCenter, ability to dynamically apply policy to new VMs (Smart Groups) and robust firewall feature set.  vGW enables complete control and compliance in the cloud 27
AUTOMATION - VGW CLOUD SECURITY SDK Policy Automation of security policy controls • Security integration into VM provisioning process • Policy delegation to group admins or end-users • Multi-Tenant Policy Management XML-RPC based API • Programmatically control VM policy configuration • APIs for all functions done within UI Cloud SDK Download Location: https://www.juniper.net/support/products/vgw/#sw SDK Contains • XML-RPC API Documentation • Python scripts implementing APIs • Web portal application – PoC user 28 delegated policy controls
HOSTING.COM IMPLEMENTATION (POWERED BY VGW) 29
Virtual and physical INTEGRATION 30
Integrated with Juniper data center Security VM1 VM2 VM3 ALTOR vGW Central Policy Management vGW VMware vSphere Firewall Event Syslogs Netflow for Inter-VM Traffic Zone Synchronization & Traffic Mirroring STRM Network Juniper SRX Juniper IDP 31
SRX AND VGW – MICRO-SEGMENTATION ESX-1 BLUE VMs BELONG TO CUSTOMER “A” IN CREATE A SRX ZONE “A” FOR ZONE 1 = VLAN 221 1 CUSTOMER “A” WITH VLAN 221 VGW CREATE A SRX ZONE POLICY 2 SRC ANY DST ZONE “A” ACTION REJECT Data Center ESX-2 Switching SRX5800 VGW TELL VGW ABOUT SRX AND REFINE “SMART GROUPS” WITH 3 CUSTOMER “A” 4 CUSTOMER “A” VM INFORMATION CREATE VGW POLICY TO 5 SEGMENT WITHIN CUSTOMER “A” VMs 32
CONCLUSION vGW enables virtualization and clouds • Purpose-built approach maximizes throughput, capacity and scale • Industry benchmark for administrative ease and scale • Innovation makes enforcement granular and dynamic • Complete suite of security and visibility tools for virtual environments vGW as part of Juniper data center security • Comprehensive protection for all workloads • Extended security through several points of integration 33

Recommended

Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuVirtSGR
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Windows 2008 R2 Virtualization
Windows 2008 R2 VirtualizationWindows 2008 R2 Virtualization
Windows 2008 R2 VirtualizationEduardo Castro
 
Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Rishi Sharma
 
Nexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentNexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentSal Lopez
 
XS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceXS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceThe Linux Foundation
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLiveAction Next Generation Network Management Software
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?LiveAction Next Generation Network Management Software
 

Recommended

Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuVirtSGR
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
 
Windows 2008 R2 Virtualization
Windows 2008 R2 VirtualizationWindows 2008 R2 Virtualization
Windows 2008 R2 VirtualizationEduardo Castro
 
Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]Rishi Sharma
 
Nexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentNexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentSal Lopez
 
XS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceXS Boston 2008 Fault Tolerance
XS Boston 2008 Fault ToleranceThe Linux Foundation
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLiveAction Next Generation Network Management Software
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?LiveAction Next Generation Network Management Software
 
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Damir Bersinic
 
What’s new in vShield 5
What’s new in vShield 5What’s new in vShield 5
What’s new in vShield 5Eric Sloof
 
Vmware
VmwareVmware
VmwareMajid Khan
 
z/VM 6.2: Increasing the Endless Possibilities of Virtualization
z/VM 6.2: Increasing the Endless Possibilities of Virtualizationz/VM 6.2: Increasing the Endless Possibilities of Virtualization
z/VM 6.2: Increasing the Endless Possibilities of VirtualizationIBM India Smarter Computing
 
XS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishXS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishThe Linux Foundation
 
XS Boston 2008 OVF
XS Boston 2008 OVFXS Boston 2008 OVF
XS Boston 2008 OVFThe Linux Foundation
 
XS Boston 2008 Malware & Training
XS Boston 2008 Malware & TrainingXS Boston 2008 Malware & Training
XS Boston 2008 Malware & TrainingThe Linux Foundation
 
Cisco nexus 1000v
Cisco nexus 1000vCisco nexus 1000v
Cisco nexus 1000vikewu83
 
Nakajima numa-final
Nakajima numa-finalNakajima numa-final
Nakajima numa-finalThe Linux Foundation
 
Ian Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 KeynoteIan Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 KeynoteThe Linux Foundation
 
Intel vmcs-shadowing-paper
Intel vmcs-shadowing-paperIntel vmcs-shadowing-paper
Intel vmcs-shadowing-paperAhmed Sallam
 
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamWHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamSymantec
 
XS 2008 Boston VTPM
XS 2008 Boston VTPMXS 2008 Boston VTPM
XS 2008 Boston VTPMThe Linux Foundation
 
Lund security workshop_presentation
Lund security workshop_presentationLund security workshop_presentation
Lund security workshop_presentationnpaladi
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
VMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityVMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityArrow ECS UK
 
Cloud security
Cloud securityCloud security
Cloud securityinsoonjo
 
Virtual Server 2004 Overview
Virtual Server 2004 OverviewVirtual Server 2004 Overview
Virtual Server 2004 Overviewwebhostingguy
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
Security Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server VirtualizationSecurity Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server Virtualizationrsnarayanan
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2vivekbhat
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 

More Related Content

What's hot

Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Damir Bersinic
 
What’s new in vShield 5
What’s new in vShield 5What’s new in vShield 5
What’s new in vShield 5Eric Sloof
 
z/VM 6.2: Increasing the Endless Possibilities of Virtualization
z/VM 6.2: Increasing the Endless Possibilities of Virtualizationz/VM 6.2: Increasing the Endless Possibilities of Virtualization
z/VM 6.2: Increasing the Endless Possibilities of VirtualizationIBM India Smarter Computing
 
XS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishXS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishThe Linux Foundation
 
Cisco nexus 1000v
Cisco nexus 1000vCisco nexus 1000v
Cisco nexus 1000vikewu83
 
Intel vmcs-shadowing-paper
Intel vmcs-shadowing-paperIntel vmcs-shadowing-paper
Intel vmcs-shadowing-paperAhmed Sallam
 
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamWHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamSymantec
 
Lund security workshop_presentation
Lund security workshop_presentationLund security workshop_presentation
Lund security workshop_presentationnpaladi
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised EnvironmentPeter Wood
 
VMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityVMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityArrow ECS UK
 
Cloud security
Cloud securityCloud security
Cloud securityinsoonjo
 
Virtual Server 2004 Overview
Virtual Server 2004 OverviewVirtual Server 2004 Overview
Virtual Server 2004 Overviewwebhostingguy
 

What's hot (18)

Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
 
What’s new in vShield 5
What’s new in vShield 5What’s new in vShield 5
What’s new in vShield 5
 
Vmware
VmwareVmware
Vmware
 
z/VM 6.2: Increasing the Endless Possibilities of Virtualization
z/VM 6.2: Increasing the Endless Possibilities of Virtualizationz/VM 6.2: Increasing the Endless Possibilities of Virtualization
z/VM 6.2: Increasing the Endless Possibilities of Virtualization
 
XS Japan 2008 Project Status English
XS Japan 2008 Project Status EnglishXS Japan 2008 Project Status English
XS Japan 2008 Project Status English
 
XS Boston 2008 OVF
XS Boston 2008 OVFXS Boston 2008 OVF
XS Boston 2008 OVF
 
XS Boston 2008 Malware & Training
XS Boston 2008 Malware & TrainingXS Boston 2008 Malware & Training
XS Boston 2008 Malware & Training
 
Cisco nexus 1000v
Cisco nexus 1000vCisco nexus 1000v
Cisco nexus 1000v
 
Nakajima numa-final
Nakajima numa-finalNakajima numa-final
Nakajima numa-final
 
Ian Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 KeynoteIan Pratt Usenix 08 Keynote
Ian Pratt Usenix 08 Keynote
 
Intel vmcs-shadowing-paper
Intel vmcs-shadowing-paperIntel vmcs-shadowing-paper
Intel vmcs-shadowing-paper
 
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamWHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
 
XS 2008 Boston VTPM
XS 2008 Boston VTPMXS 2008 Boston VTPM
XS 2008 Boston VTPM
 
Lund security workshop_presentation
Lund security workshop_presentationLund security workshop_presentation
Lund security workshop_presentation
 
Security in a Virtualised Environment
Security in a Virtualised EnvironmentSecurity in a Virtualised Environment
Security in a Virtualised Environment
 
VMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised securityVMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised security
 
Cloud security
Cloud securityCloud security
Cloud security
 
Virtual Server 2004 Overview
Virtual Server 2004 OverviewVirtual Server 2004 Overview
Virtual Server 2004 Overview
 

Similar to Juniper and VMware: Taking Data Centre Networks to the Next Level

BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
Security Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server VirtualizationSecurity Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server Virtualizationrsnarayanan
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2vivekbhat
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudGraeme Wood
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2vivekbhat
 
The Evolution of Virtual Mentality
The Evolution of Virtual MentalityThe Evolution of Virtual Mentality
The Evolution of Virtual MentalityJuniper Networks
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentationMangesh Gunjal
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
 
Evolúcia, alebo revolúcia? vSphere 5 update
Evolúcia, alebo revolúcia? vSphere 5 updateEvolúcia, alebo revolúcia? vSphere 5 update
Evolúcia, alebo revolúcia? vSphere 5 updateASBIS SK
 
The Architecture Of V Mware Es Xi
The Architecture Of V Mware Es XiThe Architecture Of V Mware Es Xi
The Architecture Of V Mware Es XiRishi Sharma
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudTrend Micro (EMEA) Limited
 
Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012
Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012
Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012Virsto Software
 
Virtualization: Hyper-V, VMM, App-V and MED-V.
Virtualization: Hyper-V, VMM, App-V and MED-V.Virtualization: Hyper-V, VMM, App-V and MED-V.
Virtualization: Hyper-V, VMM, App-V and MED-V.Microsoft Iceland
 
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual routerTakeshi Nakajima
 
12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group MeetupMidokura
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Integrate 3rd party security solution into CloudStack
Integrate 3rd party security solution into CloudStackIntegrate 3rd party security solution into CloudStack
Integrate 3rd party security solution into CloudStackmice_xia
 
Vm Ware Presentation Key Note
Vm Ware Presentation Key NoteVm Ware Presentation Key Note
Vm Ware Presentation Key Notecsharney
 

Similar to Juniper and VMware: Taking Data Centre Networks to the Next Level (20)

BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
 
Security Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server VirtualizationSecurity Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server Virtualization
 
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
 
Virtualization securityv2
Virtualization securityv2Virtualization securityv2
Virtualization securityv2
 
The Evolution of Virtual Mentality
The Evolution of Virtual MentalityThe Evolution of Virtual Mentality
The Evolution of Virtual Mentality
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
Virtualization presentation
Virtualization presentationVirtualization presentation
Virtualization presentation
 
Virtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualizationVirtually Secure: Uncovering the risks of virtualization
Virtually Secure: Uncovering the risks of virtualization
 
Evolúcia, alebo revolúcia? vSphere 5 update
Evolúcia, alebo revolúcia? vSphere 5 updateEvolúcia, alebo revolúcia? vSphere 5 update
Evolúcia, alebo revolúcia? vSphere 5 update
 
Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008Ian Prattlinuxworld Xen Aug2008
Ian Prattlinuxworld Xen Aug2008
 
The Architecture Of V Mware Es Xi
The Architecture Of V Mware Es XiThe Architecture Of V Mware Es Xi
The Architecture Of V Mware Es Xi
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
 
Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012
Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012
Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012
 
Virtualization: Hyper-V, VMM, App-V and MED-V.
Virtualization: Hyper-V, VMM, App-V and MED-V.Virtualization: Hyper-V, VMM, App-V and MED-V.
Virtualization: Hyper-V, VMM, App-V and MED-V.
 
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
 
12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Integrate 3rd party security solution into CloudStack
Integrate 3rd party security solution into CloudStackIntegrate 3rd party security solution into CloudStack
Integrate 3rd party security solution into CloudStack
 
Vm Ware Presentation Key Note
Vm Ware Presentation Key NoteVm Ware Presentation Key Note
Vm Ware Presentation Key Note
 

More from Juniper Networks

Why Juniper, Driven by Mist AI, Leads the Market
Why Juniper, Driven by Mist AI, Leads the Market Why Juniper, Driven by Mist AI, Leads the Market
Why Juniper, Driven by Mist AI, Leads the MarketJuniper Networks
 
Experience the AI-Driven Enterprise
Experience the AI-Driven EnterpriseExperience the AI-Driven Enterprise
Experience the AI-Driven EnterpriseJuniper Networks
 
How AI Simplifies Troubleshooting Your WAN
How AI Simplifies Troubleshooting Your WANHow AI Simplifies Troubleshooting Your WAN
How AI Simplifies Troubleshooting Your WANJuniper Networks
 
Real AI. Real Results. Mist AI Customer Testimonials.
Real AI. Real Results. Mist AI Customer Testimonials.Real AI. Real Results. Mist AI Customer Testimonials.
Real AI. Real Results. Mist AI Customer Testimonials.Juniper Networks
 
Are you able to deliver reliable experiences for connected devices
Are you able to deliver reliable experiences for connected devicesAre you able to deliver reliable experiences for connected devices
Are you able to deliver reliable experiences for connected devicesJuniper Networks
 
Stop Doing These 5 Things with Your SD-WAN
Stop Doing These 5 Things with Your SD-WANStop Doing These 5 Things with Your SD-WAN
Stop Doing These 5 Things with Your SD-WANJuniper Networks
 
Securing IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic ApproachSecuring IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic ApproachJuniper Networks
 
Smart Solutions for Smart Communities: What's Next & Who's Responsible?
Smart Solutions for Smart Communities: What's Next & Who's Responsible?Smart Solutions for Smart Communities: What's Next & Who's Responsible?
Smart Solutions for Smart Communities: What's Next & Who's Responsible?Juniper Networks
 
Are You Ready for Digital Cohesion?
Are You Ready for Digital Cohesion?Are You Ready for Digital Cohesion?
Are You Ready for Digital Cohesion?Juniper Networks
 
Juniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper Networks
 
SDN and NFV: Transforming the Service Provider Organization
SDN and NFV: Transforming the Service Provider OrganizationSDN and NFV: Transforming the Service Provider Organization
SDN and NFV: Transforming the Service Provider OrganizationJuniper Networks
 
Navigating the Uncertain World Facing Service Providers - Juniper's Perspective
Navigating the Uncertain World Facing Service Providers - Juniper's PerspectiveNavigating the Uncertain World Facing Service Providers - Juniper's Perspective
Navigating the Uncertain World Facing Service Providers - Juniper's PerspectiveJuniper Networks
 
vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks Juniper Networks
 
NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud Juniper Networks
 
Juniper SRX5800 Infographic
Juniper SRX5800 InfographicJuniper SRX5800 Infographic
Juniper SRX5800 InfographicJuniper Networks
 
Infographic: 90% MetaFabric Customer Satisfaction
Infographic: 90% MetaFabric Customer SatisfactionInfographic: 90% MetaFabric Customer Satisfaction
Infographic: 90% MetaFabric Customer SatisfactionJuniper Networks
 
Infographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastInfographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastJuniper Networks
 
High performance data center computing using manageable distributed computing
High performance data center computing using manageable distributed computingHigh performance data center computing using manageable distributed computing
High performance data center computing using manageable distributed computingJuniper Networks
 

More from Juniper Networks (20)

Why Juniper, Driven by Mist AI, Leads the Market
Why Juniper, Driven by Mist AI, Leads the Market Why Juniper, Driven by Mist AI, Leads the Market
Why Juniper, Driven by Mist AI, Leads the Market
 
Experience the AI-Driven Enterprise
Experience the AI-Driven EnterpriseExperience the AI-Driven Enterprise
Experience the AI-Driven Enterprise
 
How AI Simplifies Troubleshooting Your WAN
How AI Simplifies Troubleshooting Your WANHow AI Simplifies Troubleshooting Your WAN
How AI Simplifies Troubleshooting Your WAN
 
Real AI. Real Results. Mist AI Customer Testimonials.
Real AI. Real Results. Mist AI Customer Testimonials.Real AI. Real Results. Mist AI Customer Testimonials.
Real AI. Real Results. Mist AI Customer Testimonials.
 
SD-WAN, Meet MARVIS.
SD-WAN, Meet MARVIS.SD-WAN, Meet MARVIS.
SD-WAN, Meet MARVIS.
 
Are you able to deliver reliable experiences for connected devices
Are you able to deliver reliable experiences for connected devicesAre you able to deliver reliable experiences for connected devices
Are you able to deliver reliable experiences for connected devices
 
Stop Doing These 5 Things with Your SD-WAN
Stop Doing These 5 Things with Your SD-WANStop Doing These 5 Things with Your SD-WAN
Stop Doing These 5 Things with Your SD-WAN
 
Securing IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic ApproachSecuring IoT at Scale Requires a Holistic Approach
Securing IoT at Scale Requires a Holistic Approach
 
Smart Solutions for Smart Communities: What's Next & Who's Responsible?
Smart Solutions for Smart Communities: What's Next & Who's Responsible?Smart Solutions for Smart Communities: What's Next & Who's Responsible?
Smart Solutions for Smart Communities: What's Next & Who's Responsible?
 
What's Your IT Alter Ego?
What's Your IT Alter Ego?What's Your IT Alter Ego?
What's Your IT Alter Ego?
 
Are You Ready for Digital Cohesion?
Are You Ready for Digital Cohesion?Are You Ready for Digital Cohesion?
Are You Ready for Digital Cohesion?
 
Juniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCO
 
SDN and NFV: Transforming the Service Provider Organization
SDN and NFV: Transforming the Service Provider OrganizationSDN and NFV: Transforming the Service Provider Organization
SDN and NFV: Transforming the Service Provider Organization
 
Navigating the Uncertain World Facing Service Providers - Juniper's Perspective
Navigating the Uncertain World Facing Service Providers - Juniper's PerspectiveNavigating the Uncertain World Facing Service Providers - Juniper's Perspective
Navigating the Uncertain World Facing Service Providers - Juniper's Perspective
 
vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks vSRX Buyer’s Guide infographic - Juniper Networks
vSRX Buyer’s Guide infographic - Juniper Networks
 
NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud NFV Solutions for the Telco Cloud
NFV Solutions for the Telco Cloud
 
Juniper SRX5800 Infographic
Juniper SRX5800 InfographicJuniper SRX5800 Infographic
Juniper SRX5800 Infographic
 
Infographic: 90% MetaFabric Customer Satisfaction
Infographic: 90% MetaFabric Customer SatisfactionInfographic: 90% MetaFabric Customer Satisfaction
Infographic: 90% MetaFabric Customer Satisfaction
 
Infographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning FastInfographic: Whack Hackers Lightning Fast
Infographic: Whack Hackers Lightning Fast
 
High performance data center computing using manageable distributed computing
High performance data center computing using manageable distributed computingHigh performance data center computing using manageable distributed computing
High performance data center computing using manageable distributed computing
 

Recently uploaded

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)Wonjun Hwang
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 

Recently uploaded (20)

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 

Juniper and VMware: Taking Data Centre Networks to the Next Level

  • 1. Juniper and VMware: Taking Data Centre Networks to the Next Level Kevin Piper, Senior Product Line Manager for Virtual Security Juniper Networks
  • 2. AGENDA 1 Virtualization Market & Challenges 2 vGW Architecture Overview 3 vGW Functional Modules 4 Automation and Customer Examples 5 Virtual and Physical 2
  • 3. Market summary & challenges 3
  • 4. Market Dynamics Cloud Computing Services, Virtualization Top CIO 2011 Priorities –Gartner, CIO Survey, January 2011 Virtualization 2.0 includes a host of new use cases that range from high availability and DR to hosted clients and true utility computing –IDS, Worldwide Virtual Machine Software Forecast, August 2011 91% of respondents told Forrester that they are using virtual servers for production workloads. That’s up dramatically from 78% in 2010 –Forrester, Storage Choices for Virtual Server Environments, March 2011 The top 3 drivers for deploying new security solutions for virtualized environments are preventing new threats specific to virtual environments, preventing inter-VM threats, and maintaining secure server configurations –Infonetics, Security for Virtualized Infrastructure, April 2011 “Data sprawl” was rated as a top security issue by the IT professionals surveyed on their opinions about server virtualization –Kuppinger Cole, Virtualization Security Trends & Insights Surveys, November 2010 4
  • 5. Security implication of virtualization Physical Network Virtual Network VM1 VM2 VM3 ESX/ESXi Host Virtual Switch HYPERVISOR Firewall/IDS Sees/Protects Physical Security Is “Blind” to All Traffic between Servers Traffic between Virtual Machines 5
  • 6. THE ISOLATION CHALLENGE IN THE VSWITCH VM Isolation Challenge • vSwitches provide only basic connectivity • VMs plugged into the same vSwitch have direct access via the hypervisor • Port groups that are assigned VLAN IDs need a layer 3 device for routing • Distributed vSwitches don’t realistically address security • VM admins can assign vNICs to any network (even accidentally) 6
  • 7. APPROACHES TO SECURING VIRTUAL NETWORKS VLANs & Physical Traditional Security Integrated 1 Segmentation 2 Agents 3 Virtual Security VM1 VM2 VM3 VM1 VM2 VM3 VM1 VM2 VM3 ESX/ESXi Host ESX/ESXi Host ESX/ESXi Host VS VS Virtual Security Layer VS HYPERVISOR HYPERVISOR HYPERVISOR Regular Thick Agent for FW & AV 7
  • 9. INDUSTRY RECOGNITION OF VGW  Distinction • 1st purpose-built virtual firewall • Widely recognized innovation leader Most Innovative Company RSA® Conference 2010 9
  • 10. THE VGW PURPOSE-BUILT APPROACH  Service Provider & Enterprise Grade • Three Tiered Model 1 • VMware Certified (signed binaries!) Virtual Security 2 Design • Protects each VM and the hypervisor Center for vGW VM VM1 VM2 VM3 • Fault-tolerant architecture (i.e., HA) ESX or ESXi Host  Virtualization-aware Partner Server (IDS, SIM, Syslog, Netflow) • “Secure VMotion” scales to 3 1,000+ hosts THE vGW ENGINE Packet Data VMware Kernel • “Auto Secure” detects/protects VMWARE API’s Any vSwitch new VMs (Standard, DVS, 3rd Party)  Granular, Tiered Defense HYPERVISOR • Stateful firewall, integrated IDS, and AV • Flexible Policy Enforcement – zone, VM group, VM, individual vNIC 10
  • 11. vGW Security Design VM Architecture vGW Security Design Firewall vGW Security Design Management Install VMware VI-API Connector VM Inventory Admin/User Web UI & Status XML – RPC vCenter Server Time Server Provisioning server Connector (NTP) Certificate Authority Management Connector Admin/User (vGW Security VM) Netflow Policy Connector Netflow Collector VM Ownership Flow Statistics Reporting Processor Processor Engine Engine Engine Syslog Connector SEIM/Syslog Collector Caching & DB Optimization Engine VMWARE VSWITCH OR CISCO 1000V Alerting SMTP Engine Policy DB Netflow & Firewall Log DB SNMP 11
  • 12. vGW Svm and kernel Architecture ESX/ESX(i) Host vGW Security VM Management Connector Netflow Connector Netflow vGW Security Design Collector Policy Engine AV & IDS Log (XML) Signatures Distribution Syslog Control Connector Connector SEIM/Syslog Collector ESX/ESX(i) Kernel vGW VMsafe FastPath Control Span Connector Connector IDS/IPS Connection Server Table Connection Table VM-Firewall Engines VM-Firewall Engines Wireshark Packet Packet Endpoint VMWARE VSWITCH OR Ingress Egress CISCO 1000V VMware DvFilter Virtual Switch: VMware vSwitch, VMware dvSwitch, or 3rd Party 12
  • 13. VGW - PERFORMANCE TCP Throughput Test (Standard 1500 Byte packet size). See slide notes for details 13
  • 14. VGW – MANAGEMENT SCALABILITY & FLEXIBILITY Multi-Center allows linking of configuration information for Select which objects multiple Security you want to sync Design vGW VM’s with delegate centers (‘linked-mode’) Split-Center allows you to divide one vCenter into separate logical entities for Complete isolation of data centers different Security Design vGW VMs. 14
  • 16. vGW modules Main Firewall AntiVirus Compliance Dashboard view of Firewall policy Full AV protection Out-of-box and the virtual system management for VMs custom rules engine threats (including and logs alerts on VM/host VM quarantine view) config changes Network IDS Introspection Reports Visibility of Centralized view Centralized VM Automated reports inter-VM traffic flows of IDS alerts and view (includes OS, for all functional ability to drill-down apps, hot fixes, modules on attacks etc.) 16
  • 17. VGW – NETWORK VISIBILITY All VM traffic flows stored in database and available for analysis Benefits: • Visibility to all VM communications • Ability to spot design issues with security policies Connections • Single click to more detail on VMs tab shows open traffic flow Custom time Left-hand tree interval for selection troubleshooting navigates right-hand pane 17
  • 18. VGW – FIREWALL Complete firewall protection for any network traffic to or from a VM Benefits: • Extremely flexible protection down to the vNIC • Ability to automatically assign policies to VMs • Ability to quarantine VMs for immediate isolation • Kernel implementation isolates connection table and rule base Define a quarantine policy for use on AV, Compliance or Image Enforcer violations 18
  • 19. VGW – IDS Send selectable traffic flows to internal IDS engine for deep-packet analysis against dynamic signature set. Security rule filters what is IDS inspected Review IDS Alerts by Targets and Sources Click on Alert Change “Time Type to get Interval” to further details expand time slot about the or set “Custom Signature that Time Period” to triggered the review historical Alert data 19
  • 20. VGW – ANTIVIRUS AntiVirus components controlled centrally (scanner config, alert viewing, infected file remediation) On-Demand and On- Access Scan Configurations AV Dashboard for quick status understanding File Quarantine 20
  • 21. VGW ANTIVIRUS PERFORMANCE % Performance Degradation 1 (30 VMs – MS Office On-Access Execution Time) 2 On-Demand File Scans Run at ~5MB/second!! 3 VM Memory Usage (MB) 4 VM Disk Usage (MB) 21
  • 22. VGW – INTROSPECTION  Introspection is the agent-less ability to scan a VM’s virtual disk contents to understand what’s installed – OS, SP, Applications, Registry Values  Benefits: • Know exactly what’s installed in a VM and automatically attach relevant security policy! • Categorize discovered values and easily determine install states (Application and VM views) • Use Image Enforcer to define a ‘”gold” image (template or VM) then discover how VMs deviate from this across time • Works for Windows and Linux 22
  • 23. VGW – COMPLIANCE The compliance module includes pre-defined rules based on virtual security best practices and an engine so customers can define their own rules.  Benefits: • Define rules on any VM or VM group (alerts and reports for compliance rule violations) • Automatically quarantine VMs into an isolated network if they violate a rule • Rules relevant to both VM and host configuration Classifications of checks (VMware best • Enhanced rule editor for intuitive manipulation of attributes practices, etc.) Easily see rule violations 23
  • 24. VGW – REPORTS Pre-defined and customizable reports covering all of solution modules Benefits: • Generate reports in PDF or CSV formats • Automatically send scheduled reports via email or store directly in vGW management center • Scoping mechanism isolates contents (Customer/Dept A’s VMs never show up in Customer/Dept B’s report) AntiVirus Reports Report on Image Enforcer profiles 24
  • 25. automation AND CUSTOMER EXAMPLES 25
  • 26. AUTOMATION - SMART GROUPS Smart Groups allow for the use of attributes to create dynamic system associations. Benefits: • Tie vGW product discoveries to Smart Group definitions. • Tie vCenter and VM config attributes to Smart Group definitions • Attributes are read real time so if a VM changes in vCenter, it’s instantly updated in vGW Smart Groups help capability allows administrator to see name, description and values of attributes Priority and precedence level can be defined to Tier Groups easily 26
  • 27. xerox implementation Customer Goals  Develop a multi-tenant virtualized data hosting cloud on VMware  Ability to secure each guest VM in a mixed workload environment  Utilize custom portal for customers (long term)  Resolved firewall complexity and increased network visibility Why Juniper?  vGW was selected because of the tight integration with vCenter, ability to dynamically apply policy to new VMs (Smart Groups) and robust firewall feature set.  vGW enables complete control and compliance in the cloud 27
  • 28. AUTOMATION - VGW CLOUD SECURITY SDK Policy Automation of security policy controls • Security integration into VM provisioning process • Policy delegation to group admins or end-users • Multi-Tenant Policy Management XML-RPC based API • Programmatically control VM policy configuration • APIs for all functions done within UI Cloud SDK Download Location: https://www.juniper.net/support/products/vgw/#sw SDK Contains • XML-RPC API Documentation • Python scripts implementing APIs • Web portal application – PoC user 28 delegated policy controls
  • 30. Virtual and physical INTEGRATION 30
  • 31. Integrated with Juniper data center Security VM1 VM2 VM3 ALTOR vGW Central Policy Management vGW VMware vSphere Firewall Event Syslogs Netflow for Inter-VM Traffic Zone Synchronization & Traffic Mirroring STRM Network Juniper SRX Juniper IDP 31
  • 32. SRX AND VGW – MICRO-SEGMENTATION ESX-1 BLUE VMs BELONG TO CUSTOMER “A” IN CREATE A SRX ZONE “A” FOR ZONE 1 = VLAN 221 1 CUSTOMER “A” WITH VLAN 221 VGW CREATE A SRX ZONE POLICY 2 SRC ANY DST ZONE “A” ACTION REJECT Data Center ESX-2 Switching SRX5800 VGW TELL VGW ABOUT SRX AND REFINE “SMART GROUPS” WITH 3 CUSTOMER “A” 4 CUSTOMER “A” VM INFORMATION CREATE VGW POLICY TO 5 SEGMENT WITHIN CUSTOMER “A” VMs 32
  • 33. CONCLUSION vGW enables virtualization and clouds • Purpose-built approach maximizes throughput, capacity and scale • Industry benchmark for administrative ease and scale • Innovation makes enforcement granular and dynamic • Complete suite of security and visibility tools for virtual environments vGW as part of Juniper data center security • Comprehensive protection for all workloads • Extended security through several points of integration 33