VMUGIT Meeting - Lecce, 5 Aprile 2018
Antonio Gentile - System Engineer Fortinet Italy - Fortinet Security Fabric - Le nuove sfide della cyber security su infrastrutture software defined
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
VMware is providing a consistent operational fabric across multi-cloud and hybrid environments, allowing applications to be deployed and to run with a single click. Within this context, enterprises are focused on managing the risks of performance and security when delivering applications. NETSCOUT is the leader in providing consistent, real-time visibility and a precise, early warning system into application and service level performance risks and rapid triage to resolve problems across the data center and multi-Cloud. This session details how VMware NSX and NETSCOUT have partnered to provide the next-generation, end to end visibility and troubleshooting analytics which can be deployed natively, invisible to the workload, within the VMware Virtual Cloud Network and NSX-T fabric and across legacy and transformed data center architectures.
Protect Kubernetes Environments with Cisco Stealthwatch CloudRobb Boyd
TechWiseTV Workshop airing live on Wednesday Feb 13, 2019. Catch the replay (and more) at www.techwisetv.com
Description:
Kubernetes is the go-to orchestration solution for automating and scaling a container deployment, be it on premises or in the public cloud. While Kubernetes helps organizations reduce costs and become more agile, it can be difficult to gain east-west visibility into network traffic within containers. This creates visibility gaps that threats could use to avoid detection
Cisco Stealthwatch Cloud provides visibility, analytics, threat detection, and policy monitoring within containers, pods, and nodes. It easily integrates with Kubernetes deployments on premises, in private clouds, or in a public cloud, including Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure.
Stealthwatch Cloud provides an unprecedented level of access into inter-pod and intra-pod communications with your distributed containerized applications.
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
VMware is providing a consistent operational fabric across multi-cloud and hybrid environments, allowing applications to be deployed and to run with a single click. Within this context, enterprises are focused on managing the risks of performance and security when delivering applications. NETSCOUT is the leader in providing consistent, real-time visibility and a precise, early warning system into application and service level performance risks and rapid triage to resolve problems across the data center and multi-Cloud. This session details how VMware NSX and NETSCOUT have partnered to provide the next-generation, end to end visibility and troubleshooting analytics which can be deployed natively, invisible to the workload, within the VMware Virtual Cloud Network and NSX-T fabric and across legacy and transformed data center architectures.
Protect Kubernetes Environments with Cisco Stealthwatch CloudRobb Boyd
TechWiseTV Workshop airing live on Wednesday Feb 13, 2019. Catch the replay (and more) at www.techwisetv.com
Description:
Kubernetes is the go-to orchestration solution for automating and scaling a container deployment, be it on premises or in the public cloud. While Kubernetes helps organizations reduce costs and become more agile, it can be difficult to gain east-west visibility into network traffic within containers. This creates visibility gaps that threats could use to avoid detection
Cisco Stealthwatch Cloud provides visibility, analytics, threat detection, and policy monitoring within containers, pods, and nodes. It easily integrates with Kubernetes deployments on premises, in private clouds, or in a public cloud, including Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure.
Stealthwatch Cloud provides an unprecedented level of access into inter-pod and intra-pod communications with your distributed containerized applications.
T SOLUTION PROVIDERS IN INDIAA premium technology company.
CUBIXTech is the leading company in India and Asia Pacific , compelling and complementing offerings with direct partnership with 10+ “Global Best of Breed” IT infrastructure Solution companies across the globe. Cubixtech Is One of the best IT Solution Provider in India.
We have presence in 8 cities in India and serving more than 200 strong customers in the field of Telecom, BFSI, IT/ITes, Enterprise, Govt and Defence with focused teams addressing pre-sales, sales and post sales.
Our overseas presence includes a International Purchase office at Singapore Global Clientele and Services at APAC , USA and Europe, Our engagement model is direct with the customers and our technical teams are one of the best in the industry.
CUBIXTech is fast growing company and it has won many awards from Global OEMs on Asia Pacific level & One of the Top IT Solution Providers in India.
Driving Success In The Cloud With NGINXNGINX, Inc.
NGINX’s open source technology is to be found at the core of many cloud and end user initiatives, from massive-scale CDNs and Load Balancers to individual Security and Application Delivery solutions. Millions of users worldwide have deployed NGINX to improve the performance, scale, reliability and security of their applications. In this presentation, we’ll look at several case studies, and dive into some of the powerful ways that NGINX can be deployed on cloud and container-lead environments. We will consider application delivery techniques from cloud providers such as Amazon, and compare them with solutions you can tailor to your needs yourself. Concluding, we’ll look at some of the emerging projects and products from the NGINX team, including the Unit application server and Controller management platform.
A New Approach to Continuous Monitoring in the CloudNETSCOUT
In this #CLUS 2019 session, you will learn how NETSCOUT’s smart data platform enables continuous monitoring in hybrid cloud environments to minimize risk and accelerate customer migration to the Cloud. You will review real-life examples of how businesses optimized their Cloud migration gaining visibility and deep insights, in both physical and virtual worlds, to maintain continuity and security of the services throughout the migration process.
Join us to see why Cisco Meraki cloud managed networking solutions offer greater reliability, easier management, and a lower TCO.
We'll walk you through a live demonstration of the Cisco Meraki dashboard and explain how its innovative features can simplify network management, improve availability, and save precious staff time.</p>
we will also share highlights of the entire lineup of Cisco cloud networking solutions, including wireless access points, security appliances, switches and mobile device management.
Assuring VNF image integrity and host sealing in telco cloudShankar Lal
In Telco cloud environment, virtual network functions
(VNFs) can be shipped in the form of virtual machine
images and hosted over commodity hardware. It is likely that
these VNF images will contain highly sensitive data and mission critical network operations. For this reason, these VNF images are prone to malicious tampering during shipping and even after uploaded to the cloud image database. Furthermore, due to various applications, there is a requirement from mobile network operators to seal VNFs on specific platforms which satisfy certain hardware and software configurations. This requires cloud service providers to introduce some mechanisms to verify VNF image integrity and host sealing before the instantiation of VNFs. In this paper, we present a proof of concept demonstrated with the help of an experimental setup to solve the above mentioned problems. We also evaluate the performance of the envisioned setup and present some insights on its usability.
Edge Orchestration & Federated Kubernetes Clusters - Open Networking Summit 2018Cloudify Community
Shay Naeh, Senior Architect in the Cloudify CTO Office's talk from Open Networking Summit Europe 2018. Talking open source edge networking, federated Kubernetes and cloud native stacks - and how to truly achieve an open edge stack.
Presentation by Nicolas Fischbach @niCRO at MPLS/SDN/NFV World Congress 2016 - Paris 2016.
The architecture behind Colt On Demand - which provides self-service capabilities for flexible, PAYG network services. Supports elastic bandwidths, elastic topology and an elastic service edge through SDN/NFV for a digital, real time on demand customer experience.
Production-Grade Kubernetes With NGINX Ingress ControllerNGINX, Inc.
Did you know that NGINX is the most widely used ingress controller with more than 1 Billion downloads? Join us for this exclusive event and learn why NGINX owns over 64% of the market and is by far, the most used Kubernetes Ingress Controller in the world.
vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments. With its patented software, vArmour micro-segments each application by wrapping protection around every workload - increasing visibility, security, and operational efficiency.
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSXPROIDEA
Celem sesji jest pokazanie sposobu integracji rozwiązania FortiGate VMX z infrastrukturą VMware NSX oraz jego możliwości zabezpieczenia wirtualnego środowiska. W ciągu kilkudziesięciu minut przeprowadzimy pełną instalację rozwiązania wraz z jego przykładową konfiguracją i uruchomieniem w środowisku produkcyjnym.
T SOLUTION PROVIDERS IN INDIAA premium technology company.
CUBIXTech is the leading company in India and Asia Pacific , compelling and complementing offerings with direct partnership with 10+ “Global Best of Breed” IT infrastructure Solution companies across the globe. Cubixtech Is One of the best IT Solution Provider in India.
We have presence in 8 cities in India and serving more than 200 strong customers in the field of Telecom, BFSI, IT/ITes, Enterprise, Govt and Defence with focused teams addressing pre-sales, sales and post sales.
Our overseas presence includes a International Purchase office at Singapore Global Clientele and Services at APAC , USA and Europe, Our engagement model is direct with the customers and our technical teams are one of the best in the industry.
CUBIXTech is fast growing company and it has won many awards from Global OEMs on Asia Pacific level & One of the Top IT Solution Providers in India.
Driving Success In The Cloud With NGINXNGINX, Inc.
NGINX’s open source technology is to be found at the core of many cloud and end user initiatives, from massive-scale CDNs and Load Balancers to individual Security and Application Delivery solutions. Millions of users worldwide have deployed NGINX to improve the performance, scale, reliability and security of their applications. In this presentation, we’ll look at several case studies, and dive into some of the powerful ways that NGINX can be deployed on cloud and container-lead environments. We will consider application delivery techniques from cloud providers such as Amazon, and compare them with solutions you can tailor to your needs yourself. Concluding, we’ll look at some of the emerging projects and products from the NGINX team, including the Unit application server and Controller management platform.
A New Approach to Continuous Monitoring in the CloudNETSCOUT
In this #CLUS 2019 session, you will learn how NETSCOUT’s smart data platform enables continuous monitoring in hybrid cloud environments to minimize risk and accelerate customer migration to the Cloud. You will review real-life examples of how businesses optimized their Cloud migration gaining visibility and deep insights, in both physical and virtual worlds, to maintain continuity and security of the services throughout the migration process.
Join us to see why Cisco Meraki cloud managed networking solutions offer greater reliability, easier management, and a lower TCO.
We'll walk you through a live demonstration of the Cisco Meraki dashboard and explain how its innovative features can simplify network management, improve availability, and save precious staff time.</p>
we will also share highlights of the entire lineup of Cisco cloud networking solutions, including wireless access points, security appliances, switches and mobile device management.
Assuring VNF image integrity and host sealing in telco cloudShankar Lal
In Telco cloud environment, virtual network functions
(VNFs) can be shipped in the form of virtual machine
images and hosted over commodity hardware. It is likely that
these VNF images will contain highly sensitive data and mission critical network operations. For this reason, these VNF images are prone to malicious tampering during shipping and even after uploaded to the cloud image database. Furthermore, due to various applications, there is a requirement from mobile network operators to seal VNFs on specific platforms which satisfy certain hardware and software configurations. This requires cloud service providers to introduce some mechanisms to verify VNF image integrity and host sealing before the instantiation of VNFs. In this paper, we present a proof of concept demonstrated with the help of an experimental setup to solve the above mentioned problems. We also evaluate the performance of the envisioned setup and present some insights on its usability.
Edge Orchestration & Federated Kubernetes Clusters - Open Networking Summit 2018Cloudify Community
Shay Naeh, Senior Architect in the Cloudify CTO Office's talk from Open Networking Summit Europe 2018. Talking open source edge networking, federated Kubernetes and cloud native stacks - and how to truly achieve an open edge stack.
Presentation by Nicolas Fischbach @niCRO at MPLS/SDN/NFV World Congress 2016 - Paris 2016.
The architecture behind Colt On Demand - which provides self-service capabilities for flexible, PAYG network services. Supports elastic bandwidths, elastic topology and an elastic service edge through SDN/NFV for a digital, real time on demand customer experience.
Production-Grade Kubernetes With NGINX Ingress ControllerNGINX, Inc.
Did you know that NGINX is the most widely used ingress controller with more than 1 Billion downloads? Join us for this exclusive event and learn why NGINX owns over 64% of the market and is by far, the most used Kubernetes Ingress Controller in the world.
vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments. With its patented software, vArmour micro-segments each application by wrapping protection around every workload - increasing visibility, security, and operational efficiency.
PLNOG19 - Michał Taterka - FortiGate-VMX - integracja z VMware NSXPROIDEA
Celem sesji jest pokazanie sposobu integracji rozwiązania FortiGate VMX z infrastrukturą VMware NSX oraz jego możliwości zabezpieczenia wirtualnego środowiska. W ciągu kilkudziesięciu minut przeprowadzimy pełną instalację rozwiązania wraz z jego przykładową konfiguracją i uruchomieniem w środowisku produkcyjnym.
Protección y acceso a tu información y aplicaciones en Azure y O365 – BarracudaPlain Concepts
Charla impartida en evento Protección y seguridad en entornos de Cloud Hibrida con Azure y O365 sobre Protección y acceso a tu información y aplicaciones en Azure y O365 by Barracuda
Similar to 07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet (20)
VMUGIT Meeting - Lecce, 5 Aprile 2018
Rodolfo Rotondo VMware Sr. Business Solution Strategist, SEMEA - Difendere tutto... difendere niente! Come sviluppare un approccio strategico alla cyber security nell'era del mobile-cloud e degli oggetti interconnessi
VMUGIT Meeting - Lecce, 5 Aprile 2018
Massimiliano Mortillaro, Partner & Principal Analyst at TECHunplugged - IT Analyst, Data Center Consultant, Trusted Advisor Blockchain & Enterprise IT: autostrada del futuro o via senza uscita?
VMUGIT Meeting - Lecce, 5 Aprile 2018
Enrico Signoretti, Head of Product Strategy at OpenIO, blogger at Juku - IIoT. Il futuro è nell'integrazione Cloud-Edge
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
9. Agenda
➢ Fortinet Cloud & SDN Vision
➢ FortiGate-VMX Integration with NSX
➢ Key Points And Licensing
➢ Q&A
10. ‹N›
NSX Platform Network and Security Virtualization
Components
Cloud Consumption
(CMP)
NSX Manager
NSX Controller
Data Plane
• Self Service Portal
• VMware vRealize Automation, vCloud Director, OpenStack, Custom
CMS
• High-performance data plane
• Scale-out distributed forwarding model
• Single configuration portal
• REST API entry-point
• Manages logical networks
• Run-time state
• Scale out, HA
• Separation of control and data plane
ESXi, KVM, Xen
Distributed Services
• Logical Switch
• Distributed Logical Router
• Firewall
• Load Balancer
HW VTEPNSX Edge
11. ‹N›
VMWare-NSX Architecture
Physical Host
NSX vSwitch
VM
VM
VM
NSX vSwitch
VM
User Space
VM
VM
Hypervisor
User Space
Hypervisor
Virtual Network
Cluster Controller
Cloud Mgt Platform
Simplified IP Backplane No VLANs, No ACLs, No Firewall Rules
Existing Physical Network
SrcIP = Hypervisor-1
DstIP = Hypervisor-2
???????
12. ‹N›
Added Value of Security integration in SDDC
Requirements Solution
Visibility on Guest to Guest traffic
Micro-Segmentation and Zero Trust
Control of ‘east-west’ traffic, Inter and Intra VM
security, Logical Security Zone (multi-tier)
Not just firewall, but advanced features
13. ‹N›
Manage
Components for NSX Integration
Mandatory Components for NSX Integration
Third Party Solution
Service Manager
Service Appliance
ESXi Hosts
VMware
vCenter Server
V5.5 or v6.0
VMware vSphere
(Enterprise Plus license
v5.5 or v6.0)
REST API
Fortinet Solution
FortiGate-VMX
Service Manager
FortiGate-VMX
Security Appliance
14. ‹N›
FortiGate-VMX and NSX Integration/Interactions
dvSwitch
FGT-VMX FGT-VMX
Push
polic
y
synch
roniz
ation
to all
Forti
Gate-
VMX
deplo
yed
in
cluste
r 7
Register Fortinet as security service with NSX Manager1
Auto-
deploy
FortiGat
e-VMX
to all
hosts in
security
cluster
2
FortiGat
e-VMX
connects
with
FortiGat
e-VMX
Service
Manager
3
License verification & configuration
synchronization with
FortiGate-VMX
4
NSX
Secur
ity
Polic
y
define
netwo
rk
intros
pectio
n
rules
to
redire
ct
traffic
5
Real-time updates of object database6
FortiGate-VMX
Service Manager
15. ‹N›
FortiGate-VMX and NSX Manager Setup
Adding VMware NSX details on FortiGate Service Manager
FortiGate VMX Service on NSX Manager
16. ‹N›
FGT-VMX imports NSX Security Groups
● On NSX create Security Groups and assign “Objects”
Security Groups defined on NSX are automatically created on FGT-VMX
17. ‹N›
FGT-VMX imports NSX Security Groups
● On NSX create Security Groups and assign “Objects”
● FortiGate VMX automatically imports the Security Groups as a dynamic firewall
addresses with the VMs IP address
Security Groups defined on NSX are automatically created on FGT-VMX
18. ‹N›
NSX Security Group definition and usage
Server SG
FortiGate-VMX NSX Manager
Service Groups created on NSX Manager
automatically get sent to the FortiGate-VMX and
are available for Policy Creation
Policy Created on FortiGate-
VMX using Exchanged
Security Group
19. ‹N›
VMware Kernel
dvSwitch
FGT-VMX and VMWARE NSX Filter Driver Interaction
1 Define NGFW Firewall Policies
2
Sync config on FGT-VMX
FGT-VMX
NetX NSX Filter Driver
int
ext
Packet Flow
1. From VM to NSX Filter Driver
2. NSX Filter Driver Forward to Third
party Solution (FGT-VMX)
3. FGT-VMX applies Security and sends
packet back to NSX Filter Driver
4. NSX Filter Driver can do service
chaining or send packet to destination
FortiGate-VMX
Service Manager
A B
20. ‹N›
Policy Creation
● Firewall Policy is now IP independent
Policy created based on Security Group
Internal External
Distributed
Virtual
Switch
21. ‹N›
VMWare-NSX Architecture with FortiGate-VMX
Physical Host
NSX vSwitch
VM VM
VM
NSX vSwitch
VM
User Space
VM
VM
Hypervisor
User Space
Hypervisor
Virtual Network
Cluster Controller
Cloud Mgt Platform
Existing Physical Network
Anti-botnet
Intrusion
Prevention
Antivirus
Application
Control
Web Application
Firewall
Web Filtering
FortiAnalyzer
Logging & Reporting
FortiSandbox
ATP
FortiGate-VMX
Service Manager
FortiGate-VMX
Security Appliance
FortiGate-VMX
Security Appliance
22. Agenda
➢ Fortinet Cloud & SDN Vision
➢ FortiGate-VMX Integration with NSX
➢ License Model and Key Points
➢ Q&A
23. ‹N›
FortiGate-VMX License Model
● One license for the FortiGate-VMX Service Manager
● Simple license based on number of FGT-VMX Security Appliance deployed
» One FortiGate-VMX license per ESXi host
» No limits placed on resources (virtual or hardware), nor number of protected VM workloads
Hypervisor with 2 sockets Hypervisor with 1 socket 2 FGT-VMX
Licenses
3 FGT-VMX
Licenses
Hypervisor with 2 sockets
Central license server with auto decrement
24. ‹N›
● Utilizing Fortinet Virtual Domains
(VDOMs)
• Segment a single FortiGate-VMX Security
Node to service different flows completely
segregated from each other.
• Greater flexibility for both Enterprise and
Managed Service Providers as seen in the
sample Security Policy configurations
below.
FortiGate-VMX VDOMs
25. ‹N›
Migration (vMotion) Support
● Migration
» Session handover done by VM is picked up by VMX
Hypervisor with 2 sockets Hypervisor with 2 sockets
Web-01 App-
01
SSH
SSH
26. ‹N›
FortiGate-VMX Key Points
● Real Multi-tenancy (VDOM) support
● Per Security Appliance instance Resource monitor
● Improved throughput for firewall and security functionality using TSO (TCP Segment Offload)
● Service Manager to Security Appliance instantaneous update of the security policies
● Automatic creation of NSX Security Groups in FortiGate-VMX Service Manager
● Central license server with auto decrement
● OVF footprint < 40 MB
● License independent from physical or virtual resources
● NSX integrated upgrade process
● Real-time FortiGuard updates
27. Agenda
➢ Fortinet Cloud & SDN Vision
➢ FortiGate-VMX Integration with NSX
➢ Key Points And Licensing
➢ Q&A