TFI2014 Session I - State of SDN - Gary Hemminger

•Download as PPT, PDF•

2 likes•850 views

The document discusses the state of software-defined networking (SDN) from a security vendor perspective. It notes that SDN simplifies the insertion of layer 4-7 devices like firewalls by eliminating the need to reconfigure underlying network configurations. SDN allows traffic to be steered to enforcement points like firewalls without changing the network configuration. The document also describes how some SDN solutions from vendors like VMware, Nuage Networks, and OpenStack can be used to implement firewall insertion and micro-segmentation of traffic between VMs for security purposes.

Technology

vArmour Networks
State of SDN (from a Security Vendor Standpoint)

State of SDN (from a Security Vendor Standpoint)
• Data center traffic is predominantly East-West and visibility and control is somewhat
non-existent
• Very difficult to re-architect the L2/L3 network configuration to force traffic flows through
an L4-7 device (firewall, load balancer)
• Micro-segmenting VM to VM traffic on the same hypervisor for visibility and control
requires possibly huge number of port groups and VLANs
• Organizations don’t like reconfiguring their virtual and physical network configurations
• SDN vastly simplifies the insertion of L4-7 devices since the underlying L2 configuration
is no longer an issue
• Traffic can be steered to a physical or virtual port and forced through an enforcement
point (ie firewall) without having to reconfigure the network configuration
• Armour sees Security as a use case for why SDN is important and simplifies building
secure, agile data centers
vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 2

State of SDN
• OpenStack Neutron + KVM/Xen OVS offers a nice SDN construct for
firewall insertion
- Some issues with OpenStack multi-vendor and patch support but a number
of customers are using this approach
• VMware NSX Manager and NSX on ESXi offers another alternative SDN
solution
- Services register with NSX Manager and traffic redirection rules push traffic
to firewall port for application inspection, DoS protection, visibility & security
analytics
- Requires NetX API integration
• Nuage networks has a complete SDN solution with service template definitions
and traffic redirection for ESX, KVM, and Xen
- Hypervisor independent solution
- L3 routing capable at hypervisor level
- Easy traffic insertion, but does require port groups on ESXi
vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 3

State of SDN
NSX + Firewall SDN
OpenStack + KVM + Firewall SDN
vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 4

Service Chaining for L4-7 Insertion
Firewall App
Fabric
Delivery
Controllers
Virtualized
Services Platform
Software Defined Networking (SDN)
vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 5

L4-7 Application Traffic Steering with Arista Directflow
• Arista switches programmed to
hash flows across firewalls
• Firewall AppID policy drives
session flow via Arista Directflow
• Eliminates need for 3rd party
Openflow controller
• Simplifies implementation &
operation
• Traffic flows can be steered based
on application policy
• Many use cases: backups, VDI,
Security
• Includes Threat analytics
vArmour Fabric
Directflow
Broker
Arista Switch Distributes Sessions to EPs
EP’s Perform App Identification
vArmour Directflow Broker programs Arista switch
Flow is sent in proper direction based on App Type
vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 6

Combining SDN with VMware’s NSX can accelerate application deployment and delivery in a secure and virtualized network. No longer will your network create a bottleneck when trying to administer new applications. Key topics include: - How SDN allows for innovative ways to use a virtualized network - Why SDN creates greater span of control, network analytics and response - What intelligence can be gained from a global view of the network - How SDN and NSX together allow IT to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand From: "Software Defined Networking for NSX" webinar presented by Scott Hogg of GTRI and Hunter Hansen of VMware on February 3, 2016. Webinar recording: https://youtu.be/t_3DpN3nIXQ

The Evolution of the Data Centre

Cisco Canada

A day in the life of an enterprise CIO can be daunting—challenges such as managing complex environments, security and ongoing TCO pressures face us everyday. Addressing these challenges offer opportunities to significantly improve operations, productivity and have an impact on the bottom line if done successfully. To learn more please visit our website here: http://www.cisco.com/web/CA/index.html

The Changing Data Center Landscape

Cisco Canada

F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)

SDNRG ITB

The Cloudification of the Data Center Network

Enterprise Management Associates

The journey to the digital enterprise requires new thinking. What have you done to modernize your data center network? These slides--based on the webinar featuring Shamus McGillicuddy, senior analyst at leading IT analyst firm Enterprise Management Associates (EMA) and Steven Shalita, vice president of marketing and business development at Pluribus Networks--highlights how the most forward-thinking enterprises are leveraging software-defined technologies to make their data centers more agile, programmable, resilient, and visible.

9th SDN Expert Group Seminar - Session2

NAIM Networks, Inc.

VMworld 2014: Virtualize your Network with VMware NSX

VMworld

vArmour - Securing the Modern Data Centre

Infront

Watch the replay: http://cs.co/9001DxsKP Are you getting unrivaled simplicity, end-to-end visibility, hardware reliability, and consistent policies from your WAN? You can get all of these things when you combine SD-WAN software with Cisco IOS XE routing platforms. Experts from Cisco’s enterprise routing team will be on hand to show you what intent-based networking and software-defined simplicity in the WAN can bring. Powerful new capabilities are possible with a simple software image change. Resources: Watch the related TechWiseTV episode: http://cs.co/9003DvZHt TechWiseTV: http://cs.co/9009DzrjN

VMUGbe 21 Filip Verloy

Filip Verloy

Security and Virtualization in the Data Center

Cisco Canada

The evolving complexity of the data center is placing increased demand on the network and security teams to come up with inventive methods for enforcing security policies in these ever-changing environments. The goal of this session is to provide participants with an understanding of features and design recommendations for integrating security into the data center environment. This session will focus on recommendations for securing next-generation data center architectures. Areas of focus include security services integration, leveraging device virtualization, and considerations and recommendations for server virtualization. The target audience are security and data center administrators.

Ons 2013-nvBruce Davie

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela

Cisco Canada

The Enhanced Cisco Container Platform

Robb Boyd

An Introduction to VMware NSX

Scott Lowe

VMworld 2015: The Future of Network Virtualization with VMware NSX

VMworld

Sdn nfv-day-2016

Eueung Mulyana

SDN & NFV: Driving Additional Value into Managed Services

TBI Inc.

[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'

OpenStack Korea Community

The Data Center Network Evolution

Cisco Canada

What's hot

Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...

Kristoffer Sheather

The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:

Cisco Canada

The Future of Cloud Networking is VMware NSX

Scott Lowe

VMworld 2013: Virtualized Network Services Model with VMware NSX

VMworld

VMworld 2014: Introduction to NSX

VMworld

Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV

PLUMgrid

F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit

kimw001

9th SDN Expert Group Seminar - Session3

NAIM Networks, Inc.

OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안

NAIM Networks, Inc.

Architecture of NFV Platform for Orchestrating Cloud-based & vBranch Managed ...

Cisco Canada

TechWiseTV Workshop: Cisco SD-WAN

Robb Boyd

VMUGbe 21 Filip Verloy

Filip Verloy

Security and Virtualization in the Data Center

Cisco Canada

Ons 2013-nvBruce Davie

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela

Cisco Canada

The Enhanced Cisco Container Platform

Robb Boyd

An Introduction to VMware NSX

Scott Lowe

VMworld 2015: The Future of Network Virtualization with VMware NSX

VMworld

Sdn nfv-day-2016

Eueung Mulyana

SDN & NFV: Driving Additional Value into Managed Services

TBI Inc.

What's hot (20)

Scaling Your SDDC Network: Building a Highly Scalable SDDC Infrastructure wit...

The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:

The Future of Cloud Networking is VMware NSX

VMworld 2013: Virtualized Network Services Model with VMware NSX

VMworld 2014: Introduction to NSX

Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV

F5 Networks - - OpenStack Summit 2016/Red Hat NFV Mini Summit

9th SDN Expert Group Seminar - Session3

OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안

Architecture of NFV Platform for Orchestrating Cloud-based & vBranch Managed ...

TechWiseTV Workshop: Cisco SD-WAN

VMUGbe 21 Filip Verloy

Security and Virtualization in the Data Center

Ons 2013-nv

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela

The Enhanced Cisco Container Platform

An Introduction to VMware NSX

VMworld 2015: The Future of Network Virtualization with VMware NSX

Sdn nfv-day-2016

SDN & NFV: Driving Additional Value into Managed Services

Similar to TFI2014 Session I - State of SDN - Gary Hemminger

[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'

OpenStack Korea Community

The Data Center Network Evolution

Cisco Canada

VMware NSX and Arista L2 Hardware VTEP Gateway Integration

Bayu Wibowo

NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza

VMUG IT

VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...

VMworld

vRA + NSX Technical Deep-Dive

VMUG IT

Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...

Cisco Canada

Self service it with v realizeautomation and nsx

solarisyougood

A consolidated virtualization approach to deploying distributed cloud networks

Aruba, a Hewlett Packard Enterprise company

HPE Distributed Cloud Networking (DCN) enables service providers and large organizations to manage a distributed, multi data center environment in a simple, open and agile way using software-defined networking and network virtualization. At this session, we'll explore HPE Distributed Cloud Networking (DCN), Layer 2 to Layer 4. You will learn how this network virtualization platform optimizes the network by removing inefficiencies.

Secure SDN

APNIC

VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...

NetScaler 11 Update

10052016115136.pptx

Banv meetup-contrail

This hands on workshop for OpenContrail will be led by Sreelakshmi Sarva & Aniket Daptari. This is a labs session so we will have hard RSVP limits. Please RSVP only if you are confident that you will be able to attend. About Sreelakshmi Sarva Sree is currently working as part of solution engineering team at Juniper’s Contrail team. She is responsible for delivering & managing SDN solutions & partnerships relating to Contrail. She has been with Juniper for the last 13 years working on various Routing, Switching, Network programmability & virtualization platforms. Prior to Juniper, She worked at Nortel networks in the Systems Engineering group. Sree received her Masters in Computer Science from University of Texas at Dallas and Bachelor’s in Computer Science from India. About Aniket Daptari Aniket is currently working as part of Juniper Networks' Contrail Cloud Solutions team. He is responsible for delivering SDN solutions and technology partnerships related to Contrail. He has been with Juniper for the last 3 years working on various Network programmability & virtualization platforms. Prior to Juniper, he worked at Cisco Systems in the Internet Systems Business Unit (Catalyst 6500). Aniket received his Masters in Computer Science from University of Southern California and a graduate certificate in Management Science and Engineering from Stanford University. Course Abstract This session will be the first of a series of OpenContrail hands-on tutorials for developers who want to get deep into OpenContrail code. This “Basic OpenContrail Programming” Hands-on Session will focus on making developers proficient in writing and contributing code for our OpenContrail Project. Session will cover the following areas 1) Contrail Overview · Use Cases · Architecture recap 2) Contrail Hands on · Demo + Hands on - Configuration , VN, VM, Network Policies etc · DevStack introduction

Network Function Virtualization (NFV) BoF

APNIC

VMware nsx network virtualization tool

Daljeet Singh Randhawa

Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati

buildacloud

In this talk Suresh will discuss how Nuage Networks Virtualized Services Platform (VSP) helps overcome the challenges that cloud service providers and large enterprises face delivering, and managing, large multi-tenant clouds. He will discuss how Nuage Networks delivers a massively scalable SDN solution that ensures that datacenters, and wide area networks, are able to respond instantly to demand, and are boundary-less. The talk will also provide an overview of the SDN capabilities that Nuage VSP adds to CloudStack. Bio Suresh is the VP of Engineering at Nuage Networks. He has over 19 years experience in software development, building great teams and delivering high quality software. As the first engineer at Nuage Networks, Suresh played a key role in shaping the architecture of the Nuage Virtualized Services Platform (VSP). Suresh’s experience includes extensive protocol development, having developed IP routing and multicast protocols from scratch and deploying them in large ISPs. Suresh was part of the original TiMetra team before becoming part of Alcatel Lucent as Principal Engineer. He then took a role as Director of Engineering at Juniper where he worked on their QFabric product. Earlier in his career, Suresh worked in software engineering at Shasta Networks (Nortel acquired) as well as Fore Systems (Marconi, Ericsson acquired).

VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation

VMworld

VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...

VMworld

VMware NSX for vSphere - Intro and use cases

Angel Villar Garea

Similar to TFI2014 Session I - State of SDN - Gary Hemminger (20)

[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'

The Data Center Network Evolution

VMware NSX and Arista L2 Hardware VTEP Gateway Integration

NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza

VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...

vRA + NSX Technical Deep-Dive

Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...

Self service it with v realizeautomation and nsx

A consolidated virtualization approach to deploying distributed cloud networks

Secure SDN

VMworld 2013: Case Study: VMware vCloud Ecosystem Framework for Network and S...

NetScaler 11 Update

10052016115136.pptx

Banv meetup-contrail

Network Function Virtualization (NFV) BoF

VMware nsx network virtualization tool

Policy Based SDN Solution for DC and Branch Office by Suresh Boddapati

VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation

VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...

VMware NSX for vSphere - Intro and use cases

Recently uploaded

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

The Future of Platform Engineering

Jemma Hussein Allen

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Recently uploaded (20)

Bits & Pixels using AI for Good.........

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Essentials of Automations: Optimizing FME Workflows with Parameters

Accelerate your Kubernetes clusters with Varnish Caching

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

DevOps and Testing slides at DASA Connect

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

Leading Change strategies and insights for effective change management pdf 1.pdf

The Future of Platform Engineering

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Designing Great Products: The Power of Design and Leadership by Chief Designe...

PHP Frameworks: I want to break free (IPC Berlin 2024)

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Connector Corner: Automate dynamic content and events by pushing a button

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

The Art of the Pitch: WordPress Relationships and Sales

TFI2014 Session I - State of SDN - Gary Hemminger

1. vArmour Networks State of SDN (from a Security Vendor Standpoint)

2. State of SDN (from a Security Vendor Standpoint) • Data center traffic is predominantly East-West and visibility and control is somewhat non-existent • Very difficult to re-architect the L2/L3 network configuration to force traffic flows through an L4-7 device (firewall, load balancer) • Micro-segmenting VM to VM traffic on the same hypervisor for visibility and control requires possibly huge number of port groups and VLANs • Organizations don’t like reconfiguring their virtual and physical network configurations • SDN vastly simplifies the insertion of L4-7 devices since the underlying L2 configuration is no longer an issue • Traffic can be steered to a physical or virtual port and forced through an enforcement point (ie firewall) without having to reconfigure the network configuration • Armour sees Security as a use case for why SDN is important and simplifies building secure, agile data centers vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 2

3. State of SDN • OpenStack Neutron + KVM/Xen OVS offers a nice SDN construct for firewall insertion - Some issues with OpenStack multi-vendor and patch support but a number of customers are using this approach • VMware NSX Manager and NSX on ESXi offers another alternative SDN solution - Services register with NSX Manager and traffic redirection rules push traffic to firewall port for application inspection, DoS protection, visibility & security analytics - Requires NetX API integration • Nuage networks has a complete SDN solution with service template definitions and traffic redirection for ESX, KVM, and Xen - Hypervisor independent solution - L3 routing capable at hypervisor level - Easy traffic insertion, but does require port groups on ESXi vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 3

5. Service Chaining for L4-7 Insertion Firewall App Fabric Delivery Controllers Virtualized Services Platform Software Defined Networking (SDN) vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 5

6. L4-7 Application Traffic Steering with Arista Directflow • Arista switches programmed to hash flows across firewalls • Firewall AppID policy drives session flow via Arista Directflow • Eliminates need for 3rd party Openflow controller • Simplifies implementation & operation • Traffic flows can be steered based on application policy • Many use cases: backups, VDI, Security • Includes Threat analytics vArmour Fabric Directflow Broker Arista Switch Distributes Sessions to EPs EP’s Perform App Identification vArmour Directflow Broker programs Arista switch Flow is sent in proper direction based on App Type vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 6

7. L4-7 Application Traffic Steering with Arista Directflow • Arista switches programmed to hash flows across firewalls • Firewall AppID policy drives session flow via Arista Directflow • Eliminates need for 3rd party Openflow controller • Simplifies implementation & operation • Traffic flows can be steered based on application policy • Many use cases: backups, VDI, Security • Includes Threat analytics vArmour Fabric Directflow Broker Arista Switch Distributes Sessions to EPs EP’s Perform App Identification vArmour Directflow Broker programs Arista switch Flow is sent in proper direction based on App Type vArmour Networks, Inc., 2014. All rights reserved. Confidential information. 6

Editor's Notes

The rise and sophistication of cyber crime and breaches in the data center is reaching record levels Detect and block malware and attack is the enterprise top priority Traditional solutions fail: Focus on Perimeter of DC Single location Single-context (connections, or files, or application) Result: Constant Security outbreak due to inadequate security mechanism
The rise and sophistication of cyber crime and breaches in the data center is reaching record levels Detect and block malware and attack is the enterprise top priority Traditional solutions fail: Focus on Perimeter of DC Single location Single-context (connections, or files, or application) Result: Constant Security outbreak due to inadequate security mechanism

TFI2014 Session I - State of SDN - Gary Hemminger

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to TFI2014 Session I - State of SDN - Gary Hemminger

Similar to TFI2014 Session I - State of SDN - Gary Hemminger (20)

More from Colorado Internet Society (CO ISOC)

More from Colorado Internet Society (CO ISOC) (13)

Recently uploaded

Recently uploaded (20)

TFI2014 Session I - State of SDN - Gary Hemminger

Editor's Notes