Security for shared infrastructure in Cisco ONE Enterprise Cloud Suite BRKPCA-2040
|
|
- Charla Leonard
- 5 years ago
- Views:
Transcription
1
2 Security for shared infrastructure in Cisco ONE Enterprise Cloud Suite Roxana Diaz TSA, CCIE
3 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers Conclusion
4 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers Conclusion
5 Introduction
6 Journey to Cloud Virtualization Private Cloud Hybrid Cloud Enhanced virtual networking Segregation of duties Better visibility Automation Self Service Secure Segmentation Secure DC extension to public cloud Ecosystem of public clouds N1KV/VSG Standalone N1KV/VSG/CSR1KV VACS (in CECS) N1KV Cloud VEM/VSG/CSR1KV (in CECS) Cloud Services Platform DC and Cloud Network Function Virtualization Platform CECS Cisco Enterprise Cloud Suite / VSG Virtual Security Gateway N1KV Nexus1000v DVS / CSR1KV Cloud Services Router 1000v BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Cisco Enterprise Cloud Suite Automate Compute, Network, ACI, Storage & Virtual (UCSD) Enterprise Data Center Infrastructure BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 Cisco Enterprise Cloud Suite Automate Compute, Network, ACI, Storage & Virtual (UCSD) WEB APP DB Enterprise Data Center Infrastructure BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 BRKPCA
10 Cisco Enterprise Cloud Suite Self-service Catalog (PSC) Dashboard (UCSD) Secure Application Segmentation (VACS) Automate Compute, Network, ACI, Storage & Virtual (UCSD) WEB APP DB Enterprise Data Center Infrastructure BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers Conclusion
12 Cisco VACS Overview
13 Cisco Virtual Application Cloud Segmentation (VACS) Services Secure segmentation in minutes on shared infrastructure Simplified virtual networking and security Unified virtual services licensing: cost-effective solution BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 Secure Segmentation in Minutes on Shared Infrastructure Current physically segmented architecture Virtual segmentation with VACS Physical segmentation results in longer provisioning time and under-utilized resources Virtual segmentation independent of physical topology Procure, rack, stack and provision individual devices Enforced by best in class virtual networking and security services VACS VACS Secure segmentation in mins on shared infrastructure Vcenter Simplified virtual networking and security Unified virtual services licensing: cost-effective solution Vcenter BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Simplified Virtual Networking and Security on Shared Infrastructure Current provisioning model VACS Provision subnet / NAT / Routing Provision VIP Provision FW rules / GW Vcenter BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Simplified Virtual Networking and Security on Shared Infrastructure Current provisioning model Wizard based provisioning model with full life cycle mgmt. of virtual services No longer have to configure individual components. VACS does it for you. VACS VACS Provision subnet / NAT / Routing Provision VIP Provision FW rules / GW Vcenter Vcenter BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Unified Virtual Services Licensing Per Server Based Current pricing schema makes virtual services cost prohibitive Every vendor has different licensing schema Per instance based Expensive as throughout increases BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 Unified Virtual Services Licensing Per Server Based Current pricing schema makes virtual services cost prohibitive Every vendor has different licensing schema Per instance based Expensive as throughout increases VACS Automated Provisioning and Orchestration Cisco UCS director Load-balancer HA Proxy Routing/Edge FW Cisco CSR 1000V Or Cisco ASAv Zone based FW Cisco Virtual Security Gateway Unified Licensing Per Server Based* Create as many instances as you need with up to 10G throughput!** Virtual Fabric Cisco Nexus 1000V Platform for Distribute FW BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 VACS Delivering Secure Virtual Network aas (SvNaaS) Virtual Secure Network aas with complete Automation and Life-Cycle- Management Load Balancer aas Out-of-Box HA Proxy Integration VACS Routing aas Out-of-Box CSR1000Vor ASAv routes and GW Edge Firewall aas Out-of-Box ASAv or CSR1000V IOS XE FW Web application Web-1 w w w w w w Web application Web-2 Web-1 zone Web-2 zone Public Design App-1 (VM3) App-1 zone App-2 zone Confidential Design App-2 (VM4) Micro Segmentation aas Create Security Group VXLAN or VLAN based BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers Conclusion
21 VACS Configuration
22 Deeper View: VACS Containers 3-Tier (Internal) Template Upstream Router Routing EIGRP or Static VACS 3 Tier App Container (Internal) CSR 1000V VLAN 10/ VXLAN 101 VSG Zone-based FW HA Proxy HTTP(s) LB Web Zone App Zone DB Zone BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Deeper View: VACS Containers 3-Tier (Internal) Template Upstream Router Routing EIGRP or Static VACS 3 Tier App Container (Internal) CSR 1000V VLAN 10/ VXLAN G Throughput NAT (Optional) L3 Routing EIGRP or Static Edge FW Monitoring Features Permit VSG Zone-based FW Deny HA Proxy HTTP(s) LB Web Zone App Zone DB Zone BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Deeper View: VACS Containers 3-Tier (External) Template Upstream Router Routing EIGRP or Static VACS 3 Tier App Container (External) CSR 1000V VLAN 10/ VXLAN 101 VSG Zone-based FW HA Proxy HTTP(s) LB Web Zone App Zone DB Zone BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Deeper View: VACS Containers 3-Tier (External) Template Upstream Router Routing EIGRP or Static VACS 3 Tier App Container (External) CSR 1000V VLAN 10/ VXLAN 101 VSG Zone-based FW 10G Throughput NAT (Optional) L3 Routing EIGRP or Static Edge FW Monitoring Features HA Proxy HTTP(s) LB Web Zone App Zone DB Zone BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 Custom VACS Containers Template Upstream Router Routing EIGRP or OSPF or Static VACS Custom Container CSR 1000V VLAN 10/ VXLAN 101 VSG Zone-based FW NAT (Optional) L3 Routing EIGRP or OSPF (P2) Edge FW Monitoring Features HA Proxy Any Zone LB Zone 1 Zone 2 BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 Gateway choices with VACS Flexibility in combining VACS services with user-deployed services Built-In Virtual GW Physical Gateway Other Virtual Gateway V M V M V M V M V M V M V M V M V M VACS VACS VACS OR CSR 1000v ASAv Physical GW ASA/Checkpoint, PAN External Virtual GW vpan, vgw Full firewall capabilities via ASAv integration with up to 2Gbps throughput BYOL license for ASAv BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 VACS Holistic Approach to Workload Segmentation Rich Ecosystem with Simple Setup Based on UCS Director (included with Cisco Enterprise Cloud Suite license) Nexus 1000V, Virtual Security Gateway, ASAv, CSR1000v ASA, FirePOWER Threat Defense roadmap items BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 How to Segment the Virtual Switch Wizard Driven with Template Based Policy Definitions BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 How to Segment the Virtual Switch Wizard Driven with Template Based Policy Definitions BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 Completed VACS Template Summary BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Auto-Documentation Dynamically Track Services and Virtual Machines Real-time Report of Container Configuration Organized by Policy, Per VM Mapping/Tracking BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Holistic Environment Control Simplified Day-2 Operations Spin Environment Up/Down Reclaim Resources Seamlessly Add VM s to Tiers (Tie VM into Services) Manage Firewall Rules from Same Console BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers Conclusion
35 Security Use-cases
36 Traditional approach to Security o Traditional firewalls designed to keep threats out of the network o Virtualization lateral movement 1 Public Web application Web-1 Public DB (DB-1) o M&M model Once across the perimeter firewall, malware is essentially free to propagate across the entire data center o Hackers are increasingly piggybacking malicious payloads atop legitimate traffic. Bob Alice www www Confidential Web application Web-2 Confidential DB (DB-2) Physical Infrastructure o Need for double protection strategy make security ubiquitous BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 Introducing Micro-segmentation Web application VM1 ww w www Public DB (VM3) Granular Control + Operationally Simpler Web application VM2 Confidential DB (VM4) = micro-segmentation strategy Prevent Lateral (server-server/ VM - VM) threat movement BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 Micro-segmentation with VACS Micro-segmentation in a few Clicks Web application Web-1 ww w Web-1 zone Public DB DB-1 (VM3) DB-1 zone Define Zones Add VMs www Web-2 zone DB-2 zone Apply zone based policies Web application Web-2 Confidential DB DB-2 (VM4) Source Destinatio n Policy Web-1 DB-1 Allow Web-2 DB-2 Allow Web-1 DB-2 Drop Web-2 DB-1 Allow BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 Demo
40 BRKPCA
41 ASAv Support in VACS Upstream Router VACS 3 Tier App Container (Custom) ASAv Up to 2G Throughput L3 Routing Edge FW VLAN 10/VXLAN 101 VSG Zone-based FW HA Proxy HTTP(s) LB Web Zone App Zone DB Zone All ASAv Day 0 operations supported with VACS Custom containers Support for all ASAv license levels (ASAv5, ASAv10, ASAv30) BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 CSR1Kv vs ASAv Gateway features CSR1Kv ASAv License Included as part of VACS license BYOL Smart License, not included as part of VACS Throughput 10 Gbps Up to 2Gbps based on ASAv license Features All IP features Basic Security featurs : ACL, AAA, RADIUS, and TACACS+, ZBFW, ALG High Availability Using HSRP Stateful HA VACS container support Internal, External, Custom Custom Full-feature ASAv with complete perimeter firewall functionality VACS Container Sizing N/A Depends on ASAv license level o Small ASAv5 o Medium ASAv10 o Large ASAv30 Default ALG support Supported only in non-ha mode Default : HTTP, HTTPS, FTP, DNS, ICMP Additional : SQLNET, MSSQL, LDAP Default : FTP, DNS, SQLNET, H323 H225, H323 RAS, IP-OPTIONS, NETBIOS, RSH, RTSP, SKINNY, ESMTP, SUNRPC, TFTP, SIP, XDMCP Additional : ICMP, HTTP, IPv6, MGCP and more BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 Evolution of truly Secure Segmentation VACS domain + physical ( mixed environment) Existing customer base with TrustSec (Cisco ISE) focused on Physical Network Elements (NX7k/6k/5k, Catalyst) Extend the segmentation to virtualized applications Why Secure Group Tags are not effective with virtualization Physical segmentation will reach to Presentation Tier Physical segmentation extended across all Application Tiers is NOT secure from folks like Bob BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 46
44 Extend Cisco TrustSEC to Virtual Infrastructure with VACS Security Group Combined Virtual & Physical Micro Segmentation defined in a simple policy table or matrix automated with VACS or ISE Scalable architecture w/out increase in operational complexity Applied across Catalyst (Campus and Branch) and Nexus (Data Center) with VACS independent of the topology Security Firewalling with ASA or ASAv Segmentation defined in a simple VACS Integration with Cisco policy table TrustSEC or matrix Applied across Nexus VACS can Consume or Create 7000/5500/2000/ the SecureGroupTags VACS independent of the topology deployed on the switches through ISE ASAv is aware of all the zones Stop attack at the virtual perimeter SGACL enabled Device Virtual Enforcement w/ VACS Physical Servers Data Center Core Layer DC Access Layer DC Aggregation Layer DC Service Layer SGACL enabled Device SG Firewall enabled Device BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 47
45 Extending micro-segmentation to physical domain 1. VACS creates a container with Web application VM1 App VM3 Public Design DB (DB1) Web and App Tiers www 2. Get the Zone to IP mapping for both zones from VSG www 3. Program the NX1kV with IP to Web application VM2 App VM4 SecureGroupTag mapping Confidential Design DB (DB2) 4. Program the Bare Metal DB zone SecureGroupTags on N5K to be granular 5. Program firewall rules (ACLs) VACS on N5K ASAv Nexus 5000 SXP Cisco ISE ( Identity Services Engine) BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 48
46 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers Conclusion
47 VACS Customers
48 Cedacri Cloud service provider in Italy VACS through Cisco Enterprise Cloud Suite enabled Cedacri to onboard new customers 90 percent faster while ensuring security compliance Cisco VACS gives us the speed and agility we need to stay ahead in a competitive cloud market. Customer benefits: Multi-tenancy in minutes Zero trust security using microsegmentation Differentiating the service provider cloud - Alessandro Spigaroli, Head of Architecture & Innovation, Cedacri BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 51
49 Lightedge Solutions IT service provider to businesses in United States With UCSD + VACS we were able to take a complex, multi-zone IT platform with over 20 unique security zones and deploy a fully functional replica of this environment in hours. Prior to UCSD+VACS this same deployment, using manual procedures and physical security devices, took well over 60 days to deliver to our customer Customer benefits: Building a custom cloud environment with self-service capabilities Secure Segmentation for their business customers Security policy compliance - Mike McHenry VP Cloud and Cloud Architecture, LightEdge BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 52
50 Agenda Introduction Cisco VACS Overview VACS Configuration Security Use-cases Customers Conclusion
51 Conclusion
52 Summary VACS is the security pillar of the Cisco Enterprise Cloud Suite VACS provides micro-segmentation today across a common hypervisor environment (Cisco NX1kV) VACS is the most Effective Tool to achieve Secure Segmentation and enhanced automation in a journey to ITaaS Reach out to your Cisco account team for further assistance! Try it out in dcloud (access available to those with a cisco.com login) BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 55
53 Q & A
54 Complete Your Online Session Evaluation Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online BRKPCA Cisco and/or its affiliates. All rights reserved. Cisco Public 57
55 There has never been a better time to effectively segment workloads Thankyou
56
Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.
Cisco Enterprise Cloud Suite Overview 2015 Cisco and/or its affiliates. All rights reserved. 1 CECS Components End User Service Catalog SERVICE PORTAL Orchestration and Management UCS Director Application
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationChapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationCisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer
Cisco Virtual Networking Solution Nexus 1000v and Virtual Services Abhishek Mande Engineer mailme@cisco.com Agenda Application requirements in virtualized DC The Anatomy of Nexus 1000V Virtual Services
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationFast IT - Policy Driven Infrastructure for the Intercloud World
Fast IT - Policy Driven Infrastructure for the Intercloud World Paul Horrocks Technical Solution Architect Agenda What is Fast IT? What is Policy? How Cisco delivers Fast IT The foundation for Fast IT
More informationCisco Virtual Application Container Services 2.0 Lab v1
Cisco Virtual Application Container Services 2.0 Lab v1 Last Updated: 02-SEP-2015 About This Solution Cisco Virtual Application Container Services (VACS) enables simplified deployment of Secure Application
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationData Center and Cloud Automation
Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve
More informationOrchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud
Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud 2 Orchestrate the Cloud Infrastructure Business Drivers for Cloud Long Provisioning Times for New Services o o o Lack
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 4 About
More informationApplication Provisioning
Overview, page 1 Application Categories, page 1 Application Containers, page 2 Catalogs, page 7 Self-Service Provisioning, page 8 Overview After you have allocated your resources among your user groups,
More informationCisco Virtual Security Gateway (VSG) Mohammad Salaheldin
Cisco Virtual Security Gateway (VSG) Mohammad Salaheldin Virtual Security Gateway (VSG) Overview VSG Packet Flow VSG Policy Model Use Case Example ASA on 1000V Summary 2011 Cisco and/or its affiliates.
More informationCisco ONE Enterprise Cloud Suite
Cisco ONE Enterprise Cloud Suite Pragmatic Progression to Cloud Automation Geoff Soon Today s Businesses Require Greater Agility Focus on increasing speed of business Customers expect on-demand service
More informationIntroducing Cisco Cloud Administration CLDADM v1.0; 5 Days; Instructor-led
Introducing Cisco Cloud Administration CLDADM v1.0; 5 Days; Instructor-led Course Description Introducing Cisco Cloud Administration (CLDADM) is a new 5-day ILT course designed to help students prepare
More informationCisco Unified Data Center Strategy
Cisco Unified Data Center Strategy How can IT enable new business? Holger Müller Technical Solutions Architect, Cisco September 2014 My business is rapidly changing and I need the IT and new technologies
More informationSecuring Containers Using a PNSC and a Cisco VSG
Securing Containers Using a PNSC and a Cisco VSG This chapter contains the following sections: About Prime Network Service Controllers, page 1 Integrating a VSG into an Application Container, page 3 About
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationCustomer s journey into the private cloud with Cisco Enterprise Cloud Suite
Customer s journey into the private cloud with Cisco Enterprise Cloud Suite Peter Charpentier, Senior Solution Architect, Cisco AS Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker
More informationDC: Le Converged Infrastructure per Software Defined e Cloud Cisco NetApp - Softway. Luigi MARCOCCHIA SOFTWAY
DC: Le Converged Infrastructure per Software Defined e Cloud Cisco NetApp - Softway Luigi MARCOCCHIA SOFTWAY Today s Businesses Require Greater Agility Focus on increasing speed of business Customers expect
More informationPSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco
PSOACI-4592 Why ACI: An overview and a customer (BBVA) perspective TJ Bijlsma César Martinez Joaquin Crespo Technology Officer DC EMEAR Cisco Lead Architect BBVA Lead Architect BBVA Cisco Spark How Questions?
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationCisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack
White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationSAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012
SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD May 2012 THE ECONOMICS OF THE DATA CENTER Physical Server Installed Base (Millions) Logical Server Installed Base (Millions) Complexity and Operating
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationAutomation of Application Centric Infrastructure (ACI) with Cisco UCS Director
Automation of Application Centric Infrastructure (ACI) with Cisco UCS Director Raju Penmetsa @RajuPenmetsa1 Data Center Group Agenda IT Complexity Solution for ACI Automation Cisco UCS Director Application
More informationCisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13
Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual
More information2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
2018 Cisco and/or its affiliates. All rights reserved. Cisco Public PSODCN-1030 Intent Based Systems Deliver Automation Dave Malik Cisco Fellow and Chief Architect Advanced Services @dmalik2 2018 Cisco
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationCisco SDN 解决方案 ACI 的基本概念
Cisco SDN 解决方案 ACI 的基本概念 Presented by: Shangxin Du(@shdu)-Solution Support Engineer, Cisco TAC Aug 26 th, 2015 2013 Cisco and/or its affiliates. All rights reserved. 1 Type Consumption Delivery Big data,
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationCloud Technologies Public and Private Cloud Interconnection
Cloud Technologies Public and Private Cloud Interconnection Danut Agache - Technical Manager, CCIE #14573 Bogdan Nita - Data Center Architectures Consultant AGENDA About Us Cloud Technologies - Public
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET1949BU Seamless Network Connectivity for Virtual and Bare-metal s with NSX Suresh Thiru Sridhar Subramanian VMworld 2017 Content: Not for publication VMworld 2017 - NET1949BU Disclaimer This presentation
More informationCisco UCS Director: Integrated Infrastructure Management
Data Sheet Cisco UCS Director: Integrated Infrastructure Management Challenges Data center strategy has become a critical part of business strategy. Today, more than ever, the methods of IT deployment
More informationModelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer
Modelos de Negócio na Era das Clouds André Rodrigues, Cloud Systems Engineer Agenda Software and Cloud Changed the World Cisco s Cloud Vision&Strategy 5 Phase Cloud Plan Before Now From idea to production:
More informationMigration from Classic DC Network to Application Centric Infrastructure
Migration from Classic DC Network to Application Centric Infrastructure Kannan Ponnuswamy, Solution Architect, Cisco Advanced Services Acronyms IOS vpc VDC AAA VRF STP ISE FTP ToR UCS FEX OTV QoS BGP PIM
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More informationNGFWv and ASAv in Public Cloud
and ASAv in Amazon Web Services (AWS) and Azure Jesper Rathsach jrathsac@cisco.com Consulting cybersecurity systems engineer, Cisco Systems 29 th August 2018 Introduktion til public cloud Overblik over,
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationCisco Application Centric Infrastructure
Data Sheet Cisco Application Centric Infrastructure What s Inside At a glance: Cisco ACI solution Main benefits Cisco ACI building blocks Main features Fabric Management and Automation Network Security
More informationHybrid Cloud Solutions
Hybrid Cloud Solutions with Cisco and Microsoft Innovation Rob Tappenden, Technical Solution Architect rtappend@cisco.com March 2016 Today s industry and business challenges Industry Evolution & Data Centres
More informationTitle DC Automation: It s a MARVEL!
Title DC Automation: It s a MARVEL! Name Nikos D. Anagnostatos Position Network Consultant, Network Solutions Division Classification ISO 27001: Public Data Center Evolution 2 Space Hellas - All Rights
More informationCreating Application Containers
This chapter contains the following sections: General Application Container Creation Process, page 1 Creating Application Container Policies, page 2 About Application Container Templates, page 5 Creating
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationNetwork Virtualization Business Case
SESSION ID: GPS2-R01 Network Virtualization Business Case Arup Deb virtual networking & security VMware NSBU adeb@vmware.com I. Data center security today Don t hate the player, hate the game - Ice T,
More informationBuilding a Video Optimized Private Cloud Platform on Cisco Infrastructure Rohit Agarwalla, Technical
Building a Video Optimized Private Cloud Platform on Cisco Infrastructure Rohit Agarwalla, Technical Leader roagarwa@cisco.com, @rohitagarwalla DEVNET-1106 Agenda Cisco Media Blueprint Media Workflows
More informationCreating Application Containers
This chapter contains the following sections: General Application Container Creation Process, page 1 Creating Application Container Policies, page 3 About Application Container Templates, page 5 Creating
More informationDELL EMC VSCALE FABRIC
NETWORK DATA SHEET DELL EMC VSCALE FABRIC FIELD-PROVEN BENEFITS Increased utilization and ROI Create shared resource pools (compute, storage, and data protection) that connect to a common, automated network
More informationThe Next Opportunity in the Data Centre
The Next Opportunity in the Data Centre Application Centric Infrastructure Soni Jiandani Senior Vice President, Cisco THE NETWORK IS THE INFORMATION BROKER FOR ALL APPLICATIONS Applications Are Changing
More informationTaming the Multi-Cloud With Simplicity and Openness. Minh Dang Cisco Systems Vietnam 2018 January
Taming the Multi-Cloud With Simplicity and Openness Minh Dang Cisco Systems Vietnam 2018 January Multi-Cloud Challenge Growth in Applications and Infrastructure Many Operating Env COST Data Center Many
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationCisco Container Platform
Cisco Container Platform Pradnesh Patil Suhail Syed Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationBuild application-centric data centers to meet modern business user needs
Build application-centric data centers to meet modern business user needs Citrix.com Table of contents Meeting current business challenges...3 Device package integration...5 Policy-based service insertion...6
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationSECURING THE MULTICLOUD
SECURING THE MULTICLOUD Bahul Harikumar and Ali Bidabadi Juniper Networks This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice.
More informationCisco ONE Software BRKRST Dan Lohmeyer Senior Director, Software Strategy and Operations
Cisco ONE Software BRKRST-1213 Dan Lohmeyer Senior Director, Software Strategy and Operations Agenda Introduction Enterprise Challenges Cisco ONE Software Conclusion Enterprise Challenges IT Decision Maker
More informationCisco Nexus 1000V InterCloud based Hybrid Cloud Architectures and Approaches
Cisco Nexus 1000V InterCloud based Hybrid Cloud Architectures and Approaches Kapil Bakshi Solutions Architect Session Details - Session Title: Cisco Nexus 1000V InterCloud-based Hybrid Cloud Architectures
More informationEnabling Your Cloud with VMware. Rob Rowe Jason Kuipers
Enabling Your Cloud with VMware Rob Rowe Jason Kuipers Agenda Current trends in IT and virtualization today Understanding the Software-Defined Data Center VMware as Platform for the SDDC Questions Trends
More informationCisco Nexus Data Broker
Data Sheet Cisco Nexus Data Broker Product Overview You used to monitor traffic mainly to manage network operations. Today, when you monitor traffic you can find out instantly what is happening throughout
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationCisco Application Centric Infrastructure Roadshow. Wednesday, 2. April 14
Cisco Application Centric Infrastructure Roadshow Wednesday, 2. April 14 Cisco ACI Roadshow - Agenda Business and IT trends Cisco Open Network Environment (ONE) Lunch Cisco Application Centric Infrastructure
More informationTransforming the Network for the Digital Business
Transforming the Network for the Digital Business Driven by Software Defined Platforms Hugo Padilla Prad Enterprise Networks Digital Acceleration Team CCIE Emeritus #12444 Cisco Forum Kiev, November 14
More informationThe Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec
The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec James Edwards Product Marketing Manager Dan Watson Senior Systems Engineer Disclaimer This session may contain product
More information2012 Cisco and/or its affiliates. All rights reserved. 1
2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access
More informationCisco Virtual Security Gateway Deployment Guide VSG 1.4
Deployment Guide Cisco Virtual Security Gateway Deployment Guide VSG 1.4 Deployment Guide 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 33
More informationDeploying the Cisco ASA 1000V
CHAPTER 2 This chapter includes the following sections: Information About the ASA 1000V Deployment, page 2-1 Downloading the ASA 1000V OVA File, page 2-7 Deploying the ASA 1000V Using the VMware vsphere
More informationNGFWv & ASAv in Public Cloud (AWS & Azure)
& in Public Cloud (AWS & Azure) Anubhav Swami, CCIE# 21208 Technical Marketing Engineer Your Speaker Anubhav Swami answami@cisco.com Technical Marketing Engineer 5 years in Cisco TAC 2 years in ASA BU
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationCisco ACI and Cisco AVS
This chapter includes the following sections: Cisco AVS Overview, page 1 Installing the Cisco AVS, page 5 Key Post-Installation Configuration Tasks for the Cisco AVS, page 14 Distributed Firewall, page
More informationEZ Cloud Reference Material EZ Cloud Type 1: Release 1 Use Cases
EZ Cloud Type 1: Release 1 Cases Cases Case: Onboard New Group Case: a New Basic Project Case: New Virtual Machine Case: New Bare Metal Server Automate the provisioning steps in the compute, storage and
More informationSECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011
SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End
More informationSecuring the Software-Defined Data Center
Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined
More informationEvolution of the Data Center
Cisco on Cisco Evolution of the Data Center Global Cloud Strategy & Tetration John Manville, SVP, Cisco IT Jon Woolwine, Distinguished Engineer, Cisco IT Benny Van de Voorde, Principal Engineer, Cisco
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationOrchestration: Accelerate Deployments and Reduce Operational Risk. Nathan Pearce, Product Development SA Programmability & Orchestration Team
Orchestration: Accelerate Deployments and Reduce Operational Risk Nathan Pearce, Product Development SA Programmability & Orchestration Team Agenda 1 2 3 Industry Trends Customer Journey Use Cases 2016
More informationMulti-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)
Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Jeremy Oakey Senior Director, Technical Marketing and Integrations Agenda Introduction Architecture
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
LHC2103BU NSX and VMware Cloud on AWS: Deep Dive Ray Budavari, Senior Staff Technical Product Manager NSX @rbudavari #VMworld #LHC2103BU Disclaimer This presentation may contain product features that are
More informationVM-SERIES FOR VMWARE VM VM
SERIES FOR WARE Virtualization technology from ware is fueling a significant change in today s modern data centers, resulting in architectures that are commonly a mix of private, public or hybrid cloud
More informationVirtual Tech Update Intercloud Fabric. Michael Petersen Systems Engineer, Cisco Denmark
Virtual Tech Update Intercloud Fabric Michael Petersen Systems Engineer, Cisco Denmark michaep2@cisco.com Agenda Introduction Intercloud and Intercloud Fabric Intercloud Fabric - New Features Intercloud
More informationCisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco
Cisco Campus Fabric Introduction Vedran Hafner Systems engineer Cisco Campus Fabric Abstract Is your Campus network facing some, or all, of these challenges? Host Mobility (w/o stretching VLANs) Network
More informationMulti-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)
Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Jeremy Oakey - Sr. Director, Technical Marketing & Integrations BRKCLD-2008 Agenda Introduction Architecture
More information"Charting the Course... Designing Cisco Data Center Infrastructure (DCID) Course Summary
Course Summary Description v6.0 is a five-day instructor-led course that focuses on data center design based on Cisco solutions. The course includes theoretical content, as well as design oriented case
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationCloud, SDN and BIGIQ. Philippe Bogaerts Senior Field Systems Engineer
Cloud, SDN and BIGIQ Philippe Bogaerts Senior Field Systems Engineer Virtual Editions TMOS/LTM 12.0 Highlights 1 NIC support Azure Marketplace Kernel Independent driver Enhanced Hypervisor support F5 Networks,
More informationCisco Integrated Services Virtual Router
Data Sheet Cisco Integrated Services Virtual Router The Cisco Integrated Services Virtual Router (ISRv) is a virtual form-factor Cisco IOS XE Software router that delivers comprehensive WAN gateway and
More informationStop Cyber Threats With Adaptive Micro-Segmentation. Chris Westphal Head Of Product Marketing
Stop Cyber Threats With Adaptive Micro-Segmentation Chris Westphal Head Of Product Marketing Agenda Why Are We Here? What Is Adaptive Micro-Segmentation? How Adaptive Micro-Segmentation Is Used Why Visibility
More informationCisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany
Cisco Cloud Strategy Uwe Müller Leader PreSales Cloud & Datacenter Germany 277X Data created by IoE devices v. end-user 30M New devices connected every week 180B Mobile apps downloaded in 2015 78% Workloads
More informationAdvanced CSR Lab with High Availability and Transit VPC
Advanced CSR Lab with High Availability and Transit VPC Fan Yang, Cisco, Engineer, Technical Marketing Nikolai Pitaev, Cisco, Engineer, Technical Marketing LTRVIR-3004 Agenda Slides (30 Min.): CSR 1000V
More informationCisco Designing the Cisco Cloud (CLDDES) Download Full version :
Cisco 300-465 Designing the Cisco Cloud (CLDDES) Download Full version : http://killexams.com/pass4sure/exam-detail/300-465 out from the VM. F. Operates by allocating disk storage space in a flexible manner
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
MMC1532BE Using VMware NSX Cloud for Enhanced Networking and Security for AWS Native Workloads Percy Wadia Amol Tipnis VMworld 2017 Content: Not for publication #VMworld #MMC1532BE Disclaimer This presentation
More informationExtending Enterprise Security to Multicloud and Public Cloud
Extending Enterprise Security to Multicloud and Public Cloud Paul Kofoid Sr. Consulting Engineer: Security & Cloud This statement of direction sets forth Juniper Networks current intention and is subject
More informationData Center 3.0: Transforming the Data Center via the Network
Data Center 3.0: Transforming the Data Center via the Network Douglas A. Gourlay Senior Director - Data Center Solutions Group Peter Linkin Marketing Manager - Data Center Architecture August 1, 2007 1
More information