Identity-Defined Networking. TDDD17, LiU
|
|
- Claud Douglas
- 5 years ago
- Views:
Transcription
1 Identity-Defined Networking Andrei Gurtov IDA, Linköping University Erik Giesa, Marc Kaplan TemperedNetworks TDDD17, LiU
2 Contents Traditional Networking: Challenging and Complex Identity-Defined Networking (IDN): A New Approach for Unified Secure Networking and Mobility Host Identity Protocol (HIP) Centralized Orchestration Secure Networking Made Simple Value From New Identity Networking Paradigm
3 Traditional Networking is Complex, Costly and Fragile Data Center Users Data Center Network & Security Management Remote Vendor IT Intranet IT Intranet Cellular Network Data Center Remote Worker Remote Site 4 Corporate Network Site 1 Site 3
4 And is Simply Not Sustainable Policies tied to IP addresses VPN access controls for each network Complex firewall and networking rule sets VLANs and access control lists (ACLS) overhead Fragile DNS and routing updates for failover per device
5 Problem: The Singular Root Defect that affects all IP security and networking Corporate Network & Resources IP Addresses are used as Network and Device Identity Hacker reconnaissance & fingerprinting via TCP/IP stack Listening TCP/UDP service ports All networking and security products use IP addresses for policy Large Attack Surface IP, TCP/UDP Attacks: every connected thing is an entry point East / West lateral movement ACLs and VLANs segmentation Lack of Mobility and Instant Failover Policies tied to IP - creates inflexible mobility IP conflicts DNS TTL and Routing Convergence Delays Networking and Security Costs Field Technicians Many distributed, complex VLAN, ACL, VPN, firewall policies Remote Employees Controlling network routing IPsec VPN cert management, connection limitations, failover issues Expense of next-gen firewalls deployed on interior Device 20 Device Device 10 Device 11 Device WAN / LAN Device 30 Device 31 Device Remote Unmanaged Network Remote Site Managed Network
6 The Ideal Solution Integrates networking and identity from the start Can be easily managed from a centralized location Provisions networks and resources rapidly Allows instant segment, revoke, or quarantine
7 Identity-Defined Networking (IDN) Unified Networking & Security Securely connect any resource, anytime, anywhere. Connect & protect resources globally Unparalleled TCO Dramatically reduced business risk Controlled & verifiable access Simple & provable compliance auditing CRYPTOGRAPHIC IDENTITIES SOFTWARE- DEFINED SEGMENTATION AUTOMATED ORCHESTRATION HOST IDENTITY NAMESPACE ENCRYPTED FABRIC DEVICE- BASED TRUST
8 Host Identity Protocol (HIP) Under development at Internet Engineering Task Force (IETF) from 2004 Verizon, Ericsson, Boeing, HIPv2 is approved as IETF standard RFC7401 in 2015 My role: Co-chairing Host Identity Protocol Research Group at IRTF ( ) Co-authoring HIP Experiment Report (RFC6538) White paper s/host-identity-protocol-dr-andrei-gurtov/ Wiley book, 332p, 2008 Open-source code in HIPL, OpenHIP Dozens of papers on various aspects of HIP architecture
9 Identity-Defined Networking (IDN) at a Glance
10 Globally Unique and Locally Unique Identifiers Host Identity Tag (HIT) Compatible with IPv6 address Statistically unique Probability of collisions is negligible Host Identity Host Identity Tag Private Key Public Key 128 Bit One-way Hash Local Scope Identity (LSI) Compatible with IPv4 address Probability of collisions is significant Restricted to local scope Local Scope Identifier 32 Bit Last Digits 10
11 HIP in the Communication Stack... HI TCP / UDP Transport Layer IPsec HIP HIP Payload IP IP IP Control Network Layer... 11
12 How IDN Fabric Overlays Existing Infrastructure Conductor Serves as device identity authority where trust-based policies are distributed to all HIP (Host Identity Protocol) Services HIPserver HIPswich Application Server Device A Device B IDN-Fabric (Trusted) Public / Shared Network (Untrusted)
13 Secure Networking Made Simple Global Orchestration and Network Provisioning Trust-Based Unique Cryptographic Identities (CID) Host Identity Namespace - Global IP Mobility Dynamic Device-Based Traffic Management Instant Failover Automated (API-driven) or Manual Control Prevent IP Address Spoofing and MiTM attacks Assign IDN Endpoints and Networks an Identity Encrypted Fabric Extends all the Way to IDN Endpoints
14 The Cure to IT Complexity Visual Orchestration Simplifies, Reduces Complexity & Errors Reduces OpEx as much as 90% Unified single-pane-of-glass management Rapid point and click trust-based segmentation Centralized governance, compliance, and policy enforcement Build secure segmented networks instantly Eliminate errors caused by complexity Faster and most cost-effective failover Simplified auditing and access control
15 A New Identity Networking Paradigm Made Simple Unique Host Identity Approach Host Identity Protocol (HIP): IETF ratified April 2015 True SDN overlay little to no changes to network, security, or applications Unshackles IP from serving as identity - frees IT from complexity In production since 2006 Rapid Provisioning, Revocation, IP Mobility and Failover Effortless segmentation & cloaking One-click orchestration to connect, disconnect, move or failover any thing Less than 1 second failover between any IDN endpoint Build ID overlays (IDOs) on-demand based on situation Significantly Reduced Attack Surface No trust? No connectivity. No communication. No data. VLAN segmentation traversal is now impossible. Based on explicit device trust- all systems are invisible 2048 bit Identity-Based connectivity, AES 256 encryption by default Lower Costs, Simpler Environment CapEx and OpEx decrease Eliminate or reduce interior next-gen firewalls, VPNs, complex policies, ACLs, VLAN complexity, cert mngt Field Technicians Remote Employees HIPclient Conductor Device 20 Device PROTECTED, SEGMENTED, ENCRYPTED, & MOBILE CLOAKED, SEGMENTED & MOBILE Corporate Network & Resources Device 10 Device 11 Device WAN / LAN Device 30 Device 31 Device Remote Site Networks & Resources CLOAKED, SEGMENTED, & MOBILE HIPswitch
16 The New Identity Networking Paradigm Creates Tremendous Value Reduce networking and resource provisioning time up to: Increase in network and security team productivity Decrease IT CapEx and OpEx costs up to: Make 100% of your connected IP resources invisible 97% 25% 25% 100%
17 The New Identity Networking Paradigm Creates Tremendous Value Reduce attack surface up to: 90% Improve time to mitigation, revocation, and quarantine up to: 25% Decrease failover and disaster recovery times to as little as: 25%
18 Reduce Deployment Time BEFORE TEMPERED AFTER TEMPERED Week 7 Week 6 Week 5 Go Live! Implementation Review and Sign-Off by InfoSec Implementation of Design by Network Ops Deployment time reduced by Week 4 Approval of Design by InfoSec Week 3 Design Submitted to InfoSec for review and approval 97% Week 2 Design for Routing, Firewall, VPN, and Switching Policies Week 1 Ticket submitted to Network IT for new resources addition to corporate network. Ticket submitted to Network IT for new resource. Resource added with explicit trust relationships, segmentation and encryption. Verified by InfoSec. Day 1
19 Increase Productivity Focus on new network designs and policies that improve quality of service, monitoring and uptime. 25% Spend time on what really matters instead of crawling through access logs, ACLs, and checking FW rules. Increase in network and security team productivity Nearly instantly provision and revoke new services, and verify/test disaster recovery and failover.
20 Decrease IT Expenditures BEFORE TEMPERED AFTER TEMPERED VPN 25% Switch Firewall Decreased IT CapEx and OpEx costs Server HIPswitch
21 Make 100% of Connected IP Resources Invisible BEFORE TEMPERED Users Data Center Network & Security Management Tempered Networks is the only technology based on the new identity networking paradigm enabled by the Host Identity Protocol (HIP). IT Intranet Cellular Network Remote Vendor No other solution on the market can cloak as effectively. Remote Worker Remote Site 4 Corporate Network No other vendor can be deployed as easily across physical, virtual, and cloud networks. Site 1 Site 3
22 Reduce Attack Surface BEFORE TEMPERED AFTER TEMPERED Up to: 90%
23 Improve Time to Mitigation, Revocation, and Quarantine By: 50% Revocation of any resource within the IDN fabric is one click, or an automated API call, and happens instantly The alternative is to check all VPNs, Firewalls rules, ACLs, and other policies to ensure that system is in fact quarantined or revoked Time to mitigation, revocation, and quarantine is improved
24 Decrease Failover and Disaster Recovery Time To as little as: 1ms Every IDN endpoint or HIP Service is based on unique host identities, therefor failover can be applied from an entire datacenter (represented as a unique host identity), or to a server (represented as a unique host identity). If one goes down in the IDN fabric, a simple API automated or manual update to the mesh telling all things that are communicating to it, to failover instantly to it s backup in another pre-defined IDO Failover and Disaster Recovery times reduced to as little as one millisecond.
25 USE CASE SECTION
26 Use Cases SEGMENTED (QUARANTINED) VENDOR NET EFFORTLESS SEGMENTATION, ENCRYPTION, AND IP MOBILITY NETWORK VIRTUALIZATION & ORCHESTRATION - RAPID PROVISIONING SECURE MACHINE TO MACHINE COMMUNICATION NETWORK AND IP RESOURCE CLOAKING CLOAK AND PROTECT LEGACY SYSTEMS INSTANT DISASTER RECOVERY, REVOCATION & QUARANTINE
NETWORKING 3.0. Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING. Remarkably Simple
NETWORKING 3.0 Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING Highly Available Remarkably Simple Radically Secure IP complexity is holding your business back As
More informationA Better Way to Connect and Protect Industrial Control Systems and Assets
A Better Way to Connect and Protect Industrial Control Systems and Assets Easily and instantly authorize, connect, cloak, and disconnect any resource, anywhere, anytime Introduction Today s industrial
More informationHIPrelay Product. The Industry's First Identity-Based Router Product FAQ
HIPrelay Product The Industry's First Identity-Based Router Product FAQ Q. What is the HIPrelay? The HIPrelay is an identity-based router that seamlessly extends identity-defined micro-segments (IDMS)
More informationSimple and secure PCI DSS compliance
Simple and secure PCI DSS compliance Get control over PCI audit scope while dramatically improving security posture Decrease IT CapEx and OpEx costs by 25% Reduce PCI compliance time by up to 30% Reduce
More informationSimple and Secure Micro-Segmentation for Internet of Things (IoT)
Solution Brief Simple and Secure Micro-Segmentation for Internet of Things (IoT) A hardened network architecture for securely connecting any device, anywhere in the world Tempered Networks believes you
More informationIdentity-Defined Networking from Tempered Networks
ESG Lab Review Identity-Defined Networking from Tempered Networks Date: July 2017 Author: Kerry Dolan and Tony Palmer, Senior Validation Analysts Enterprise Strategy Group Getting to the bigger truth.
More informationDelivering the Wireless Software-Defined Branch
Delivering the Wireless Software-Defined Branch By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Cradlepoint Executive Summary Operations at the branch, critical to many distributed organizations,
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Efficient, Agile and Extensible Software-Defined Networks and Security WHITE PAPER Overview Organizations worldwide have gained significant efficiency and
More informationIntroducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN
Avaya-FatPipe Solution Overview Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN The Avaya SDN-Fx and FatPipe Networks solution provides a fabric-based SDN architecture for simplicity
More informationCloud Security Best Practices
Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal
More informationData Center Virtualization Q&A
Data Center Virtualization Q&A Q What's driving the need for data center virtualization? A We know that if business continuity is a key objective of an organization, it means that operations are up and
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationLink Security Considerations in the. Enterprise
Link Security Considerations in the Mahalingam Mani 1 Security in Brief Point Security System Protection: beyond standards Servers upto application level Layer 2 & 3 Network Devices Perimeter Protection
More informationNo compromises for secure SCADA Communications even over 3rd Party Networks
No compromises for secure SCADA Communications even over 3rd Party Networks The Gamble of Using ISP Private Networks How to Stack the Odds in Your Favor Standards Certification Education & Training Publishing
More informationTitle DC Automation: It s a MARVEL!
Title DC Automation: It s a MARVEL! Name Nikos D. Anagnostatos Position Network Consultant, Network Solutions Division Classification ISO 27001: Public Data Center Evolution 2 Space Hellas - All Rights
More informationShift CAPEX to OPEX. With an Expedient On-Site Private Cloud
Shift CAPEX to OPEX With an Expedient On-Site Private Cloud www.expedient.com P. 877-570-7827 Expedient now offers an agile, On-Site Private Cloud to help you shift CAPEX to OPEX, enable a hybrid cloud
More informationImprove Existing Disaster Recovery Solutions with VMware NSX
Improve Existing Disaster Recovery Solutions with VMware NSX Kevin Reed Sr Manager, VMware Federal Networking & Security Team kreed@vmware.com 703.307.3253 Don Poorman Manager Solutions Enginering Govplace
More informationUnity EdgeConnect SP SD-WAN Solution
As cloud-based application adoption continues to accelerate, geographically distributed enterprises increasingly view the wide area network (WAN) as critical to connecting users to applications. As enterprise
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationThe Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an
Solution Overview Cisco ACI and AlgoSec Solution: Enhanced Security Policy Visibility and Change, Risk, and Compliance Management With the integration of AlgoSec into the Cisco Application Centric Infrastructure
More informationHost Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6
Host Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6 by Pekka Nikander, Andrei Gurtov, and Thomas R. Henderson Johannes Bachhuber Jacobs University
More informationWHITE PAPER ARUBA SD-BRANCH OVERVIEW
WHITE PAPER ARUBA SD-BRANCH OVERVIEW June 2018 Table of Contents Overview of the Traditional Branch...1 Adoption of Cloud Services...1 Shift to the Internet as a Business Transport Medium...1 Increasing
More informationHIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationCisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018
Cisco SD-WAN Intent-based networking for the branch and WAN Carlos Infante PSS EN Spain March 2018 Aug-12 Oct-12 Dec-12 Feb-13 Apr-13 Jun-13 Aug-13 Oct-13 Dec-13 Feb-14 Apr-14 Jun-14 Aug-14 Oct-14 Dec-14
More informationOvercoming Business Challenges in WAN infrastructure
White paper Overcoming Business Challenges in WAN infrastructure A CIO s perspective on network infrastructure The Cisco SD-WAN solution is a cloud-delivered overlay WAN architecture that enables digital
More informationCorente Cloud Services Exchange
Corente Cloud Services Exchange Oracle s Corente Cloud Services Exchange (Corente CSX) is a cloud-based service that enables distributed enterprises to deliver trusted IPSec VPN connectivity services to
More informationRedefining Networking with Network Virtualization
WHITE PAPER Redefining Networking with Network ization Why Networking Is Ripe for a Change Table of Contents Overcoming the Obstacle Blocking the Benefits of a Hybrid Cloud... 3 What Is Network ization?...4
More informationTHE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017
THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017 The Network. Intuitive. Constantly learning, adapting and protecting. L E A R
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationIngate SIParator /Firewall SIP Security for the Enterprise
Ingate SIParator /Firewall SIP Security for the Enterprise Ingate Systems Ingate Systems AB (publ) Tel: +46 8 600 77 50 BACKGROUND... 1 1 NETWORK SECURITY... 2 2 WHY IS VOIP SECURITY IMPORTANT?... 3 3
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationNETWORK VIRTUALIZATION THE STORY OF SDN/NFV, NUAGE, DATACENTERS, VCPE
NETWORK VIRTUALIZATION THE STORY OF SDN/NFV, NUAGE, DATACENTERS, VCPE Roland Thienpont September 2014 CONSTRAINT CONSTRAINT CONSTRAINT Access & Capacity Static Networks Cost, Risk in Innovation CONSTRAINT
More informationMicrosoft Certified Solutions Associate (MCSA)
Microsoft Certified Solutions Associate (MCSA) Installing and Configuring Windows Server 2012 (70-410) Module 1: Deploying and Managing Windows Server 2012 Windows Server 2012 Overview Overview of Windows
More informationDeliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps
Use Case Brief Deliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps Overview Cloud-hosted collaboration and productivity suites
More informationSOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE
SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE March 2018 Table of Contents Introduction...1 Design...2 Use Cases...2 Underlay...3 Overlay...3 Dynamic Segmentation...3 Non-Stop Networking...4 Summary...5
More informationCisco SD-WAN and DNA-C
Cisco SD-WAN and DNA-C SD-WAN Cisco SD-WAN Intent-based networking for the branch and WAN 4x Improved application experience Better user experience Deploy applications in minutes on any platform with consistent
More informationSecuring Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.
Securing Amazon Web Services (AWS) EC2 Instances with Dome9 A Whitepaper by Dome9 Security, Ltd. Amazon Web Services (AWS) provides business flexibility for your company as you move to the cloud, but new
More informationProduct Brochure Secure Connectivity for Critical Infrastructure
Device Secure Channel HIPswitch -200 Shared HIPswitch Secure Channel -100 Device 100SNR1.0 / Page 1 Product Overview The Tempered s product line provides a centrally managed security appliance solution
More informationBenefits of SD-WAN to the Distributed Enterprise
WHITE PAPER Benefits of SD-WAN to the Distributed Enterprise 1 B enefits of SD-WAN to the Distributed Enterprise Branch Networking Today More Bandwidth, More Complexity Branch or remote office network
More informationMCSA Windows Server 2012
MCSA Windows Server 2012 This Training Program prepares and enables learners to Pass Microsoft MCSA: Windows Server 2012 exams 1. MCSA: Windows Server 2012 / 70-410 Exam (Installing and Configuring Windows
More informationHow to Create a TINA VPN Tunnel between F- Series Firewalls
How to Create a TINA VPN Tunnel between F- Series Firewalls As the TINA protocol offers significant advantages over IPsec, it is the main protocol that is used for VPN connections between F-Series Firewalls.
More informationAND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING
PROTECTING BANKING AND FINANCIAL INSTITUTIONS FROM CYBER FRAUD Enabling the financial industry to become proactively secure and compliant Overview In order to keep up with the changing digital payment
More informationNetwork Virtualization Business Case
SESSION ID: GPS2-R01 Network Virtualization Business Case Arup Deb virtual networking & security VMware NSBU adeb@vmware.com I. Data center security today Don t hate the player, hate the game - Ice T,
More informationHALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.
HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD Automated PCI compliance anytime, anywhere. THE PROBLEM Online commercial transactions will hit an estimated
More informationMAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationMCSA Windows Server 2012
MCSA Windows Server 2012 This course is developed for IT professionals who need to design, plan, implement, manage and support Microsoft Windows 2012 networks or who plan to take the related MCSE and MCSA
More informationThe Business Case for Network Segmentation
Modern network segmentation to reduce risk and cost Abstract Modern network segmentation, also known as microsegmentation, offers a new way of managing and securing your network, offering tremendous benefits
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationHow Security Policy Orchestration Extends to Hybrid Cloud Platforms
How Security Policy Orchestration Extends to Hybrid Cloud Platforms Reducing complexity also improves visibility when managing multi vendor, multi technology heterogeneous IT environments www.tufin.com
More informationMicrosoft Certified Solutions Expert (MCSE)
Microsoft Certified Solutions Expert (MCSE) Installing and Configuring Windows Server 2012 (70-410) Module 1: Deploying and Managing Windows Server 2012 Windows Server 2012 Overview Overview of Windows
More informationQualys Cloud Platform
Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new
More informationCato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief
Cato Cloud Software-defined and cloud-based secure enterprise network Solution Brief Legacy WAN and Security Appliances are Incompatible with the Modern Enterprise Cato Networks: Software-defined and Cloud-based
More informationUnity EdgeConnect SD-WAN Solution
ENTERPRISE Unity EdgeConnect SD-WAN Solution As cloud-based application adoption continues to accelerate, geographically distributed enterprises increasingly view the wide area network (WAN) as critical
More informationTEMPERED NETWORKS IDENTITY-DEFINED NETWORKING PLATFORM COMPLIANCE WITH PCI DSS V3.2
W H I T E P A P E R J U N E 2 0 1 7 TEMPERED NETWORKS IDENTITY-DEFINED NETWORKING PLATFORM COMPLIANCE WITH PCI DSS V3.2 PRODUCT APPLICABILIT Y GUIDE TO ASSIST IN SUPPORTING PAYMENT CARD INDUSTRY DATA SECURI
More informationSecuring VMware NSX MAY 2014
Securing VMware NSX MAY 2014 Securing VMware NSX Table of Contents Executive Summary... 2 NSX Traffic [Control, Management, and Data]... 3 NSX Manager:... 5 NSX Controllers:... 8 NSX Edge Gateway:... 9
More informationTen things hyperconvergence can do for you
Ten things hyperconvergence can do for you Francis O Haire Director, Technology & Strategy DataSolutions Evolution of Enterprise Infrastructure 1990s Today Virtualization Server Server Server Server Scale-Out
More informationOpengear Technical Note
) 0 FO U N D Y FastIron Workgroup X N E T WO R K S C o n s o le L in k 0 P o w e r F F F F 0 0 0 0 0 0 S Y T R P S S T A T D U P L X S P E E D M O D E 0 0 -Port Standard KVM Switch Model B00-00 0 0 C at
More informationSECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON
White Paper SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON Abstract This white paper explains the benefits to the extended enterprise of the on-premise, online file sharing storage
More informationFLEXIBLE NETWORK SERVICES TO DRIVE YOUR ENTERPRISE AT CLOUD SPEED. Solution Primer
FLEXIBLE NETWORK SERVICES TO DRIVE YOUR ENTERPRISE AT CLOUD SPEED Solution Primer ABSTRACT Software Defined Networking (SDN) has delivered significant benefits to datacenter networks, making it possible
More informationDeliver Office 365 Without Compromise
USE CASE BRIEF Deliver Office 365 Without Compromise Ensure successful deployment and ongoing manageability of Office 365 and other SaaS apps Cloud-hosted collaboration and productivity suites like Office
More informationProduct Brief. Circles of Trust.
Product Brief Circles of Trust www.cryptomill.com product overview Circles of Trust is an enterprise security software system that eliminates the risks associated with data breaches from a hacker attack
More informationMinfy MS Workloads Use Case
Contents Scope... 3 About CUSTOMER... Error! Bookmark not defined. Use Case Description... 3 Technical Stack... 3 AWS Architecture... Error! Bookmark not defined. AWS Solution Overview... 4 Risk Identified
More informationTransform your network and your customer experience. Introducing SD-WAN Concierge
Transform your network and your customer experience Introducing SD-WAN Concierge Optimize your application performance, lower your total cost of ownership and simplify your network management. 2X Bandwith
More informationAspirin as a Service: Using the Cloud to Cure Security Headaches
SESSION ID: CSV-T10 Aspirin as a Service: Using the Cloud to Cure Security Headaches Bill Shinn Principle Security Solutions Architect Amazon Web Services Rich Mogull CEO Securosis @rmogull Little. Cloudy.
More informationA Unified Threat Defense: The Need for Security Convergence
A Unified Threat Defense: The Need for Security Convergence Udom Limmeechokchai, Senior system Engineer Cisco Systems November, 2005 1 Agenda Evolving Network Security Challenges META Group White Paper
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationWindows Server Security Guide
Windows Server Security Guide August 2017 Contents Windows Server 2016 Security Guide... 3 Why is Windows Server 2016 security important?... 3 How does Windows Server 2016 help prevent and detect compromise?...
More informationSimplifying the Branch Network
Simplifying the Branch Network By: Lee Doyle, Principal Analyst at Doyle Research Sponsored by Aruba, a Hewlett Packard Enterprise company Executive Summary A majority of IT organizations are experiencing
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationW H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud
W H I T E P A P E R : O P E N. V P N C L O U D Implementing A Secure OpenVPN Cloud Platform White Paper: OpenVPN Cloud Platform Implementing OpenVPN Cloud Platform Content Introduction... 3 The Problems...
More informationThe Data Protection Rule and Hybrid Cloud Backup
The 3-2-1 Data Protection Rule and Hybrid Cloud Backup IT teams are under extreme pressure to improve backup, disaster recovery and data protection to eliminate downtime and facilitate digital transformation.
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationFROM A RIGID ECOSYSTEM TO A LOGICAL AND FLEXIBLE ENTITY: THE SOFTWARE- DEFINED DATA CENTRE
FROM A RIGID ECOSYSTEM TO A LOGICAL AND FLEXIBLE ENTITY: THE SOFTWARE- DEFINED DATA CENTRE The demand for cloud infrastructure is rapidly increasing, the world of information is becoming application and
More informationSOLUTIONS FOR FEDERAL NETWORKS SECURE CONTROL ANALYZE
SOLUTIONS FOR FEDERAL NETWORKS SECURE CONTROL ANALYZE Who We Are and What We Do Infoblox has been delivering solutions to the federal government since 2000 with a keen focus on network services DNS, DHCP,
More informationMCSA: Windows Server MCSA 2016 Windows 2016 Server 2016 MCSA 2016 MCSA : Installation, Storage, and Compute with Windows Server 2016
indows Server 2016 MCSA 2016 MCSA: Windows Server MCSA 2016 Windows 2016 Server 2016 MCSA 2016 MCSA 2016 70-740: Installation, Storage, and Compute with Windows Server 2016 70-741: Networking with Windows
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationThe Top 10 Reasons to Replace Your Branch Router with SD-WAN. An ebook presented by Silver Peak Systems
The Top 10 Reasons to Replace Your Branch Router with SD-WAN An ebook presented by Silver Peak Systems MODERN ENTERPRISES RUN IN THE CLOUD. TRADITIONAL ROUTER-CENTRIC WAN ARCHITECTURES WEREN T DESIGNED
More informationBenefits of Extending your Datacenters with Amazon Web Services
Benefits of Extending your Datacenters with Amazon Web Services Xavier Prélat Business Development Manager @aws_actus How did Amazon.. get into cloud computing? What is AWS? Amazon Web Services offers
More informationGet Your Datacenter SDN Ready. Ahmad Chehime Cisco ACI Strategic Product Sales Specialist SPSS Emerging Region
Get Your Datacenter SDN Ready Ahmad Chehime Cisco ACI Strategic Product Sales Specialist SPSS Emerging Region AGENDA Data Center Trends, Priorities, Concerns What Problems Are we Trying to Solve? Cisco
More informationTotal Cost of Ownership: Benefits of ECM in the OpenText Cloud
Total Cost of Ownership: Benefits of ECM in the OpenText Cloud OpenText Managed Services brings together the power of an enterprise cloud platform with the technical skills and business experience required
More informationSoftware-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017
Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017 Traditional Ethernet Challenges Plug-and-play Allow all ROOT D D D D Nondeterministic Reactive failover Difficult
More informationCreating VPN s with IPsec
2014 Creating VPN s with IPsec SPRING ENTERPRISE INFO SECURITY 4040/601 WILSON CHANCE HINCHMAN This paper will define the term VPN, explain for what and why VPNs are used. IPsec, which is vital to the
More informationTotal Cost of Ownership: Benefits of the OpenText Cloud
Total Cost of Ownership: Benefits of the OpenText Cloud OpenText Managed Services in the Cloud delivers on the promise of a digital-first world for businesses of all sizes. This paper examines how organizations
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationCTO PoV: Enterprise Networks (Part 2) Security for IoT & Cloud
CTO PoV: Enterprise Networks (Part 2) Security for IoT & Cloud Khalid Raza CTO & Co-Founder Viptela khalid@viptela.com Danny Johnson Director, Product Marketing Verizon daniel.johnson@verizonwireless.com
More informationMcAfee Virtual Network Security Platform
McAfee Virtual Network Security Platform Complete threat detection for cloud networks McAfee Virtual Network Security Platform is a complete network threat and intrusion prevention system (IPS) solution
More informationJOURNEY TO YOUR CLOUD. Mika Kotro Sales Development EMC Deutschland GmbH. Copyright 2012 EMC Corporation. All rights reserved.
1 JOURNEY TO YOUR CLOUD Mika Kotro Sales Development EMC Deutschland GmbH 2 The Journey To Your Cloud: Infrastructure Private Cloud Is A Logical First Step Enterprise IT Complex Trusted Controlled Expensive
More informationMicrosoft Certified System Engineer
529 Hahn Ave. Suite 101 Glendale CA 91203-1052 Tel 818.550.0770 Fax 818.550.8293 www.brandcollege.edu Microsoft Certified System Engineer Program Summary This instructor-led program with a combination
More informationTransform your network and your customer experience. Introducing SD-WAN Concierge
Transform your network and your customer experience Introducing SD-WAN Concierge Optimize your application performance, lower your total cost of ownership and simplify your network management. 2X Bandwith
More informationVersa Software-Defined Solutions for Service Providers
PRODUCT BRIEF Software-Defined Solutions for Service Providers Transformative solutions to increase growth and value The Service Provider industry has seen an incredible amount of disruption due to NFV
More informationEXTENSIBLE WIDE AREA NETWORKING
EXTENSIBLE WIDE AREA NETWORKING Leverage Software Defined Networking to deliver flexible network services to branch offices @nuagenetworks Your clients and end users want instant access to their chosen
More informationVirtualized Network Services SDN solution for enterprises
Virtualized Network Services SDN solution for enterprises Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise s locations
More informationNext Generation Privilege Identity Management
White Paper Next Generation Privilege Identity Management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep
More informationEvolved Backup and Recovery for the Enterprise
Evolved Backup and Recovery for the Enterprise with Asigra technology Working gives me confidence in my data protection plan. I know that if I ever need to restore, it will take a few minutes rather than
More informationTNC EVERYWHERE. Pervasive Security
TNC EVERYWHERE Pervasive Security TNC interfaces enable dynamic differentiation and access control enforcement for a wide variety of users in mixed-use environments. Policy Enforcement Employee (Stock
More informationTakes 3-6 Months to Deploy. MPLS connections take 3-6 months to be up and running in some remote locations. Incurs Significantly High Costs
SOLUTION BRIEF Aryaka Global SD-WAN The Ultimate MPLS Replacement Not built for Cloud/SaaS applications MPLS provides almost negligible access and connectivity to Cloud/SaaS based applications. Direct
More information