SDN Security BRKSEC Alok Mittal Security Business Group, Cisco
|
|
- Reynard Harmon
- 6 years ago
- Views:
Transcription
1
2 SDN Security Alok Mittal Security Business Group, Cisco
3 Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined Networking (SDN) offers a way to respond to attacks with the speed of the network: tying together the visibility provided by the network, and the control provided by SDN, with intelligent automation. This breakout session is targeting Network and Security professionals looking for how SDN can improve their network security architecture.
4 Agenda Introduction to Current Security Challenges Introduction to Software Defined Networking Bringing the two together How SDN can help in solving security challenges SDN Security Components Securing SDN 4
5 Introduction to Security Challenges 5
6 MOBILITY CLOUD THREAT 2013 Cisco and/or its affiliates. All rights reserved. Cisco Internal Use 6
7 Any Device to Any Cloud PUBLIC CLOUD HYBRID CLOUD PRIVATE CLOUD
8 The Threat Landscape is Evolving Enterprise Response Antivirus (Host- Based) IDS/IPS (Network Perimeter) Reputation (Global) and Sandboxing Intelligence and Analytics (Cloud) Worms Spyware and Rootkits APTs Cyberware Increased Attack Surface Tomorrow
9 The Security Problem Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation
10 The New Security Model Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous
11 BEFORE DURING AFTER Policy Access Control Netflow, Log, and DNS Monitoring Content Inspection Threat Analytics Behaviour Anomaly Detection Contain Fix
12 Manual Security Processes AFTER DURING BEFORE
13 SDN Automation: the Speed of the Network AFTER DURING Threat Analytics BEFORE Control Visibility
14 Brief Introduction to SDN 14
15 Introduction to Software Defined Networking (SDN)? Many Definitions Openflow Controller Openstack Overlays Network virtualisation Automation APIs Application oriented Virtual Services Open vswitch
16 Software Defined Networking (SDN) Controller Spine Nodes Spine FC 1 Spine FC 2 Spine FC 3 Spine FC 4 Spine FC 5 Supervisor - Control Fabric Cards - Forwarding Line Cards - Services Leaf LC 1 Leaf LC 2 Leaf LC 3 Leaf LC 4 Leaf LC 5 Leaf LC 6 Leaf LC 7 Leaf LC 8 Leaf LC 9 Leaf LC 10 Leaf LC 11 Leaf LC 12 Leaf LC 13 Leaf LC 14 Leaf LC 15 Leaf LC 16 Leaf Nodes Cisco Confidential
17 Basic Definitions What Is Software Defined Network (SDN)? In the SDN architecture, the control and data planes are decoupled, network intelligence and state are logically centralised, and the underlying network infrastructure is abstracted from the applications Note: SDN is not mandatory for network programmability nor automation Source: What is OpenStack? Opensource software for building public and private Clouds; includes Compute (Nova), Networking (Quantum) and Storage (Swift) services. Note: Applicable to SDN and non-sdn networks Source: What Is OpenFlow? Open protocol that specifies interactions between de-coupled control and data planes Note: OF is not mandatory for SDN Note: North-bound Controller APIs are vendor-specific What is Overlay Network? Overlay network is created on existing network infrastructure (physical and/or virtual) using a network protocol. Examples of overlay network protocol are: GRE, VPLS, OTV, LISP and VXLAN Note: Applicable to SDN and non-sdn networks
18 Basic Architecture in all Models 18
19 Key SDN Goals and Concepts There is a controller than centralises network configuration and attempts to makes networks easier to provision and configure Network intelligence and state are logically centralised, and the underlying network infrastructure is abstracted from the applications Enables automation - to better able to respond to the changing needs of business applications and users Examples - Network topology changes can be made without manually reconfiguring network devices Based on application requirements, virtual networks can be created Security controls do not have to physically exist at a particular network location
20 Network Programmability Network Monitoring Bandwidth Management Load Balancing
21 Network Programmability Network Monitoring Bandwidth Management Load Balancing SNMP CLI NetFlow
22 Network Programmability Network Monitoring Bandwidth Management Load Balancing SNMP CLI NetFlow Heterogeneous devices Inconsistent data models :-(
23 Network Programmability Network Monitoring Bandwidth Management Load Balancing Programmatic Interfaces onepk
24 Network Programmability Network Monitoring Bandwidth Management Load Balancing Programmatic Interfaces onepk Multiple topology models No policy resolution :-(
25 Network Programmability Network Monitoring Bandwidth Management Load Balancing Programmatic Interface Controller onepk OpenFlow
26 Network Programmability Network Monitoring Bandwidth Management Load Balancing Programmatic Interface Controller Topological awareness onepk OpenFlow Policy resolution :-)
27 Cisco SDN Solves challenging next generation customer problems in Data Centre, Access and WAN Provide network wide abstraction Provide Business Agility so customer can roll out new applications and services quickly and cost effectively Automate infrastructure provisioning based on application policy profiles Secure multi-tenancy with centralised compliance and auditing Provide Open APIs for integration with existing systems and enabling a vast ecosystem of partners
28 Cisco Controllers Open Day Light (ODL) Open Source OpenFlow onepk
29 Credit: The Open DayLight Project, Inc.
30 Cisco Controllers Open Day Light (ODL) Application Policy Infrastructure Controller (APIC) Open Source OpenFlow onepk Application Centric Infrastructure Fabric Physical, Virtual, and Cloud Open APIs OpenStack
31 Programmability Across Multiple Controllers Datacentre ODL Controller APIC Controller App App
32 Programmability Across Multiple Controllers Threat Defence Security Policy Datacentre ODL Controller APIC Controller App App
33 Application Centric Infrastructure 33
34 Application Centric Infrastructure Fabric Single Point of Management Flat Hardware Accelerated Network Intelligent Fabric Physical Fabric Traversal Flexible Insertion blade1 blade2 slot 1 blade3 slot 2 blade4 slot 3 blade5 slot 4 blade6 slot 5 blade7 slot 6 blade8 slot 7 slot 8 Single Pass Firewalling with Flow- Specific Policy Files Users Logical Endpoint Groups by Role
35 End Point Groups Simplify Policy Web App DB EPG 2 EPG 3 EPG 4 35
36 Service Insertion and ACI End Point Groups Internet EPG 1 Contract Contract Contract Web App DB EPG 2 EPG 3 EPG 4 ACL, Inspect HTTP, etc EPG 1 ASA EPG 2 Load Balancer EPG 3 EPG 4 Image from ACI at-a-glance Credit: Sean Xun Wang
37 SDN and Security 37
38 Simple Example - DDoS Mitigation DDoS Detection Application DDoS Application to SDN Controller: Give me the network traffic data DDoS Application to SDN Controller: I see an attack: Redirect the traffic for this flow to a Scrubber Cisco ONE Controller Telemetry Reroute Flows SP Load Balancer SSL/TLS Web App Termination Firewall Enterprise DDoS Scrubber
39 ODL Monitor Manager ODL Controller Nexus 3000 Tap Aggregation Switch SPAN Sensitive Data
40 ODL Monitor Manager ODL Controller Nexus 3000 Tap Aggregation Switch SPAN Sensitive Data
41 ODL Monitor Manager Monitoring Application ODL Controller Nexus 3000 Tap Aggregation Switch SPAN Sensitive Data
42 ODL Monitor Manager Monitoring Application ODL Controller Filter, Replicate, or Tag Traffic Nexus 3000 Tap Aggregation Switch SPAN Sensitive Data
43 What SDN Promises for Security SIMPLIFY POLICY form a trusted path from user to application CONVERGE INTELLIGENCE to more centralised security services LEVERAGE THE NETWORK FOOTPRINT to redirect traffic, identify and block new and unknown threats
44 SIMPLIFY POLICY Trusted Path from User to Application Simplify Network Segmentation End-to-end VLANs Extend network segments over distance Benefits Data confidentiality Multi-tenancy 2013 Cisco and/or its affiliates. All rights reserved. Cisco Internal Use 44
45 CONVERGE INTELLIGENCE Bring Network Flows to Central Security Services Benefits Make the network far less complex 2013 Cisco and/or its affiliates. All rights reserved. Cisco Internal Use 45
46 LEVERAGE THE NETWORK FOOTPRINT Redirect Traffic for Analysis Automatically Identify Infected hosts for quarantine and remediation Dynamically provision network for threat protection Benefits Enhanced network visibility Dynamic threat response 2013 Cisco and/or its affiliates. All rights reserved. Cisco Internal Use 46
47 SDN Exposes Network Value Automation Visibility Flow Management POLICY Orchestration ANALYTICS Program for Optimised Experience Harvest Network Intelligence Network
48 Threat Defence Containment Service Open Flow ODL Controller Identity Context Manager onepk pxgrid Identity Services Engine Catalyst 3850 Nexus ASA Sensitive Data
49 Threat Defence Containment Service Open Flow ODL Controller Identity Context Manager onepk pxgrid Identity Services Engine Catalyst 3850 Nexus ASA Sensitive Data
50 Threat Defence Containment Service Open Flow ODL Controller Identity Context Manager onepk pxgrid Identity Services Engine Netflow Catalyst 3850 Nexus ASA Sensitive Data
51 TAG Threat Defence Containment Service Open Flow ODL Controller Identity Context Manager onepk pxgrid Identity Services Engine SDN Control Catalyst 3850 Nexus ASA Sensitive Data
52 Threat Defence Containment Service Open Flow ODL Controller Identity Context Manager onepk pxgrid Security Group Tag = SUSPICIOUS Identity Services Engine Catalyst 3850 Nexus ASA Sensitive Data
53 INSPECT Threat Defence Inspection Containment Service Open Flow ODL Controller Identity Context Manager onepk pxgrid Identity Services Engine SDN Control Catalyst 3850 Nexus ASA Sensitive Data
54 Contain Threat Defence Containment Containment Service Open Flow ODL Controller Identity Context Manager onepk pxgrid Identity Services Engine SDN Control Catalyst 3850 Nexus ASA Sensitive Data
55 BLOCK Threat Defence Containment Service Open Flow ODL Controller Identity Context Manager onepk pxgrid Identity Services Engine SDN Control Catalyst 3850 Nexus ASA Sensitive Data
56 SDN Security Components 56
57 SDN Security Components SDN Applications Cisco Cloud Threat Defence Security Application Third Party Application SDN Security Infrastructure Network Services Security Identity Service Abstraction Layer pxgrid Identity Services Engine Open Flow ONEPK I2RS Security Plugin Network Elements Security Elements Virtual Machines 57
58 SDN Security Components Next Generation Defence Centre, PRSM, CSM SDN Applications Cisco Cloud Threat Defence Security Application Third Party Application SDN Security Infrastructure Network Services Security Identity Service Abstraction Layer pxgrid Identity Services Engine Open Flow ONEPK I2RS Security Plugin Network Elements Security Elements Virtual Machines 58
59 Threat Defence Services Network Capabilities OpenFlow onepk ASA Plugin VLAN SGT VxLAN ISE 59
60 Threat Defence Services Application View Targeted Blocking Targeted Inspection Targeted Rate Limiting Targeted Packet Capture Targeted File Capture Targeted Confinement Targeted Enforcement Network Capabilities OpenFlow onepk ASA Plugin VLAN SGT VxLAN ISE 60
61 Security Services Through SDN Audit Recording Monitoring Inspection Rate Limiting DDoS Scrubbing Quarantine Active Web Firewall Blocking 61
62 Security Services Through SDN Effective Timely Audit Recording Monitoring Inspection Rate Limiting DDoS Scrubbing Quarantine Active Web Firewall Blocking 62
63 Security Services Through SDN Effective Timely Audit Recording Monitoring Inspection Rate Limiting DDoS Scrubbing Quarantine Active Web Firewall Blocking Non-invasive 63
64 Network Controller Reconciles Mitigations Against the Needs of Mission-critical Applications Mitigations from Security System Application and Network Requirements 64
65 Securing SDN 65
66 Threats to an SDN System App 1 App 2 App 3 Controller Spoofing Controller to Network Element Communication
67 Threats to an SDN System App 1 App 2 App 3 Controller Spoofing App to Controller Communication Spoofing Controller to Network Element Communication
68 Securing SDN login attempt failed App 1 App 2 App 3 Controller Authentication Authorisation
69 Considerations 69
70 Considerations Detection How automated is your telemetry capture? How automated is your threat analysis? Are you limited by privacy considerations? 70
71 Considerations Detection Response How automated is your telemetry capture? What actions are you willing to take in real time? How automated is your threat analysis? Are you limited by privacy considerations? What actions should be one-click for a security analyst? 71
72 Considerations Detection Response SDN How automated is your telemetry capture? How automated is your threat analysis? Are you limited by privacy considerations? What actions are you willing to take in real time? What actions should be one-click for a security analyst? What type of SDN can you use? How SDN-ready is your network? SDN security? 72
73 Q & A
74 Complete Your Online Session Evaluation Give us your feedback and receive a Cisco Live 2014 Polo Shirt! Complete your Overall Event Survey and 5 Session Evaluations. Directly from your mobile device on the Cisco Live Mobile App By visiting the Cisco Live Mobile Site Visit any Cisco Live Internet Station located throughout the venue Polo Shirts can be collected in the World of Solutions on Friday 21 March 12:00pm - 2:00pm Learn online with Cisco Live! Visit us online after the conference for full access to session videos and presentations.
75
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER
MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationIntelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales
Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing,
More informationSegmentation. Threat Defense. Visibility
Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,
More informationCisco CloudCenter Solution with Cisco ACI: Common Use Cases
Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco ACI increases network security, automates communication policies based on business-relevant application requirements, and decreases developer
More informationCisco Application Centric Infrastructure
Data Sheet Cisco Application Centric Infrastructure What s Inside At a glance: Cisco ACI solution Main benefits Cisco ACI building blocks Main features Fabric Management and Automation Network Security
More informationCisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack
White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure
More information2018 Cisco and/or its affiliates. All rights reserved.
Beyond Data Center A Journey to self-driving Data Center with Analytics, Intelligent and Assurance Mohamad Imaduddin Systems Engineer Cisco Oct 2018 App is the new Business Developer is the new Customer
More informationCisco Nexus Data Broker
Data Sheet Cisco Nexus Data Broker Product Overview You used to monitor traffic mainly to manage network operations. Today, when you monitor traffic you can find out instantly what is happening throughout
More informationThe Next Opportunity in the Data Centre
The Next Opportunity in the Data Centre Application Centric Infrastructure Soni Jiandani Senior Vice President, Cisco THE NETWORK IS THE INFORMATION BROKER FOR ALL APPLICATIONS Applications Are Changing
More informationPolicy Driven Data Centre with ACI
Policy Driven Data Centre with ACI Chris Gascoigne Technical Solutions Architect #clmel Agenda Introduction What is policy Network policy Application policy Conclusion Introduction Traditional Data Centre
More informationCisco Cyber Range. Paul Qiu Senior Solutions Architect
Cisco Cyber Range Paul Qiu Senior Solutions Architect Cyber Range Service A platform to experience the intelligent Cyber Security for the real world What I hear, I forget What I see, I remember What I
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationPradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc.
Pradeep Kathail Chief Software Architect Network Operating Systems Technology Group, Cisco Systems Inc. March 4 th, 2014 2012 2010 Cisco and/or its affiliates. All rights reserved. 1 2012 Cisco and/or
More informationCisco Application Centric Infrastructure Roadshow. Wednesday, 2. April 14
Cisco Application Centric Infrastructure Roadshow Wednesday, 2. April 14 Cisco ACI Roadshow - Agenda Business and IT trends Cisco Open Network Environment (ONE) Lunch Cisco Application Centric Infrastructure
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationVeč kot SDN - SDA arhitektura v uporabniških omrežjih
Več kot SDN - SDA arhitektura v uporabniških omrežjih Aleksander Kocelj SE Cisco Agenda - Introduction to Software Defined Access - Brief description on SDA - Cisco SDA Assurance - DEMO 2 New Requirements
More informationOrchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud
Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud 2 Orchestrate the Cloud Infrastructure Business Drivers for Cloud Long Provisioning Times for New Services o o o Lack
More informationCisco SDN 解决方案 ACI 的基本概念
Cisco SDN 解决方案 ACI 的基本概念 Presented by: Shangxin Du(@shdu)-Solution Support Engineer, Cisco TAC Aug 26 th, 2015 2013 Cisco and/or its affiliates. All rights reserved. 1 Type Consumption Delivery Big data,
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationCisco Firepower NGFW. Anticipate, block, and respond to threats
Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid
More informationProgrammableFlow: OpenFlow Network Fabric
ProgrammableFlow: OpenFlow Network Fabric Samrat Ganguly, PhD NEC Corpora)on of America Page 1 Introducing ProgrammableFlow Software Defined Network Suite First OpenFlow-enabled network fabric Design,
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationData Center Security. Fuat KILIÇ Consulting Systems
Data Center Security Fuat KILIÇ Consulting Systems Engineer @Security Data Center Evolution WHERE ARE YOU NOW? WHERE DO YOU WANT TO BE? Traditional Data Center Virtualized Data Center (VDC) Virtualized
More informationThe Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an
Solution Overview Cisco ACI and AlgoSec Solution: Enhanced Security Policy Visibility and Change, Risk, and Compliance Management With the integration of AlgoSec into the Cisco Application Centric Infrastructure
More informationThe Internet of Everything is changing Everything
The Internet of Everything is changing Everything Intelligent Threat Defense for the Enterprise Mobility Nikos Mourtzinos, CCIE #9763 Global Security Sales Organization Changing Business Models Any Device
More informationDrive Greater Value from Your Cisco Deployment with Radware Solutions
Drive Greater Value from Your Cisco Deployment with Radware Solutions Ron Meyran Director, Alliances Marketing Feb 24, 2015 Introducing Radware Radware/Cisco Solution Mapping Solutions Overview & Differentiators
More informationDeploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework
White Paper Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework August 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
More informationCisco Software-Defined Access
F Cisco Software-Defined ccess What is Cisco Software-Defined ccess? Cisco Software-Defined ccess (SD-ccess) is a central part of the Cisco Digital Network rchitecture (Cisco DN ) solution and represents
More informationPSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco
PSOACI-4592 Why ACI: An overview and a customer (BBVA) perspective TJ Bijlsma César Martinez Joaquin Crespo Technology Officer DC EMEAR Cisco Lead Architect BBVA Lead Architect BBVA Cisco Spark How Questions?
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More informationDevNet Technical Breakout: Introduction to ACI Programming and APIs.
DevNet Technical Breakout: Introduction to ACI Programming and APIs. Michael Cohen Agenda Introduction to ACI ACI Policy ACI APIs REST API Python API L4-7 Scripting Opflex 3 Application Centric Infrastructure
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationUsing Event-Driven SDN for Dynamic DDoS Mitigation
Using Event-Driven SDN for Dynamic DDoS Mitigation Craig Hill Distinguished SE, US Federal crhill@cisco.com CCIE #1628 1 Concept and Content Creators The Cisco Engineering Team: Jason King Steven Carter
More informationSecuring Cisco s Network
Securing Cisco s Network Inside Cisco IT Simon Finn, Solutions Architect, Information Security Oisin MacAlasdair, Member of Technical Staff, Information Technology Agenda Cisco Landscape Trends Changing
More informationCisco Self Defending Network
Cisco Self Defending Network Integrated Network Security George Chopin Security Business Development Manager, CISSP 2003, Cisco Systems, Inc. All rights reserved. 1 The Network as a Strategic Asset Corporate
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationSystems Engineering for Software-Defined Network Virtualisation. John Risson, Solutions Engineering Manager IP and Transport Engineering, Telstra
Systems Engineering for Software-Defined Network Virtualisation John Risson, Solutions Engineering Manager IP and Transport Engineering, Telstra Agenda Motivation Case Studies Opportunities and Challenges
More informationACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)
This chapter contains the following sections:, on page 1 Alias API Inspector App Center Alias A changeable name for a given object. While the name of an object, once created, cannot be changed, the Alias
More informationFast IT - Policy Driven Infrastructure for the Intercloud World
Fast IT - Policy Driven Infrastructure for the Intercloud World Paul Horrocks Technical Solution Architect Agenda What is Fast IT? What is Policy? How Cisco delivers Fast IT The foundation for Fast IT
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationReal World ACI Deployment and Migration
Real World ACI Deployment and Migration #clmel Kannan Ponnuswamy Solution Architect Cisco Advanced Services Icons and Terms APIC Application Policy Infrastructure Controller (APIC) Cisco Nexus 9500 Cisco
More informationIdentity Based Network Access
Identity Based Network Access Identity Based Network Access - Agenda What are my issues Cisco ISE Power training What have I achieved What do I want to do What are the issues? Guest Student Staff Contractor
More informationDesign and Deployment of SourceFire NGIPS and NGFWL
Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the
More informationOne Platform Kit: The Power to Innovate
White Paper One Platform Kit: The Power to Innovate What Could You Do with the Power of the Network? What if you could: Reach into your network and extract the information you need, when you need it? Directly
More informationCisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design
White Paper Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design Emerging IT technologies have brought about a shift from IT as a cost center to IT as a business driver.
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationKey Security Measures to Enable Next-Generation Data Center Transformation
Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies
More informationBROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK
BROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK Ken Cheng VP, Service Provider and Application Delivery Products September 12, 2012 Brocade Cloud-Optimized Networking
More informationOpenFlow: What s it Good for?
OpenFlow: What s it Good for? Apricot 2016 Pete Moyer pmoyer@brocade.com Principal Solutions Architect Agenda SDN & OpenFlow Refresher How we got here SDN/OF Deployment Examples Other practical use cases
More informationCisco Nexus 1000V Switch for Microsoft Hyper-V
Q&A Cisco Nexus 1000V Switch for Microsoft Hyper-V Overview Q. What are Cisco Nexus 1000V Switches? A. Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual
More informationCisco Application Centric Infrastructure (ACI) Simulator
Data Sheet Cisco Application Centric Infrastructure (ACI) Simulator Cisco Application Centric Infrastructure Overview Cisco Application Centric Infrastructure (ACI) is an innovative architecture that radically
More informationDELL EMC VSCALE FABRIC
NETWORK DATA SHEET DELL EMC VSCALE FABRIC FIELD-PROVEN BENEFITS Increased utilization and ROI Create shared resource pools (compute, storage, and data protection) that connect to a common, automated network
More informationCisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer
Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability
More informationCisco pxgrid: A New Architecture for Security Platform Integration
Cisco pxgrid: A New Architecture for Security Platform Integration Brian Gonsalves Product Manager #clmel Agenda Cisco pxgrid in Summary pxgrid Use-Cases How to Develop Using pxgrid Getting Started Cisco
More informationCisco Extensible Network Controller
Data Sheet Cisco Extensible Network Controller Product Overview Today s resource intensive applications are making the network traffic grow exponentially putting high demands on the existing network. Companies
More informationBuild application-centric data centers to meet modern business user needs
Build application-centric data centers to meet modern business user needs Citrix.com Table of contents Meeting current business challenges...3 Device package integration...5 Policy-based service insertion...6
More informationCisco ACI Terminology ACI Terminology 2
inology ACI Terminology 2 Revised: May 24, 2018, ACI Terminology Cisco ACI Term Alias API Inspector App Center Application Policy Infrastructure Controller (APIC) Application Profile Atomic Counters Alias
More informationIntegration of Multi-Hypervisors with Application Centric Infrastructure
Integration of Multi-Hypervisors with Application Centric Infrastructure BRKAPP-9005 Bradley Wong Principal Engineer The Application Centric Infrastructure (ACI) is adopting an innovative approach to addressing
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationONUG SDN Federation/Operability
ONUG SDN Federation/Operability Orchestration A white paper from the ONUG SDN Federation/Operability Working Group May, 2016 Definition of Open Networking Open networking is a suite of interoperable software
More informationSolution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and
Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and Compliance Management Through the integration of AlgoSec
More informationSichere Applikations- dienste
Sichere Applikations- dienste Innovate, Expand, Deliver Manny Rivelo Für SaaS und traditionelle Service-Modelle EVP, Strategic Solutions Carsten Langerbein Field Systems Engineer c.langerbein@f5.com Es
More informationCisco Modelling Labs Lessons from a Virtual World
Cisco Modelling Labs Lessons from a Virtual World Joel Obstfeld Distinguished Engineer Network Virtualisation The challenge - How do you deploy new services, make changes, or troubleshoot in the live network
More informationMETAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER
METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER APPLICATIONS ARE DRIVING IT TRANSFORMATION Virtualization Clouds SDN 2 Copyright 2013 Juniper Networks, Inc. TWO PROBLEMS WITH
More informationQuantum, network services for Openstack. Salvatore Orlando Openstack Quantum core developer
Quantum, network services for Openstack Salvatore Orlando sorlando@nicira.com Openstack Quantum core developer Twitter- @taturiello Caveats Quantum is in its teenage years: there are lots of things that
More informationHow a Programmable Network and SDN Help Solve Critical Security Infrastructure Requirements
How a Programmable Network and SDN Help Solve Critical Security Infrastructure Requirements Session ID 18PT John Manville, SVP Global Infrastructure Services Steve Martino, VP Chief Information Security
More informationCisco Application Policy Infrastructure Controller Data Center Policy Model
White Paper Cisco Application Policy Infrastructure Controller Data Center Policy Model This paper examines the Cisco Application Centric Infrastructure (ACI) approach to modeling business applications
More informationCisco Unified Data Center Strategy
Cisco Unified Data Center Strategy How can IT enable new business? Holger Müller Technical Solutions Architect, Cisco September 2014 My business is rapidly changing and I need the IT and new technologies
More informationDesign Guide for Cisco ACI with Avi Vantage
Page 1 of 23 Design Guide for Cisco ACI with Avi Vantage view online Overview Cisco ACI Cisco Application Centric Infrastructure (ACI) is a software defined networking solution offered by Cisco for data
More informationService Provider Security Architecture
Service Provider Security Architecture Andrew Turner Technical Marketing, Security Business Group April 12 th 2017 Digitization is disrupting the SP business The world has gone mobile Traffic growth, driven
More informationCisco Network Admission Control (NAC) Solution
Data Sheet Cisco Network Admission Control (NAC) Solution New: Updated to include the Cisco Secure Network Server (SNS) Cisco Network Admission Control (NAC) solutions allow you to authenticate wired,
More informationHow your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter
How your network can take on the cloud and win Think beyond traditional networking toward a secure digital perimeter Contents Introduction... 3 Reduce risk points with secure, contextualized access...
More informationThe Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec
The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec James Edwards Product Marketing Manager Dan Watson Senior Systems Engineer Disclaimer This session may contain product
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationCisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH
Cisco Tetration Analytics Demo Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH Agenda Introduction Theory Demonstration Innovation Through Engineering
More informationData Center and Cloud Automation
Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve
More informationCisco Secure Access Control
Cisco Secure Access Control Delivering Deeper Visibility, Centralized Control, and Superior Protection Martin Briand - Security Escalation VSE Global Virtual Engineering Oriol Madriles Soriano Security
More informationSecurity Overview and Cisco ACE Replacement
Security Overview and Cisco ACE Replacement March, 2014 Florian Hartmann, Senior Systems Engineer DACH A10 Corporate Introduction Headquarters in San Jose 800+ Employees Offices in 32 countries Customers
More informationService Insertion with ACI using F5 iworkflow
Service Insertion with ACI using F5 iworkflow Gert Wolfis F5 EMEA Cloud SE October 2016 Agenda F5 and Cisco ACI Joint Solution Cisco ACI L4 L7 Service Insertion Overview F5 and Cisco ACI Integration Models
More informationMicro Focus Network Operations Management Suite Supports SDN and Network Virtualization Engineering and Operations
Micro Focus Network Operations Management Suite Supports SDN and Network Virtualization Engineering and Operations An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for Micro Focus December
More informationInternet of Things. Tanja Hess Consulting Systems Engineer 2nd June 2016
Internet of Things Tanja Hess Consulting Systems Engineer 2nd June 2016 Agenda Cisco IoT System The Six Pillars of IoT IoT in Action The Cisco Role in IoT Cloud and Fog Analytics App Enablement App Enablement
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationVMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Efficient, Agile and Extensible Software-Defined Networks and Security WHITE PAPER Overview Organizations worldwide have gained significant efficiency and
More informationNext generation branch with SD-WAN and NFV
Next generation branch with SD-WAN and NFV Kiran Ghodgaonkar, Senior Manager, Enterprise Marketing Mani Ganeson, Senior Product Manager PSOCRS-2004 @ghodgaonkar Cisco Spark How Questions? Use Cisco Spark
More informationCisco Cyber Threat Defense Solution 1.0
Cisco Cyber Threat Defense Solution 1.0 Contents 1. Introduction to the Cisco Cyber Threat Defense Solution 1.0 2. Technical overview of the Cisco Cyber Threat Defense Solution 1.0 3. Using the Cisco Cyber
More informationThreat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)
Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN) JP Vasseur, PhD - Cisco Fellow jpv@cisco.com Maik G. Seewald, CISSP Sr. Technical Lead maseewal@cisco.com June 2016 Cyber
More informationCisco Data Center Network Manager 5.1
Cisco Data Center Network Manager 5.1 Product Overview Modern data centers are becoming increasingly large and complex. New technology architectures such as cloud computing and virtualization are adding
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationCisco ACI Multi-Site, Release 1.1(1), Release Notes
Cisco ACI Multi-Site, Release 1.1(1), Release Notes This document describes the features, caveats, and limitations for the Cisco Application Centric Infrastructure Multi-Site software. The Cisco Application
More informationThe Transformation of Media & Broadcast Video Production to a Professional Media Network
The Transformation of Media & Broadcast Video Production to a Professional Media Network Subha Dhesikan, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after
More informationAPNIC elearning: SDN Fundamentals
APNIC elearning: SDN Fundamentals Issue Date: esdn01_v0.15 Revision: Overview Evolution of routers The Clean Slate project OpenFlow Emergence and evolution of SDN SDN architecture today Use cases Standards
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationCisco ACI App Center. One Platform, Many Applications. Overview
White Paper Cisco ACI App Center One Platform, Many Applications Overview Cisco Application Centric Infrastructure (Cisco ACI ) is a comprehensive software-defined networking (SDN) solution designed from
More informationCisco Software-Defined Access
Migration Guide Cisco Software-Defined Access 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 31 Contents Cisco SD-Access... 3 Evolution of Networking
More informationADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY
ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY One of the largest concerns of organisations is how to implement and introduce advanced security mechanisms to protect
More informationCisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.
Cisco Enterprise Cloud Suite Overview 2015 Cisco and/or its affiliates. All rights reserved. 1 CECS Components End User Service Catalog SERVICE PORTAL Orchestration and Management UCS Director Application
More informationTEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS
E-Guide TEN ESSENTIAL NETWORK VIRTUALIZATION DEFINITIONS SearchSDN T here is some confusion surrounding as there is no one definition. In this exclusive guide, you ll find ten to help you better understand
More information