Network Virtualization Business Case

Size: px
Start display at page:

Download "Network Virtualization Business Case"

Transcription

1 SESSION ID: GPS2-R01 Network Virtualization Business Case Arup Deb virtual networking & security VMware NSBU

2 I. Data center security today Don t hate the player, hate the game - Ice T, Rapper

3 The pressure on security New App Requested Provision VM Policies are Set Security Services Configured Security Mapped to Network App Deployed Change Happens Provision Network

4 Impressive rates of DC change Rate of Change

5 Everything works well on day one DAY 1 Data Center DAY 2 Perimeter Firewall Finance Application SQL database server provision request Sensitive data is added to the new database VM DMZ/Web Database policy assumptions are: No confidential information No personal privacy information Vanilla DB policies Now what? App DB

6 Current security architecture Converged Infrastructure, running on data center compute resources and vsphere hypervisors Client Perimeter FW Internal FW End user computing/desktops Application infrastructure A/V Internet IPS DMZ Internet-facing servers: Web, , DNS, VDI etc Other server security 6

7 Why do breaches still occur? Data Center Perimeter Today s data centers are protected by strong perimeter defense But threats and exploits still infect servers. Lowpriority systems are often the target. Threats can lie dormant, waiting for the right moment to strike Attacks spread inside the data center, where internal controls are often weak. Critical systems are targeted. Server-server traffic growth has outpaced client-server traffic. The attack spreads and goes unnoticed. Possibly after months of reconnaissance, the infiltration relays secret data to the attacker.

8 Breaches still occur because of perimeter-focused security Perimeter-centric network security has proven insufficient. Insufficient Little or no lateral controls inside perimeter Internet Status quo: do nothing Inside of data center left unprotected High-risk to potential security breaches Reactive clean-up: look at Sony Pictures Costly: Target s recent breach cost $100s of millions Data Center Perimeter

9 Ideally, every app would have dedicated resources

10 Not practical with three tier consolidated application infrastructure Web App DB

11 Manageability necessitates grouping Security Zones VLANS

12 Other alternatives used today to try to reduce breaches... There are a few other available options today to improve internal data center security. Both have their own challenges and ultimately are not operationally feasible. Adding more internal security Requires placing more firewalls across workloads Internet Physical firewalls Cost prohibitive: thousands of firewalls needed (1 per VM) Complex configuration: security policies restricted by network topology Inefficient choke point firewalling Impractical to build lateral coverage Data Center Perimeter Virtual firewalls Similar to physical firewalls, only slower performance No micro-segmentation Limited central management Costly and complicated

13 Firewall inefficiencies today East-West Firewalling SAME HOST Nexus 7000 East-West Firewalling HOST TO HOST Nexus 7000 Traditional firewall challenges Inefficient network design Physical firewalls are choke points in the network VM-to-VM traffic must hairpin out to physical firewall UCS Fabric A UCS Fabric B UCS Fabric A UCS Fabric B Security policies tied to network topology: slows deployment UCS Blade 1 vswitch UCS Blade 1 UCS Blade 2 vswitch vswitch 6 wire hops 6 wire hops

14 Architectural considerations Switching capacity in the core need to Address host and VM capacity. Firewall and load balancer Capacity needs to grow to address Added vms and application tiers Networking functions are performed in core Top of Rack or core switch.

15 Virtual networking approach Automated operational model Network & Security Services Now in the Hypervisor Applications Virtual Machines Virtual Networks Virtual Storage Data Center Virtualization Software Load Balancing L3 Routing Compute Capacity Network Capacity Storage Capacity Pooled compute, network and storage capacity; Vendor independent, best price/perf; Simplified config and mgt. Hardware L2 Switching Firewalling/ACLs Location Independence

16 Delivering better security and making microsegmentation operationally feasible Hypervisor-based, in kernel distributed firewalling High throughput rates on a per hypervisor basis Every hypervisor adds additional eastwest firewalling capacity Platform-based automation Automated provisioning and workload adds/moves/changes Accurate firewall policies follow workloads as they move

17 A micro-segmentation approach Today data center security relies on perimeter defense Micro-segmentation enables security that follows the VM Security can be applied per workload, not just inside the perimeter Internet 1 Isolation and segmentation Internet 2 Unit-level trust / least privilege Data Center Perimeter Data Center Perimeter Lower cost Operationally familiar But ultimately insufficient 3 Ubiquity and centralized control 17

18 Micro-segmentation in detail Isolation Segmentation Advanced services No communication path between unrelated networks No cross-talk between networks Overlay technology assures networks are separated by default Controlled communication path within a single network Fine-grained enforcement of security Security policies based on logical groupings of VMs Advanced services: addition of 3 rd party security, as needed by policy Multivendor solutions. Dynamic addition of security adapt to changing conditions

19 Micro-segmentation simplifies network security Perimeter firewall Finance HR Engineering Inside firewall DMZ App Each VM can now be its own perimeter Policies align with logical groups Prevents threats from spreading DB Services AD NTP DHCP DNS CERT

20 More efficient firewalls with virtual networking and security East-West Firewalling / Same host East-West Firewalling / Host to host Before virtial networking With virtual networking Before virtial networking With virtual networking Distributed Virtual Firewall Distributed Virtual Firewall Nexus 7000 Nexus 7000 Nexus 7000 Nexus 7000 UCS Fabric A UCS Fabric B UCS Fabric A UCS Fabric B UCS Fabric A UCS Fabric B UCS Fabric A UCS Fabric B UCS Blade 1 UCS Blade 1 vswitch vswitch UCS Blade 1 UCS Blade 2 vswitch UCS Blade 1 UCS Blade 2 vswitch vswitch 6 wire hops 0 wire hops 6 wire hops Fewer hops, more efficient and precise VM networking 2 wire hops

21 Architectural benefits Savings in Core switch Port Requirements, and Routing capacity Savings in Firewall and load balancer Capacity and reduced complexity in Managing firewall rules. Security functions are performed in nearest to virtual machines

22 Architectural benefits Application continuity and Disaster recovery Synchronize state of security infrastructure in secondary site Fast re-start of virtual Network, and Virtual security elements Active-Active Active Standby Easy testing of Virtual network failover

23 Policy and services assigned to groups Apply Repeatedly Define Once Define Policy Web Assign Services Automate Response App DB HR

24 Consistent policy and services HR +

25 Adaptable and proactive security UNIQUE POLICY DEFINITIONS UNIQUE POLICY DEFINITIONS Policy and services defined with future changes in mind Remediate changes with preset policy definitions Vulnerability scan. If vulnerability found, tag workload with CVE Score. If tagged, remediate with IPS.

26 Automated security UNIQUE POLICY DEFINITIONS UNIQUE POLICY DEFINITIONS Policy and services defined with future changes in mind Remediate changes with preset policy definitions Scan to ensure no private information is stored. If found, tag. SN# If tagged, move workload to more secure PII group. Finance Group PII Group

27 Today s VDI challenges VDI to VDI Desktop-to-desktop hacking inside the DC Finance HR Engineering VDI to VM Desktop-to-server hacking inside the DC

28 Virtual networking simplifies VDI Perimeter firewall Inside firewall Finance HR Engineering DMZ App DB Firewall and filter traffic based on logical groupings Simplified, programmable, automated application of network/security policy to desktop users/pools Service-chaining with AV and NGFW partners to deliver automated, policy-integrated AV / malware protection, NGFW, IPS, etc. 28

29 A multivendor security approach Integration platform for dynamic security services Security Solution Traditional Data Center Static service chain Data Center with virtual networking Dynamic service chain

30 Ground-breaking use cases Security IT automation Application continuity IT optimization Micro segmentation IT automating IT Disaster recovery Server asset utilization DMZ anywhere Developer cloud Metro pooling Hardware lifecycle Secure end user Multi-tenant infrastructure Hybrid cloud networking Price performance$ 30

31 Apply What You Have Learned Today Review security and protection of your virtual servers and virtual desktops. Identify the ratio of VMs that have no firewall protection. Consider extending firewall protection to 100% of your VM deployments. Employ tools to quickly isolate and remediate a Virus or Malware infected VM. Consider the impact to your business if VMs are compromised. Discuss the impact of security automation to Application provisioning times. Consider a one pain of glass approach to managing security and firewalls in a multisite, multidc and Hybrid cloud deployment. Adapt a virtual network and security platform that supports an advanced security approach from multiple vendors for your virtualized Data center. 31

32

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity 3 Ways Businesses Use Network Virtualization A Faster Path to Improved Security, Automated IT, and App Continuity INTRODUCTION 2 Today s IT Environments Are Demanding Technology has made exciting leaps

More information

Transforming Security Part 2: From the Device to the Data Center

Transforming Security Part 2: From the Device to the Data Center SESSION ID: SP01-R11 Transforming Security Part 2: From the Device to the Data Center John Britton Director, EUC Security VMware @RandomDevice The datacenter as a hospital 3 4 5 Digital transformation

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION

More information

Operationalizing NSX Micro segmentation in the Software Defined Data Center

Operationalizing NSX Micro segmentation in the Software Defined Data Center Operationalizing NSX Micro segmentation in the Software Defined Data Center A Comprehensive Solution for Visibility and Management of Heterogeneous Security Controls in a Data Center www.tufin.com Introduction

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology

More information

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER TECHNICAL WHITE PAPER MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY Abstract Organizations are in search of ways to more efficiently and securely use IT resources to increase innovation and minimize cost.

More information

1V0-642.exam.30q.

1V0-642.exam.30q. 1V0-642.exam.30q Number: 1V0-642 Passing Score: 800 Time Limit: 120 min 1V0-642 VMware Certified Associate 6 Network Visualization Fundamentals Exam Exam A QUESTION 1 Which is NOT a benefit of virtualized

More information

Data Center Micro-Segmentation

Data Center Micro-Segmentation Data Center Micro-Segmentation A Software Defined Data Center Approach for a Zero Trust Security Strategy WHITE PAPER Table of Contents Executive Summary... 3 The Software Defined Data Center is the Future...

More information

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS 5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS INTRODUCTION The modern data center is rapidly evolving. Virtualization is paving the way to the private cloud, enabling applications

More information

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER Bret Hartman Cisco / Security & Government Group Session ID: SPO1-W25 Session Classification: General Interest 1 Mobility Cloud Threat Customer centric

More information

Ewolucja sieci w Data Center

Ewolucja sieci w Data Center Ewolucja sieci w Data Center Czas na wirtualizację sieci za pomocą ware NSX Sławomir Słowiński Account Executive ware Networking and Security 2016 ware Inc. All rights reserved. Focus on the App The goals

More information

Micro-Segmentation: What It Is and What It Isn t. Explore Essential Security Controls for Fighting New Threats to Your Data Center

Micro-Segmentation: What It Is and What It Isn t. Explore Essential Security Controls for Fighting New Threats to Your Data Center W H I T E PA P E R Micro-Segmentation: What It Is and What It Isn t Explore Essential Security Controls for Fighting New Threats to Your Data Center Table of Contents Executive Summary...1 New Threats

More information

CASE STUDY INSIGHTS: MICRO-SEGMENTATION TRANSFORMS SECURITY. How Organizations Around the World Are Protecting Critical Data

CASE STUDY INSIGHTS: MICRO-SEGMENTATION TRANSFORMS SECURITY. How Organizations Around the World Are Protecting Critical Data CASE STUDY INSIGHTS: MICRO-SEGMENTATION TRANSFORMS SECURITY How Organizations Around the World Are Protecting Critical Data The Growing Risk of Security Breaches Data center breaches are nothing new but

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme NET3282BE The NSX Practical Path Brian Lazear, Sr. Director, NSX Product Management Brian Muita, CTO, Node Africa #VMworld #NET3282BE Disclaimer This presentation may contain product features that are

More information

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any

More information

CloudVision Macro-Segmentation Service

CloudVision Macro-Segmentation Service CloudVision Macro-Segmentation Service Inside Address network-based security as a pool of resources, stitch security to applications and transactions, scale on-demand, automate deployment and mitigation,

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme SAI1303BU Security with NSX. Greater Security in the Digital Business Age Alex Berger, NSX Product Marketing #VMworld #SAI1303BU Disclaimer This presentation may contain product features that are currently

More information

Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud

Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud 2 Orchestrate the Cloud Infrastructure Business Drivers for Cloud Long Provisioning Times for New Services o o o Lack

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme ADV1587BU NSX + Horizon: A Security Architecture for Delivering Desktops and Applications with VMware Wade Holmes Graeme Gordon VMworld 2017 Content: Not for publication #VMworld #ADV1587BU Disclaimer

More information

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012 SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD May 2012 THE ECONOMICS OF THE DATA CENTER Physical Server Installed Base (Millions) Logical Server Installed Base (Millions) Complexity and Operating

More information

Stop Cyber Threats With Adaptive Micro-Segmentation. Chris Westphal Head Of Product Marketing

Stop Cyber Threats With Adaptive Micro-Segmentation. Chris Westphal Head Of Product Marketing Stop Cyber Threats With Adaptive Micro-Segmentation Chris Westphal Head Of Product Marketing Agenda Why Are We Here? What Is Adaptive Micro-Segmentation? How Adaptive Micro-Segmentation Is Used Why Visibility

More information

Securing the Software-Defined Data Center

Securing the Software-Defined Data Center Securing the Software-Defined Data Center The future of the data center is software defined Key Advantages McAfee Network Platform 8.4 Delivers best-in-class IPS security across physical and softwaredefined

More information

DELL EMC VSCALE FABRIC

DELL EMC VSCALE FABRIC NETWORK DATA SHEET DELL EMC VSCALE FABRIC FIELD-PROVEN BENEFITS Increased utilization and ROI Create shared resource pools (compute, storage, and data protection) that connect to a common, automated network

More information

WHITE PAPER MICRO-SEGMENTATION. illumio.com

WHITE PAPER MICRO-SEGMENTATION. illumio.com MICRO-SEGMENTATION CONTENTS OVERVIEW Business drivers Current challenges with micro-segmentation The Illumio solution CURRENT APPROACHES TO MICRO-SEGMENTATION IP address rules VLANs Firewall zones Software-defined

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme SIE2034BE Securing your VMware Horizon Virtualized Apps and Desktop Investments with NSX Satish Yadavalli, General Manager & Global Practice Head Wipro Limited Bhanu Reddy, Practice Manager Wipro Limited

More information

Disclaimer CONFIDENTIAL 2

Disclaimer CONFIDENTIAL 2 Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally

More information

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved. Cisco Enterprise Cloud Suite Overview 2015 Cisco and/or its affiliates. All rights reserved. 1 CECS Components End User Service Catalog SERVICE PORTAL Orchestration and Management UCS Director Application

More information

WHITE PAPER OCTOBER VMWARE NSX WITH CHECK POINT vsec. Enhancing Micro-Segmentation Security

WHITE PAPER OCTOBER VMWARE NSX WITH CHECK POINT vsec. Enhancing Micro-Segmentation Security WHITE PAPER OCTOBER 2017 VMWARE NSX WITH CHECK POINT vsec Enhancing Micro-Segmentation Security Table of Contents Executive Summary 3 VMware NSX Network Virtualization Overview 5 East-West Versus North-South

More information

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec James Edwards Product Marketing Manager Dan Watson Senior Systems Engineer Disclaimer This session may contain product

More information

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER TECHNICAL WHITE PAPER MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY Abstract Organizations are in search of ways to more efficiently and securely use IT resources to increase innovation and minimize cost.

More information

Improve Existing Disaster Recovery Solutions with VMware NSX

Improve Existing Disaster Recovery Solutions with VMware NSX Improve Existing Disaster Recovery Solutions with VMware NSX Kevin Reed Sr Manager, VMware Federal Networking & Security Team kreed@vmware.com 703.307.3253 Don Poorman Manager Solutions Enginering Govplace

More information

Securing Your Virtual World Harri Kaikkonen Channel Manager

Securing Your Virtual World Harri Kaikkonen Channel Manager Securing Your Virtual World Harri Kaikkonen Channel Manager Copyright 2009 Trend Micro Inc. Virtualisation On The Rise 16,000,000 Virtualized x86 shipments 14,000,000 12,000,000 10,000,000 8,000,000 6,000,000

More information

SYMANTEC DATA CENTER SECURITY

SYMANTEC DATA CENTER SECURITY SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information

More information

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco ACI increases network security, automates communication policies based on business-relevant application requirements, and decreases developer

More information

Practical Path to VMware NSX Nimish Desai - NSBU, VMware

Practical Path to VMware NSX Nimish Desai - NSBU, VMware Practical Path to VMware NSX Nimish Desai - NSBU, VMware Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment

More information

The threat landscape is constantly

The threat landscape is constantly A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions

More information

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 29, 2010 Kuala Lumpur Convention Centre Securing Virtual Environments Raimund Genes CTO Trend Micro The Changing Datacenter

More information

The Next Opportunity in the Data Centre

The Next Opportunity in the Data Centre The Next Opportunity in the Data Centre Application Centric Infrastructure Soni Jiandani Senior Vice President, Cisco THE NETWORK IS THE INFORMATION BROKER FOR ALL APPLICATIONS Applications Are Changing

More information

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto

More information

VMware vshield App Design Guide TECHNICAL WHITE PAPER

VMware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide Overview ware vshield App is one of the security products in the ware vshield family that provides protection to applications

More information

Stop Cyber Threats With Adaptive Micro-Segmentation. Jeff Francis Regional Systems Engineer

Stop Cyber Threats With Adaptive Micro-Segmentation. Jeff Francis Regional Systems Engineer Stop Cyber Threats With Adaptive Micro-Segmentation Jeff Francis Regional Systems Engineer Who is This Guy, and Why is He Here? Jeff Francis Regional Systems Engineer Northwestern United States Datacenter

More information

WHITE PAPER. Why Traditional Data Center Security Is No Longer Enough

WHITE PAPER. Why Traditional Data Center Security Is No Longer Enough WHITE PAPER Why Traditional Data Center Security Is No Longer Enough Table of Contents An Indefensible Approach...1 Network Virtualization and Micro-Segmentation: a Modern Approach to Modern Threats...4

More information

The Evolution of Data Center Security, Risk and Compliance

The Evolution of Data Center Security, Risk and Compliance #SymVisionEmea #SymVisionEmea The Evolution of Data Center Security, Risk and Compliance Taha Karim / Patrice Payen The Adoption Curve Virtualization is being stalled due to concerns around Security and

More information

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End

More information

The rise of SDN: A practitioners deep dive into VMware NSX by Andy Hine

The rise of SDN: A practitioners deep dive into VMware NSX by Andy Hine The rise of SDN: A practitioners deep dive into VMware NSX by Andy Hine Introduction The hype about Software Defined Networking (SDN) has been around for years, during which time the technology has rapidly

More information

Go Cloud. VMware vcloud Datacenter Services by BIOS

Go Cloud. VMware vcloud Datacenter Services by BIOS Go Cloud VMware vcloud Datacenter Services by BIOS Is your IT infrastructure always in tune with your business? If a market opportunity suddenly arises, can your business respond in time? Or is the opportunity

More information

Osynlig infrastruktur i datacentret med inbyggd säkerhet och resursoptimering.

Osynlig infrastruktur i datacentret med inbyggd säkerhet och resursoptimering. Osynlig infrastruktur i datacentret med inbyggd säkerhet och resursoptimering. Joel Lindberg Nutanix Build and Manage Daniel Dale varmour Secure and visibility Karl Barton VMTurbo Demand driven control

More information

Copyright 2011 Trend Micro Inc.

Copyright 2011 Trend Micro Inc. Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF

More information

Securing Your Microsoft Azure Virtual Networks

Securing Your Microsoft Azure Virtual Networks Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up

More information

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1 Introducing VMware Validated Design Use Cases Modified on 21 DEC 2017 VMware Validated Design 4.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

Cisco Application Centric Infrastructure

Cisco Application Centric Infrastructure Data Sheet Cisco Application Centric Infrastructure What s Inside At a glance: Cisco ACI solution Main benefits Cisco ACI building blocks Main features Fabric Management and Automation Network Security

More information

Building a Smart Segmentation Strategy

Building a Smart Segmentation Strategy Building a Smart Segmentation Strategy Using micro-segmentation to reduce your attack surface, harden your data center, and secure your cloud. WP201705 Overview Deployed at the network layer, segmentation

More information

Securing Your Amazon Web Services Virtual Networks

Securing Your Amazon Web Services Virtual Networks Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,

More information

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING. NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING. The old mantra of trust but verify just is not working. Never trust and verify is how we must apply security in this era of sophisticated breaches.

More information

Feature Comparison Summary

Feature Comparison Summary Feature Comparison Summary,, and The cloud-ready operating system is the cloud-ready operating system that delivers new layers of security and Azure-inspired innovation for the applications and infrastructure

More information

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING PROTECTING BANKING AND FINANCIAL INSTITUTIONS FROM CYBER FRAUD Enabling the financial industry to become proactively secure and compliant Overview In order to keep up with the changing digital payment

More information

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung Alexei Agueev, Systems Engineer ETHERNET MIGRATION 10G/40G à 25G/50G/100G Interface Parallelism Parallelism increases

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme NET1192BE Multisite Networking & Security with Cross-vC NSX Josh Coulling Networking & Security Senior System Engineer #VMworld #NET1192BE Disclaimer This presentation may contain product features that

More information

Segmentation. Threat Defense. Visibility

Segmentation. Threat Defense. Visibility Segmentation Threat Defense Visibility Establish boundaries: network, compute, virtual Enforce policy by functions, devices, organizations, compliance Control and prevent unauthorized access to networks,

More information

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /

More information

Data Center and Cloud Automation

Data Center and Cloud Automation Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve

More information

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled Microsoft Azure Integration and Security Course Code: AZ-101; Duration: 4 days; Instructorled WHAT YOU WILL LEARN This course teaches IT professionals how to discover, assess, plan and implement a migration

More information

Micro-Segmentation Builds Security Into Your Data Center s DNA

Micro-Segmentation Builds Security Into Your Data Center s DNA Micro-Segmentation Builds Security Into Your Data Center s DNA With VMware NSX, Security Becomes as Nimble as the Applications They Protect TECHNICAL WHITE PAPER Executive Summary Most enterprise IT professionals

More information

Hybrid Cloud Solutions

Hybrid Cloud Solutions Hybrid Cloud Solutions with Cisco and Microsoft Innovation Rob Tappenden, Technical Solution Architect rtappend@cisco.com March 2016 Today s industry and business challenges Industry Evolution & Data Centres

More information

Development. Architecture QA. Operations

Development. Architecture QA. Operations Development Architecture QA Operations Lack of business agility Slow to onboard new customers Hard to practice true DevOps Outpaced by disruptors Rogue dev projects Lack of SecOps agility Slow threat assessments

More information

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework White Paper Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework August 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

More information

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture

IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture IBM Cloud for VMware Solutions NSX Edge Services Gateway Solution Architecture Date: 2017-03-29 Version: 1.0 Copyright IBM Corporation 2017 Page 1 of 16 Table of Contents 1 Introduction... 4 1.1 About

More information

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP Pasiruoškite ateičiai: modernus duomenų centras Laurynas Dovydaitis Microsoft Azure MVP 2016-05-17 Tension drives change The datacenter today Traditional datacenter Tight coupling between infrastructure

More information

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?

More information

Acronis Backup. Acronis, All rights reserved. Dual headquarters in Switzerland and Singapore. Dual headquarters in Switzerland and Singapore

Acronis Backup. Acronis, All rights reserved. Dual headquarters in Switzerland and Singapore. Dual headquarters in Switzerland and Singapore Acronis Backup 1 Acronis Backup Guards Against Modern Threats Cybercrimes will cost $6 trillion per year worldwide by 2021 50% of hard drives die within 5 years Keeps Business Running Data is growing 33

More information

The Cisco HyperFlex Dynamic Data Fabric Advantage

The Cisco HyperFlex Dynamic Data Fabric Advantage Solution Brief May 2017 The Benefits of Co-Engineering the Data Platform with the Network Highlights Cisco HyperFlex Dynamic Data Fabric Simplicity with less cabling and no decisions to make The quality

More information

A comprehensive framework for securing virtualized data centers. Business white paper

A comprehensive framework for securing virtualized data centers. Business white paper A comprehensive framework for securing virtualized data centers Business white paper Contents Experiencing the virtualization wave...3 Addressing virtualization security challenges...3 Understanding security

More information

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics Vision: Everything as a service Speed Scalability Speed to Market

More information

How to Use Micro-Segmentation to Secure Government Organizations

How to Use Micro-Segmentation to Secure Government Organizations How to Use Micro-Segmentation to Secure Government Organizations How micro-segmentation reduces your attack surface, hardens your data center, and enables your cloud security. WP201804 Overview Deployed

More information

Microsegmentation with Cisco ACI

Microsegmentation with Cisco ACI This chapter contains the following sections:, page 1 Microsegmentation with the Cisco Application Centric Infrastructure (ACI) provides the ability to automatically assign endpoints to logical security

More information

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to

More information

Security Readiness Assessment

Security Readiness Assessment Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS

More information

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design for Software-Defined Data Center 3.0 This document supports the version of each product listed and supports

More information

FlexPod Data Center Solution. Presented by: Bernd Dultinger Date: December 1 st 2011

FlexPod Data Center Solution. Presented by: Bernd Dultinger Date: December 1 st 2011 FlexPod Data Center Solution Presented by: Bernd Dultinger Date: December 1 st 2011 What are we asked to do? Budgets go further and business goes faster Data Centers are at a Critical Juncture Empowered

More information

Dynamic Datacenter Security Solidex, November 2009

Dynamic Datacenter Security Solidex, November 2009 Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic

More information

Introduction. The Safe-T Solution

Introduction. The Safe-T Solution Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,

More information

NETWORKING 3.0. Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING. Remarkably Simple

NETWORKING 3.0. Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING. Remarkably Simple NETWORKING 3.0 Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING Highly Available Remarkably Simple Radically Secure IP complexity is holding your business back As

More information

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design 4.0 VMware Validated Design for Software-Defined Data Center 4.0 You can find the most up-to-date technical

More information

Security Considerations for Cloud Readiness

Security Considerations for Cloud Readiness Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution

More information

Enabling Efficient and Scalable Zero-Trust Security

Enabling Efficient and Scalable Zero-Trust Security WHITE PAPER Enabling Efficient and Scalable Zero-Trust Security FOR CLOUD DATA CENTERS WITH AGILIO SMARTNICS THE NEED FOR ZERO-TRUST SECURITY The rapid evolution of cloud-based data centers to support

More information

Powering Transformation With Cisco

Powering Transformation With Cisco Shape Your Business For the Future: Powering Transformation With Cisco Enabling Data Center Evolution Towards Cloud Computing Yudi Wiradarma TSO Lead, PT NetApp Indonesia Agenda The Challenge Cloud infrastructure

More information

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center Introducing VMware Validated Designs for Software-Defined Data Center VMware Validated Design for Software-Defined Data Center 4.0 This document supports the version of each product listed and supports

More information

Cisco Unified Data Center Strategy

Cisco Unified Data Center Strategy Cisco Unified Data Center Strategy How can IT enable new business? Holger Müller Technical Solutions Architect, Cisco September 2014 My business is rapidly changing and I need the IT and new technologies

More information

2018 Cisco and/or its affiliates. All rights reserved.

2018 Cisco and/or its affiliates. All rights reserved. Beyond Data Center A Journey to self-driving Data Center with Analytics, Intelligent and Assurance Mohamad Imaduddin Systems Engineer Cisco Oct 2018 App is the new Business Developer is the new Customer

More information

Ten things hyperconvergence can do for you

Ten things hyperconvergence can do for you Ten things hyperconvergence can do for you Francis O Haire Director, Technology & Strategy DataSolutions Evolution of Enterprise Infrastructure 1990s Today Virtualization Server Server Server Server Scale-Out

More information

Convergence is accelerating the path to the New Style of Business

Convergence is accelerating the path to the New Style of Business Convergence is accelerating the path to the New Style of Business HP Hyper-Converged Systems Franz Weberberger Presales Consultant HP Servers Copyright 2012 Hewlett-Packard Development Company, L.P. The

More information

VMware, Cisco and EMC The VCE Alliance

VMware, Cisco and EMC The VCE Alliance ware, Cisco and EMC The VCE Alliance Juan Carlos Bonilla ware Luis Pérez Cisco Aarón Sánchez EMC October, 2009 1 The VCE Positioning - Where is the Problem? Source: IDC 2008 2 Where is the Problem? The

More information

NET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc

NET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc NET1846 Introduction to NSX Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc Disclaimer This presentation may contain product features that are currently under development. This overview of new technology

More information

HPE Hyper Converged. Mohannad Daradkeh Data center and Hybrid Cloud Architect Hewlett-Packard Enterprise Saudi Arabia

HPE Hyper Converged. Mohannad Daradkeh Data center and Hybrid Cloud Architect Hewlett-Packard Enterprise Saudi Arabia HPE Hyper Converged Mohannad Daradkeh Data center and Hybrid Cloud Architect Hewlett-Packard Enterprise Saudi Arabia Transform to a hybrid infrastructure Accelerate the delivery of apps and services to

More information

Vblock Architecture. Andrew Smallridge DC Technology Solutions Architect

Vblock Architecture. Andrew Smallridge DC Technology Solutions Architect Vblock Architecture Andrew Smallridge DC Technology Solutions Architect asmallri@cisco.com Vblock Design Governance It s an architecture! Requirements: Pretested Fully Integrated Ready to Go Ready to Grow

More information

Be a VDI hero with Nutanix

Be a VDI hero with Nutanix Be a VDI hero with Nutanix Francis O Haire Director, Technology & Strategy DataSolutions Evolution of Enterprise Infrastructure 1990s Today App App App App Virtualization Server Server Server Server Scale-Out

More information

What s New at VMware? The Software-Defined Data Center and Network Virtualization

What s New at VMware? The Software-Defined Data Center and Network Virtualization What s New at VMware? The Software-Defined Data Center and Network Virtualization December 5, 2014 2014 VMware Inc. All rights reserved. Speakers Anthony Luscri VMware Senior Manager, IR Martin Casado

More information

Transform your Datacenter. Mark Godfrey, NetApp Michael Kirchenbauer, Cisco

Transform your Datacenter. Mark Godfrey, NetApp Michael Kirchenbauer, Cisco Transform your Datacenter Mark Godfrey, NetApp Michael Kirchenbauer, Cisco Getting into the Cloud Addressing Cost and Operational Pressures Enterprises Are Adopting New IT Approaches Cloud services SaaS,

More information

Next-Generation Security Platform on VMware NSX Reference Architecture

Next-Generation Security Platform on VMware NSX Reference Architecture t n e g i l l e nt i ES UR T C E T I ARCH Next-Generation Security Platform on VMware NSX Reference Architecture Release 1 March 2018 Contents...... Introduction................................................

More information