Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto - Finally, Data Center Security without Compromise 12.00-12.45 Juniper - QFX & MetaFabric - the Integration of ware NSX 12:45-13:30 Lunch 13:30-14:15 Trend Micro - Optimised Security for Modern Data Centre 14:15-15:00 F5 - Discover how F5 and ware deliver a software-defined data center by providing simplified end-to-end networking through an application-centric approach 15:00-15:15 Break 15:15-16:00 Check Point - Automating Multi-tiered Security in the NSX Eco system 16:00-16:15 Q&A 16:15-18:00 Network Drink with WINE TASTING
Securing the Software Defined Data Center Typical Security Challenges in (Traditional) Data Centers SDDC: Definition and Components From Traditional to Software Defined Data Center Security Solutions Layered Architecture Key Takeaways
Typical Security Challenges in (Traditional) Data Centers Different layers and trust levels: Web - App DB Process intensive to apply security between s. (100-1000 s of s) Lateral movement once compromised Speed of server provisioning: avoid instant on security gaps Security impact on availability and performance
Typical Security Challenges in (Traditional) Data Centers Handling encrypted traffic (SSL) Measure and monitor compliance Application traffic vs. file system traffic Cloud readiness
The Software Defined Data Center: Definition Definition: Refers to a data center where all infrastructure is virtualized and delivered as a service. The core architectural components: Computer virtualization Software-defined networking (SDN) Software-defined storage (SDS) Management and automation software
From Traditional to Software Defined Data Centers Security with NSX Perimeter Security still required Micro segmentation becomes feasible. The automated provisioning of firewall policies when a workload is programmatically created. Distributed enforcement at every virtual interface and in-kernel, distributed to every hypervisor and baked into the platform. Native Isolation: No physical subnets, no VLANs, no ACLs are required. Segmentation is enforced at the virtual interface and advanced security services can be added.
Software Defined Data Center: Security Solutions Data center firewall to secure datacenter access Network segmentation firewall to secure inter traffic DDOS protection: cloud & on premise Web application firewall Web Access Management
Software Defined Data Center: Security Solutions IPS for virtual patching Data leakage prevention Anti malware detection and cleaning Compliance monitoring
Layered Architecture Cloud Scrubbing Center Volumetric DDOS attacks Known signature attacks DataCenter Firewall IPS Sandboxing DLP Application Delivery Controler Web Application Firewall Anti DDOS Network Segmentation Firewall IPS Anti Malware Compl. Web App DB Finance HR Engineering
Layered Architecture Cloud Scrubbing Center Volumetric DDOS attacks Known signature attacks Multiple TB attack mitigation bandwidth Multiple scrubbing datacenters Fast mitigation Limited false positives Up to L7 Customer portal with centralized attack and threat monitoring reports
Layered Architecture DataCenter Firewall IPS Sandboxing DLP High new connections per second (Application Traffic) High number of concurrent connections Scalable architecture: processing power and connectivity User identity and application awareness Platform for additional security modules Policy integration with Network Segmentation Firewall
Layered Architecture Application Delivery Controller Web Application Firewall Web Application Firewall: OWASP top 10 threats Cover Zero Day Attacks by Positive Security Model HTTP anti-ddos Integration with Vulnerability Management Solution Detection and Prevention of Web Scraping PCI compliance
Software Defined Data Center: Web Application Firewall
Layered Architecture Anti DDOS On Premise DDOS protections Application Visibility Threat Intelligence Built in SSL decryption Real Time Reporting and Forensics
Layered Architecture Integration via API with Virtualized Network and Compute Network Segmentation Firewall Web App DB Security is completely decoupled from logical network topology. The firewall function is brought directly to the Finance. Any traffic sent or received by this processed by the NSF. Application Visibility HR Engineering
Layered Architecture Virtual Patching via IPS Agentless Anti Malware IPS- Anti Malware Compl. Web App DB Hypervisor integrity Monitoring Data Encryption DLP Finance Server Compliance Monitoring System Log inspection Automatically quarantining of compromised s HR Engineering
Key Takeaways Perimeter Security only is not sufficient in today s world of advanced threats NSX simplifies significantly inter security and makes it feasable but you still need additional security solutions from leading security vendors to increase security effectiveness. Don t forget Anti DDOS, WAF & Anti Malware Talk to our vendors today about your requirements and needs Enjoy the rest of the day!