ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM

Similar documents
CONTRAIL SECURITY. Contrail Cloud Networking & Security

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

SECURING THE MULTICLOUD

CONTAINERS AND MICROSERVICES WITH CONTRAIL

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Extending Enterprise Security to Multicloud and Public Cloud

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

2018 Cisco and/or its affiliates. All rights reserved.

INTERCONNECTING MULTICLOUD WITH VMX

DPDK Summit 2016 OpenContrail vrouter / DPDK Architecture. Raja Sivaramakrishnan, Distinguished Engineer Aniket Daptari, Sr.

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Zero Trust Security with Software-Defined Secure Networks

Journey to Secure and Automated Multi-cloud

Cisco Cloud Application Centric Infrastructure

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

Securing Microservice Interactions in Openstack and Kubernetes

No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide

Distributed Data Centers Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

Hybrid Cloud Solutions

Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN

Agenda Basecamp The Journey So Far Enhancements Into the Fear Zone Climbing The VM-Series Performance Peak New VM-Series Models and Licensing Best Pra

Contrail Networking: Evolve your cloud with Containers

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cisco Container Platform

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer

Cisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany

Benefits of SD-WAN to the Distributed Enterprise

NITA Based Offers and Services

CloudBridge and Get Ready for Desktops and Apps as a Service. Henrik Poulsen

METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cisco Virtual Topology System (VTS)

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

IBM Cloud for VMware Solutions

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

NTT Com Press Conference March 1, 2016 #enterprisecloud


OpenStack Networking: Where to Next?

Intent Driven Network Operations with AppFormix Advanced Analytics Platform. Joseph Li

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Contrail Cloud Platform Architecture

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Contrail Cloud Platform Architecture

Introduction to Cisco Virtual Topology System DP Ayyadevara, Product Manager, Cloud Virtualization Cisco PSOSDN-1050

When (and how) to move applications from VMware to Cisco Metacloud

Using Network Virtualization in DevOps environments Yves Fauser, 22. March 2016 (Technical Product Manager VMware NSBU)

How to Keep UP Through Digital Transformation with Next-Generation App Development

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Routing Applications State of the Art and Disruptions

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

NET1821BU THE FUTURE OF NETWORKING AND SECURITY WITH NSX-T Bruce Davie CTO, APJ 2

Virtual Tech Update Intercloud Fabric. Michael Petersen Systems Engineer, Cisco Denmark

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Huawei CloudFabric and VMware Collaboration Innovation Solution in Data Centers

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Cisco ACI vpod. One intent: Any workload, Any location, Any cloud. Introduction

Managed Platform for Adaptive Computing mpac

Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud

FortiGate. on OCB FE Configuration Guide. 6 th December 2018 Version 1.0

Data Center and Cloud Automation

THE NETWORK AND THE CLOUD

Cisco UCS Director and ACI Advanced Deployment Lab

Hybrid Cloud for the Enterprise

The Latest EMC s announcements

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Title DC Automation: It s a MARVEL!

Cloud & container monitoring , Lars Michelsen Check_MK Conference #4

VMware Hybrid Cloud Solution

Cloud Technologies Public and Private Cloud Interconnection

SD-WANs and Lifecycle Service Orchestration (LSO) October Daniel Bar-Lev Director, Office of the CTO

Hybrid Cloud and Connecting to MS Azure

Enabling Your Cloud with VMware. Rob Rowe Jason Kuipers

The threat landscape is constantly

Cisco VTS. Enabling the Software Defined Data Center. Jim Triestman CSE Datacenter USSP Cisco Virtual Topology System

Cisco Unified Data Center Strategy

JN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min.

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Intuit Application Centric ACI Deployment Case Study

NetApp AWS Worldwide Public Sector Summit Washington, D.C.

A Cloud WHERE PHYSICAL ARE TOGETHER AT LAST

Migrating Enterprise Applications to the Cloud Session 672. Leighton L. Nelson

Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

Flip the Switch to Container-based Clouds

How SD-WAN Makes UC Apps Dance. The Leader in Failsafe SD-WANs. May 17, Top 10 Coolest SDN Technologies

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

The Intent based Data Center. Kim In-Sook Manager, ASEAN Data Center Architect Team Jan 11, 2018

Seven Key Considerations Before Your Upcoming F5 or Citrix Load Balancer Refresh

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

Software Defined Broadband Networks. Jon Mischel Director, Product Management

Benefits of Extending your Datacenters with Amazon Web Services

Building NFV Solutions with OpenStack and Cisco ACI

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Distributed Network Function Virtualization

Transcription:

ROLE OF NETWORK VIRTUALIZATION AND SOFTWARE DEFINED SECURITY IN MULTICLOUD ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM

This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted in this presentation. This presentation contains proprietary roadmap information and should not be discussed or shared without a signed non-disclosure agreement (NDA).

AGENDA 1 2 3 4 MULTICLOUD WHAT, WHY & CHALLENGES CONTRAIL ENABLING MULTICLOUD CONSISTENT MULTICLOUD SECURITY CONSISTENT (SECURE) MULTICLOUD CONNECTIVITY

MULTICLOUD TRENDS AND CHALLENGES

What is Multicloud? On-Prem Public Clouds Colo Colo SaaS Clouds INFRASTRUCTURE/APPS IN ANY COMBINATION OF PUBLIC, PRIVATE (ON-PREM/COLO), or SaaS ENVIRONMENTS

How Enterprises are Leveraging Multicloud ENTERPRISE DC (1000 s) Today large number of enterprises run all Ent. Apps on-prem MULTIPLE SAAS CLOUDS TRADITIONAL / STANDARD APPS EMERGENCE OF SAAS CLOUDS App Vendors are migrating to SaaS Clouds Almost every traditional app has a SaaS offering Email ERP Auth Expense Database CRM CUSTOM APPS BI DYNAMIC APPS What-If Analysis Analytics Helpdesk xxx PUBLIC CLOUD MIGRATION Custom Apps are migrating to Public and SaaS Clouds Dynamic Apps are migrating to Public Clouds but some still remain on-prem PRIVATE CLOUDS (100 s) Fewer Private Clouds Financials, Healthcare, Hi-Tech, Oil & Gas & Govt. sectors Cost, Compliance & Security primary drivers PUBLIC CLOUDS ENTERPRISE PRIVATE CLOUDS (100 s) EXCHANGE (e.g. Equinix, etc.) Provide high speed connectivity enabling Hybrid Clouds

Why Multicloud? On-Prem Public Clouds Colo Colo SaaS Clouds ECONOMICS, BUYER LEVERAGE, ARBITRAGE DIFFERENT TEAMS, DIFFERENT CLOUDS CLOUD BURSTING PREVENTION OF VENDOR LOCK-IN HIGH AVAILABILITY, RESILIENCY, DISASTER RECOVERY

Infrastructure Mistakes Your Company Must Not Make THEY LAND THEMSELVES IN CLOUD JAIL THEY GET SUCKED IN BY HIPSTER TOOLS THEY DON T DESIGN FOR MONITORABILTIY Source: http://firstround.com/review/the-three-infrastructure-mistakes-your-company-must-not-make/ - Avi Freedman

Challenges with Multicloud? Inconsistent toolset, env, mgmt, features VMs FIREWALL CPE Apps have to be (re)written for the specific env BMS Secure Connectivity Containers VNF / PNF On-Prem and Colos Customer Branch Lock-in

CONTRAIL ENABLING MULTICLOUD

CONTRAIL: GOALS & OBJECTIVES Users (Developers, Net Ops, CISO, ) V I S I O N Apps (running in any environments) Provide Connectivity, Security, and Manageability for: 1. Users to Apps 2. Apps to Apps Custom Apps M a n a g e a b i l i t y & O p e r a t i o n s S e c u r i t y P o l i c y & V i s u a l i z a t i o n C o n n e c t i v i t y CPE IP Fabric VMs Remote Branch Office Containers BMS FIREWALL Multi-site DC / Private Cloud (VMs, BMS, Containers, VNFs) Telco POPs Public Cloud (VPC s)

ENABLING MULTICLOUD CONNECTIVITY & SECURITY Contrail connects multiple environments & provides a single resource pool, applies consistent policies across the different environments, and provides management and analytics on the entire environment. Contrail Security Consistent intent-driven policy configuration with detailed security analytics / prediction and traffic visualization along with compliance and monitoring CONTROLLER Contrail Security Distributed enforcement of policies at L4 and L7 Contrail Networking Interconnects multiple heterogeneous environments Compute Nodes Compute Nodes GW Public or Private Internet or Direct Connect vrouter vrouter Private Cloud Data Center Policy-Based Encryption Public Cloud VPC / VN

OPERATOR WORKFLOW Note: View this in presentation mode Operator Username Password Kenai Portal Build Fabric Provide Hybrid Connectivity Build PODs Apply Sec. Policies Manage User Conn. & Policies Monitor / Troubleshoot Config Wizard Step 1 Welcome J U N I P E R S E R V I C E S Services can run in the Cloud or on-prem Device Manager Server Manager EM S AWS Manager Hybrid Connectivity OpenStack POD OpenShif t POD Policies Users VNFs Analytic s Any-2-Any Low-latency Connectivity between multiple environments over the Internet / Private Backbone / Direct Connect, etc. BOT On customer Premise Managed by customer - or - Managed On customer Premise Managed by Juniper - and / or - SaaS On Juniper Cloud Managed by Juniper AWS VPC - 1 AWS VPC - 2

EVOLUTION OF CONTRAIL INCREASING LEVELS OF INTEGRATION Contrail Networking Contrail Cloud Contrail Security Cloud Networking Network Virtualization Virtualized Network Services Multiple Orchestration Support Openstack, VMware ESXi, vcenter, K8,Openshift Cloud Orchestration Server Management Distributed & Scale-out Storage Compute Orchestration + Contrail Networking Contrail Security Multi Dimensional Intent-Driven Policy Framework across heterogeneous workloads standards based connectivity across hybrid clouds AWS, GCE, Azure, etc Policy based secure routing, connectivity and data path encryption

KEY TAKEAWAY App Discovery, Tag based Policy & Visualization across heterogeneous and distributed environments (ESXi & KVM VMs, K8s / containers, bare-metal servers, Public Cloud, etc.) Network / Policy Framework Analytics & Monitoring Custom Custom Uniform and Consistent Network Virtualization, Application Security; Single Pane of Glass Visibility, Analytics and Monitoring

CONSISTENT MULTICLOUD SECURITY

PROBLEM STATEMENT Reuse of policies across multiple clouds and with multiple orchestrators App1, Deployment = Dev Web App db Define/Review/Approve Once Use Everywhere App1, Deployment = Dev- AWS Web App db App1, Deployment = Staging Web App db Policy = P App1, Deployment = Dev-K8s App1, Deployment = Prod Web App db Web App db B a r e M e t a l S e r v e r s App1, Deployment = Staging-BMS App1, Deployment = Dev-Mesos Web App db Web App db

ENFORCEMENT DEFINITION CONTRAIL SECURITY KEY CAPABILITIES Consistent Intent- Driven Policy Application Policy Config & Flow Visualization Multiple Enforcement Points Security Admin No Policy Rewrite Define Once Enforce Everywhere Discover Inter- and Intra-application traffic flows with/without enforcing policies L4 L7 Web App DB Single policy OpenStack Controller Site = US Host-Based FW How to extend the same set of policies to Mesos, AWS, Kubernetes, Bare Metal Servers without policy rule explosion Offer visualization, analytics, and orchestration for security configurations Provide reporting, troubleshooting and compliance L4 Enforcement at the vrouter (Kernel, DPDK, vcenter, Smart NIC) L7 enforcement at the L7 Firewall

Dev USE-CASE SCENARIO POLICY FRAMEWORK 1 allow https-traffic tier=web > tier=app match deployment 2 allow mysql-traffic tier=app > tier=db match site E n f o r c e m e n t D e f n && site App = Finance, Deployment = Dev App = Finance, Deployment = Dev Web App Web App Production Staging App = Finance, Deployment = Prod Web App Legacy Data (tier = db) App = Finance, Deployment = Staging Web App Legacy Data (tier = db) site = On-Prem site = Public-Cloud-XYZ

Security Policy Enforcement Security Policy Definition CONTRAIL SECURITY ARCHITECTURE CONSISTENT INTENT-DRIVEN POLICY WITH DISTRIBUTED ENFORCEMENT ORCHESTRATOR / APPS Logical View Network & Security Policies Compute / Storage CONTRAIL CONTROLLER End-Point Set #1 End-point Set #2 (Config, Control, Analytics, TSN, ) BGP Scale-out FW XMPP BGP XMPP Physical IP Fabric (no changes) vrouter Host O/S vrouter Host O/S Gateway To Internet / WAN or Legacy DC Computes CPE Devices Public Cloud VM

E n f o r c e m e n t D e f i n i t i o n MULTIPLE ENFORCEMENT POINTS Controller (HA enabled, logically centralized unit) Can run on VMs or bare Metal On-prem / public cloud / SaaS Offers Connectivity, Security Policies & Analytics / AppFormix Network devices - with - FER node L3-GW at MX L3-GW at Spine L2L3-GW at TOR Bare Metal Compute - with - Forwarding, Enforcement & Reporting (FER) node Virtualized Compute (Kernel / DPDK, vcenter) - with - FER node Smart NIC - with - FER node Public Cloud Instance - with - FER node Low latency connectivity

VISUALIZATION

CONSISTENT (SECURE) MULTICLOUD CONNECTIVITY

CONSISTENT MULTICLOUD NETWORKING XMPP XMPP MP-iBGP Internet EC2 instance MPLSoGRE/UDP/VxLAN VM docker Contrail Secure GW IPSec / SSLVPN Contrail Secure GW VM docker Virtual Network 1.1.1.0/24 Private Cloud (AS 65001) VPC subnet 2.2.2.0/24 VPC in AWS Public Cloud

INTRA CLUSTER / CLOUD SECURITY

MULTICLOUD SECURITY

DEMO

DEMO TOPOLOGY Contrail On-Prem Cloud Contrail Security GW Openstack + Contrail Controller VN VN vrouter Internet AWS Contrail Security GW vrouter

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback