CTO PoV: Enterprise Networks (Part 2) Security for IoT & Cloud

Similar documents
Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

Secure Extensible Network. Solution and Technology Introduction

Cisco SD-WAN and DNA-C

Fundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites

SD-WAN 101. November 3 rd 2016 Rob McBride Marketing

Introduction to Cisco SD- WAN (Viptela)

Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab

Serviceability of SD-WAN

Implementing and Configuring Cisco SDWAN (ICSDWAN-CT)

Cisco SD-WAN. Securely connect any user to any application across any platform, all with a consistent user experience.

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

CVP Enterprise Cisco SD-WAN Retail Profile (Hybrid WAN, Segmentation, Zone-Based Firewall, Quality of Service, and Centralized Policies)

SD-WAN Advanced Operations & Troubleshooting Bootcamp (SDWOTS)

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

Cisco IOS IPv6. Cisco IOS IPv6 IPv6 IPv6 service provider IPv6. IPv6. data link IPv6 Cisco IOS IPv6. IPv6

WHITE PAPER ARUBA SD-BRANCH OVERVIEW

I D C T E C H N O L O G Y S P O T L I G H T. SD- W AN : M o m e n t u m B u i l d s as Early Ad o p t e r s

Enterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies)

The Cloud is the Network

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

Enterprise WAN Agility.

vedge Cloud Datasheet PRODUCT OVERVIEW DEPLOYMENT USE CASES EXTEND VIPTELA OVERLAY INTO PUBLIC CLOUD ENVIRONMENTS

SD-WAN on Cisco IOS XE Routers: An End-to-End View

ONBOARDING GUIDE GLOBALPROTECT CLOUD SERVICE FOR REMOTE NETWORKS

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Making Enterprise Branches Agile and Efficient with Software-defined WAN (SD-WAN)

Not all SD-WANs are Created Equal

SD-WAN AND BEYOND: DELIVERING VIRTUAL NETWORK SERVICES

EdgeConnectSP The Premier SD-WAN Solution

From Zero Touch Provisioning to Secure Business Intent

Unity EdgeConnect SP SD-WAN Solution

Delivering Cisco Next Generation SD-WAN with Viptela

Cisco Multicloud Portfolio: Cloud Connect

What To Ask Your SD-WAN Vendor

Verizon Software Defined Perimeter (SDP).

NETWORK VIRTUALIZATION THE STORY OF SDN/NFV, NUAGE, DATACENTERS, VCPE

Simplifying WAN Architecture

Faster, Better, and Cheaper? Building the SD-WAN Business Case

SD-WAN: Cloud onramp for SaaS Deployment Guide

OpenFlow: What s it Good for?

Live Demo: Top Deployed SD-WAN Use Cases

Benefits of SD-WAN to the Distributed Enterprise

Deploying Cisco SD-WAN on AWS

Unity EdgeConnect SD-WAN Solution

MASERGY S MANAGED SD-WAN

SDWAN: Re-architecting WAN with Software Defined Networking

MPLS vs SDWAN.

SD-WAN Solution How to Make the Best Choice for Your Business

Delivering the Wireless Software-Defined Branch

AT&T SD-WAN Network Based service quick start guide

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Why the Cloud is the Network

SMART WORKING una infrastruttura agile per un nuovo modo di lavorare. Luca Guerra Sales Engineer Networking Avaya Italia SpA

Cisco SD WAN for Service Providers

Digital Transformation through Open Software Defined Infrastructure Justin Dustzadeh, Vice President and Head of Global Infrastructure Network

Virtual Private Cloud. User Guide. Issue 03 Date

SD-WAN. What is it anyway?

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

RingCentral White Paper UCaaS Connectivity Options in the New Age. White Paper. UCaaS Connectivity Options in the New Age: Best Practices

SD-WAN orchestrated by Amdocs

SDN, SD-WAN, NFV, VNF I m confused!

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

The vedge Cloud router targets the follow ing main deployment use cases: 1. Extend SD-WAN Overlay into Public Cloud Environments

Phil Dredger Global Lead Network Services Cloud Platform and ITO DXC. Presentation title here edit on Slide Master

Intelligent WAN Multiple VRFs Deployment Guide

Meraki Solution Brochure

A Singtel Whitepaper. A modern networking infrastructure unleashes innovations in retail operation and customer service

INNOVATIVE SD-WAN TECHNOLOGY

The Top 10 Reasons to Replace Your Branch Router with SD-WAN. An ebook presented by Silver Peak Systems

Meraki 2018 Solution Brochure

SILVER PEAK EDGECONNECT SD-WAN SOLUTION OVERVIEW FOR SERVICE PROVIDERS

Security Considerations for Cloud Readiness

Unity EdgeConnect SD-WAN Solution

Simplifying the Branch Network

Our Virtual Intelligent Network Overlay (VINO) solutions bring next-generation performance and efficiency to business networks throughout North

Next generation branch with SD-WAN and NFV

BROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK

Voice of the Customer First American Title SD-WAN Transformation

SD-WAN Tutorial: Service Components, Functionality, MEF Reference Architecture and Use Cases

Huawei SD-WAN Solution

SD-WAN: A Simplified Network for Distributed Enterprises

ETSI FUTURE Network SDN and NFV for Carriers MP Odini HP CMS CT Office April 2013

Versa Software-Defined Solutions for Service Providers

Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud

90 % of WAN decision makers cite their

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

VeloCloud SD-WAN Subscription

SD-WANs and Lifecycle Service Orchestration (LSO) October Daniel Bar-Lev Director, Office of the CTO

MULTINATIONAL BANKING CORPORATION INVESTS IN ROUTE ANALYTICS TO AVOID OUTAGES

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

SECURING THE MULTICLOUD

Why EXTREME NETWORKS. NES Communications Partner event 2018

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

IWAN APIC-EM Application Cisco Intelligent WAN

C O M P E T E A T Y O U R P E A K

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Transcription:

CTO PoV: Enterprise Networks (Part 2) Security for IoT & Cloud Khalid Raza CTO & Co-Founder Viptela khalid@viptela.com Danny Johnson Director, Product Marketing Verizon daniel.johnson@verizonwireless.com

SD-WAN Architecture Orchestration vorchestrator Analytics Engine Monitoring Provisioning Management Plane Troubleshooting GUI Private Cloud vsmart Controller Secure Overlay Control plane Medical Device Printer Smart Phones Hospital MPLS Internet LTE Data Center Branch Office Wireless Laptop End-user Data Plane 2

Secure Control Plane Scale Security at Routing Scale Viptela Traditional Centralized control plane Extensible overlay management protocol for security parameters exchange O(N) complexity De-centralized control plane IKE and Diffie-Hellman for key exchange and security association establishment O(N^2) complexity 3

Viptela - Enabling the Next Generation Enterprise Architecture SD WAN I-IOT ANALYTICS CLOUD 3 rd party connectivity MANAGEMENT ORCHESTRATION vfabric USERS Any User/Device INTERNET CONTROL MPLS 4G Any Delivery DC IaaS SaaS APPs 3 rd Party 4 DATACENTER CAMPUS BRANCH HOME OFFICE

Case Study: 1200- site Bank Customer challenges: Deploy new high bandwidth video application, new revenue ($$) Headquarters Regional Offices Verizon Private IP Verizon Secure Cloud Interconnect Consumer Mobile devices Security requirements across lines of business Wifi, Geofencing Avoid application outages during network failures Data centers Digital signage How Verizon & Viptela helped: Managed SD-WAN solution with MPLS + Broadband + LTE at every location Cloud-managed overlay fabric with end-to-end security Isolated segments for each line of business Application policies with intelligent real-time steering Public internet Rapid deployment Retail branch 1200+ branches Time to Revenue ATM s and kiosks Video conferencing Security / Isolation of Assets App Outages Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

Zero-Trust Security Principles Control Elements X.509 Certificate DTLS/TLS Control Tunnel 6

Dramatic Scale Key management Data traffic Control Plane vsmart Controller(s) IPSec Site 1 4G Site 2 MPLS INTERNET IPSec 7 Site 101 Site 100

Infrastructure DDoS Mitigation Routers Default Deny: All Allow: Specific IP/Port (provided by vbond) vsmart vbond vmanage CPU Remote Routers IPSec Default Deny: All Allow: Specific peers (provided by vsmart) Packet Forwarding Router Else 8 Default Deny: All Default Allow: ICMP, DNS, DHCP Manual Allow: SSH, NTP

Application Firewall Deep Packet Inspection vsmart Controllers IPSec Tunnel Data traffic Control Plane Match: Application Action: Drop/Allow Update Update Match: Application Action: Drop/Allow ACL Transports ACL Transports User Site Data Center Server App Fingerprinting 3,000 individual applications and protocols Application families App Fingerprinting 9

Stateful Network Services Network Service Insertion and Chaining Strong security posture - Regionalized stateful network service vsmart Controllers Multiple network services - Service chaining Update Update Update Transports Transports User Site Data Center Server Regional DC/Colo Control Plane IPSec Tunnel Network Service Nodes Data traffic 10

White-list Topologies 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback