ADC im Cloud - Zeitalter

Similar documents
Identiteettien hallinta ja sovellusturvallisuus. Timo Lohenoja, CISPP Systems Engineer, F5 Networks

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Enabling Public Cloud Interconnect Services F5 Application Connector

A different approach to Application Security

F5 Networks in the Software Defined DataCenter Era. Paolo Pambianco System Engineer CSP

Sichere Applikations- dienste

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Orchestration: Accelerate Deployments and Reduce Operational Risk. Nathan Pearce, Product Development SA Programmability & Orchestration Team

4/4/2018 F5 Government Symposium 2018 AWS and F5 Deep Dive

O365 Solutions. Three Phase Approach. Page 1 34

We b Ap p A t ac ks. U ser / Iden tity. P hysi ca l 11% Other (VPN, PoS,infra.)

SAS and F5 integration at F5 Networks. Updates for Version 11.6

F5 Synthesis Information Session. April, 2014

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Cloud Essentials for Architects using OpenStack

Exam : Implementing Microsoft Azure Infrastructure Solutions

Cloud, SDN and BIGIQ. Philippe Bogaerts Senior Field Systems Engineer

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

Security Readiness Assessment

Hybride Cloud Szenarien HHochverfügbar mit KEMP Loadbalancern. Köln am 10.Oktober 2017

Architecture: Consolidated Platform. Eddie Augustine Major Accounts Manager: Federal

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Management and Orchestration with F5 BIG-IQ 4.5. Philippe Bogaerts F5 Networks

Architecting Microsoft Azure Solutions (proposed exam 535)

PRESENTED BY:

SAP Security in a Hybrid World. Kiran Kola

Building a More Secure Cloud Architecture

Adaptacyjny dostęp do aplikacji wszędzie i z każdego urządzenia

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Application Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

PrecisionAccess Trusted Access Control


Estrategias de mitigación de amenazas a las aplicaciones bancarias. Carlos Valencia Sales Engineer - LATAM

Cisco Cloud Application Centric Infrastructure

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Service Insertion with ACI using F5 iworkflow

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Pulse Secure Application Delivery

Cisco Firepower NGFW. Anticipate, block, and respond to threats

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Security for the Cloud Era

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Security Overview and Cisco ACE Replacement

Safeguard Application Uptime and Consistent Performance

PCI DSS Compliance. White Paper Parallels Remote Application Server

A10 Lightning Application Delivery Service

A10 HARMONY CONTROLLER

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

The Pathway to the Cloud Using Azure SQL Managed Instance

Copyright 2011 Trend Micro Inc.

SoftLayer Security and Compliance:

Industry-leading Application PaaS Platform

Google Identity Services for work

Qualys Cloud Platform

Securing Cloud Computing

and public cloud infrastructure, including Amazon Web Services (AWS) and AWS GovCloud, Microsoft Azure and Azure Government Cloud.

Developing Microsoft Azure Solutions (70-532) Syllabus

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Dynamic App Services in Containerized Environments

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Cybersecurity Roadmap: Global Healthcare Security Architecture

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways

App Gateway Deployment Guide

DevOps CICD PopUp. Software Defined Application Delivery Fabric. Frey Khademi. Systems Engineering DACH. Avi Networks

Hybrid Identity de paraplu in de cloud

TIBCO Cloud Integration Security Overview

SECURING THE MULTICLOUD

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Data center interconnect for the enterprise hybrid cloud

Network. Arcstar Universal One

Next-Gen CASB. Patrick Koh Bitglass

EXPERTS LIVE SUMMER NIGHT. Close your datacenter and give your users-wings

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Running MarkLogic in Containers (Both Docker and Kubernetes)

Securing Your Amazon Web Services Virtual Networks

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Qualys Cloud Platform

Windows Server The operating system

Cisco Unified Data Center Strategy

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Check Point vsec for Microsoft Azure

Deploy F5 Application Delivery and Security Services in Private, Public, and Hybrid IT Cloud Environments

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

HCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY

Transcription:

ADC im Cloud - Zeitalter Applikationsdienste für Hybrid-Cloud- und Microservice-Szenarien Ralf Sydekum, SE Manager DACH, F5 Networks GmbH

Some of the Public Cloud Related Questions You May Have.. It s easy to get overwhelmed before you even start F5 Networks, Inc 3

The majority of responsibility for cloud security is on the user not the provider & Content Customer Deployment s, Platform & User Management OS, Firewall & Network Settings & Configuration Customer secures what runs IN the cloud Encryption & Network Traffic Protection Infrastructure Services Storage Network Compute Provider secures the infrastructure https://aws.amazon.com/compliance/shared-responsibility-model/ https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/ Keeping Your Cloud Platform Projects Secure

F5 Mission Delivering app-centric services wherever your apps go ADC Local Load Balancing Security Performance Secure Web Gateway DDoS Protection Identity and Access Firewall PRIVATE CLOUD On premises PUBLIC CLOUD Off premises HYBRID CLOUD F5 Networks, Inc 5

Shifting Influence F5 Networks, Inc

From Traditional Center To Cloud TRADITIONAL DATA CENTER PRIVATE CLOUD DATA CENTER SECURITY ADMIN APP DEV TEAM SECURITY AUDITOR SELF-SERVICE AUTOMATION & ORCHESTRATION SYSTEM SERVER ADMIN NETWORK ADMIN STORAGE ADMIN CONTROLLER COMPUTE NETWORKING STORAGE COMPUTE NETWORKING STORAGE Manual and Silo administration of Compute, Networking and Storage Automation and Orchestration systems driving Compute, Networking and Storage F5 Networks, Inc

F5 Programmability PROGRAMMABLE MANAGEMENT, CONTROL & DATA PLANES icontrol (REST & SOAP) Allows light weight, rapid interaction between user, script & F5 devices iapps Services-based, templatedriven configurations on BIG-IP irule Allows complete programmatic access to application traffic in real time F5 Networks, Inc 8

L4-L7 Configuration via Cloud Orchestrator L2-L3 network configuration L4-L7 service configuration (F5) Control Plane APIC Heat (iapp) SDN Controller iworkflow iapp Catalogue Cloud Orchestrator (optional) REST API Proxy Plane L2-L3 Configuration LAYER 4-7 Services BIG-IP L4-L7 configuration REST APIs LAYER 2-3 Stateless Fabric APP APP APP APP APP App Configuration F5 Networks, Inc

Rise of DevOps, Containers, Open Source, Source: RightScale 2016 State of the Cloud report Source: dog Source: octoverse.github.com F5 Networks, Inc

What are Containers? App 1 Bins/Libs App 2 Bins/Libs App 3 Bins/Libs Lightweight, fast, portable! Guest OS Guest OS Guest OS App 1 App 2 App 3 Bins/Libs Bins/Libs Bins/Libs VM 1 VM 2 VM 3 Container 1 Container 2 Container 3 Hypervisor Host Operating System Infrastructure vs Container Runtime Environment Operating System Infrastructure Virtual Machines Containers Kind of feels like a virtual machine, but sheds all the weight and startup overhead of a guest operating system 11

Automating BIG-IP Services with F5 Container Connector - Managing north-south traffic (5) User makes request to App A through BIG-IP (6) L4-L7 services for N-S Traffic towards App A managed by BIG-IP BIG-IP (4) F5 CC configures application services for App A via REST API Cluster Scheduler App A App A App A F5 CC (1) Configures App A (3) Scheduler notifies F5 CC Master Node (2) Scheduler starts 3 instances of App A F5 Networks, Inc

Which Cloud is Best for You? PRO Private Cloud Pros and Cons Strong Security (sensitive data, keys) Full Control (policies & compliance) Easily Customizable Public Cloud Pros and Cons Time to Market Low initial costs (Pay per use) Flexible & unlimited capacity growth No CapEx Costs only for project live time CON Cost / upfront investment Under-utilization Capacity Ceiling (limit) Security: private keys, policies, sensitive data Storage: cost, data to/from the cloud Cloud lock-in: policies, data transfer cost Performance: Higher latency PRIVATE CLOUD On premises HYBRID CLOUD User PUBLIC CLOUD Off premises F5 Networks, Inc

Thinking about moving apps to Public Cloud? ADC & Security AWS Tools ADC & Security Private Cloud Public Internet ADC & Security Azure Tools How about migrating/scaling or adding new apps to a public cloud provider to get the benefits of public cloud : cost, time to market and scale? F5 Networks, Inc

Migrating to a Hybrid Cloud PROS CONS ADC & Security AWS Tools ADC & Security Private Cloud Public Internet Migrate/Scale out Orange App to AWS ADC & Security Azure Tools New Green App to Azure Time to Market Low initial costs (Pay per use) Flexible & unlimited capacity growth Security: private keys, policy, sensitive data Storage: cost, data to/from the cloud Cloud lock-in: policy, data transfer cost Performance: Higher latency F5 Networks, Inc 15

Deploying F5 Virtual Edition in Public Cloud PROS CONS ADC & Security AWS Tools ADC & Security Private Cloud Public Internet ADC & Security Azure Tools Unifying your L4-L7 application services and policies across your Private and Public Cloud deployments, common orchestration tools/scripts (BYOL, Utility Billing) Security: private keys, policy, sensitive data Storage: cost, data to/from the cloud Cloud lock-in: policy, data transfer cost Performance: Higher latency F5 Networks, Inc 16

Introducing the Connector Securing and automating app delivery in public cloud App Connector AC Private Cloud Private keys ADC & Security Public Internet Secure Reverse Tunnel App Connector AC Connector F5 Solution for Private Public Cloud inter-connect Secure reverse tunnel between Private Public cloud (SSL keys on BIG-IP in Private Cloud/DC) Public cloud resources auto-discovered and managed by BIG-IP in Private Cloud/DC F5 Networks, Inc 17

Introducing the Connector PROS CONS App Connector AC Private Cloud Private keys ADC & Security Public Internet Secure Reverse Tunnel App Connector AC Private keys stored in Private Cloud App front-end via BIG-IP in Private Cloud Auto-discovery of Public Cloud resources All resources managed from Private Cloud Security: private keys, sensitive data Storage: cost, data to/from the cloud Cloud lock-in: data transfer cost Performance: Higher latency F5 Networks, Inc 18

Cloud Interconnect via Colocation PROS CONS App Connector AC ADC & Security Private Cloud Public Internet Secure Reverse Tunnel Colo Facility ADC & Security App Connector AC Private Interconnect Storage Public Cloud XChange Extend your Private Cloud into Colo Facility Sensitive data securely stored in Colo Colo brings app closer to end users Moving data in/out colo at low cost Low latency towards all public cloud providers Security: sensitive data Storage: cost, data to/from the cloud Cloud lock-in: data transfer cost Performance: Higher latency F5 Networks, Inc

The expanded new DC App Connector AC ADC & Security Private Cloud Public Internet Secure Reverse Tunnel Colo Facility ADC & Security App Connector AC Private Interconnect Storage Public Cloud XChange Extend your Private Cloud into Colo Facility Silverline Services F5 Networks, Inc

F5 Cloud Vision Deploy any, Anywhere, with consistent application Services and Security AWS Google Consistent Policies Private Cloud Cloud Freedom Fastest Time to Service Visibility CoLo Azure IBM Rackspace Lowest TCO CoLo/Public Cloud Managed Hosting Current Center SaaS SaaS SaaS Apps SaaS F5 Networks, Inc

Cross-site request forgery Man-in-the-browser Visibility into threats Session hijacking Malware DDoS DNS spoofing DNS cache poisoning DNS hijacking Man-in-the-middle DDoS Eavesdropping Protocol abuse Man-in-the-middle Malware DDoS API attacks Injection Key disclosure Protocol abuse Session hijacking Abuse of functionality Certificate spoofing Cross-site scripting Cross-site request forgery Man-in-the-middle Credential theft Credential stuffing Session theft Brute force Phishing

Visibility into the cloud

SSL/TLS Decryption for Breach Visibility SSL Orchestrator Decrypt Re-encrypt Network tap (Long term capture) ICAP (DLP) L2 (IPS) L3 (NGFW)

BROWSER APP IMPORTANCE AND RISK BROWSER OS OPERATING SYSTEM APP TYPE / VERSION BROWSER v3.1 DEVICE TYPE & INTEGRITY APP LOCATION BROWSER You need to understand an application s normal and expected behavior so you can recognize abnormal conditions AUTHEN- TICATION LOCATION ACCESS METHOD BROWSER ENCRYPTION NETWORK INTEGRITY BROWSER NETWORK QUALITY & AVAILABILITY BROWSER NETWORK CONNECTION INTEGRITY BROWSER

You need to assess risk and make informed decisions about what kind of security controls to apply to protect your apps and data.

Risk-based Policy Protection Allow Deny Challenge OTP Client cert. Asien User ID Location Endpoint Device health Device type Malware Sensitive data Human Low-Value App Public Cloud IaaS Allow Deny Challenge OTP Client cert. Europa User ID Location Endpoint Device health Device type Malware Sensitive data Human High-Value App Enterprise Center 28

Federated Identity for Cloud Access Users Infrastructure Corporate Users MFA VPN SSO Context- Based Auth Attackers Office 365 SAML 2.0 OAUTH 2.0 Access Protection Directory Services s Google Apps Salesforce SaaS Providers Federation 2017 F5 Networks F5 Networks, Inc 29

Web Firewall Legitimate User OWASP Top 10 BOT protection, L7 DDoS, API Protection Private/Public/ Hybrid/Service Web Firewall Services Private/Hybrid Cloud Hosted Web App Physical Hosted Web App Attackers Public Cloud Hosted Web App Third-Party DAST /DAST Scans F5 Networks, Inc 30

APPLICATION ACCESS APPLICATION PROTECTION & User Protection Capabilities Secure Web Gateway Remote Access IP Intelligence Web Fraud Protection Hybrid WAF Access Federation SSL Inspection App Access Management Enterprise Mobility Gateway DDoS Protection DNS Security Perimeter/DC Firewall Securing access from any user on any device Strongest set of application security controls that reduce risk Protecting your applications regardless of where they live F5 Networks, Inc

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback