appcito and pluribus - the application-aware fabric

Proprietary & Confidential

Taking Cloud Applications from Good to Great

Appcito and Pluribus

The “Application-aware” Fabric

Siva MandalamVP, Strategy and Marketing

Software for Cloud Application Developers 2Proprietary & Confidential

Traditional Services Model

1Extremely expensive only 15-20% of the DC apps are covered by services

2Manual slow configuration, required specialized trained staff

4Sub-optimal traffic routing, hair-pinning, hard to scale across physical and virtual

3Services have no shared state; do not scale dynamically

5Difficult to troubleshoot application issues

Software for Cloud Application DevelopersProprietary & Confidential

Logs, Metrics, Policies

Appcito CAFE High Level Architecture

Web

Traffic

Policy Execution Point (PEP): Data Plane

Application

Application Services ControllerControl | Management | Analytics

• Orchestrates App Services • Elastic, Multi-tenant• API Driven• Programmable Policies• Insights

• Implements Traffic Policies:• Availability, Performance, Security, Continuous Deployment

• Programmable • Multi-Cloud

Runs inCloud/on Prem,

managedby Appcito/customer

Proxy inCloud/

On-Prem, in front of customer

applications

Shared persistent state between PEPs


Pluribus-Appcito Cloud Scale Services Fabric

Distributed Services Data Plane

Layer 4-7 services close to the transaction, offloading servers and leveraging HW acceleration

1Cover 100% of your application. Disruptive economics, pay as you grow.

2From weeks to minutes: 5 min activation!

4Optimized traffic routing for E-W trafficOff-load & accelerate services w/ Netvisor

3Elastic scaling. Automatic chaining. Cloud bursting for hybrid deployments.

5Easy to troubleshoot application level performance, security and availability issues


Re-thinking Cloud Services

Appcito+Pluribus

Traditional Fabric+Services

Comments

East-West, Virtual Workloads OptimizedServices close to transaction

Enforce policy to inter-VM traffic, without the need to hairpin traffic to physical devices designed to protect north-south traffic.

Uncompromised security for East-west and North-south traffic with scale and performance

SSL everywhere, L7 firewalling, DDOS protection everywhere

Elastic Auto-scaling Shared state across distributed instances of a service. Unlike traditional virtual services or appliances

L1-L7 application analytics @ scale

Pluribus L1-L4 analytics w/ Appcito L7 analytics engine

Free servers cycles to run applications - Off-load vServices to network

Pluribus TOR Hyper-converged SDN Appliances with HW acceleration

Optimized for hybrid on-premise and Cloud deployments

Built for cloud bursting

Application Firewalling, Load Balancing, Performance and Insights


Appcito+Pluribus Integration Use cases

L1-L7 Application Analytics Correlation

TOR Services off-load andHW acceleration e.g. SSL

L2-L7 DDOS Protectionw/ HW off-load

Integration with PluribusVirtualized Infrastructure &OpenStack Orchestration

Distributed Services Data Plane

Software for Cloud Application Developers 7Proprietary & Confidential 7

Seamless Availability, Scaling of Private Cloud Applications

• Industry’s first cloud-native distributed stateful proxy that leverages Application Fabric

• Extend infrastructure capacity without additional boxes

• Seamlessly support availability of multiple applications

LogsMetricsPolicies

Web

Traffic

PEP Application

Barista Application Services Controller (ASC)

Control | Management | Analytics

PEP

• Appcito Policy enforcement point (PEP) provides full proxy by being closer to applications

• Appcito PEP can be deployed in any rack in fabric in front of any application

• Open stack is used for provisioning management, and Barista for analytics, policy recos.

Network Computing Appliance

Netvisor ODM Switch/ Server-Switch


Application Analytics Performance and Health Monitoring

• Real-time application health monitoring from application all the way to network

• Barista Analytics for insights on application data and policy recommendations

• Leverage Pluribus visibility for improved anomaly detection to identify application level attacks

LogsMetricsPolicies

Web

Traffic

PEP Application



PEP

• Appcito Policy enforcement point (PEP) collects detailed metrics of applications

• Pluribus fabric collects detailed statistics for every flow, and time machine for historical analysis

• Customers can easily troubleshoot applications inside private cloud




Elastic SSL and full SSL Visibility

• Appcito Policy enforcement point (PEP) provides SSL offloading with strong ciphers

• Appcito ASC can auto scale SSL minimizing SSL handshakes and service interruptions

• Barista ASC provides full visibility of SSL traffic

• Offload SSL- reduce load on application server instances

• Gain full visibility and detection of SSL encrypted attacks

• Leverage Pluribus powerful hardware (CPU, memory, offload SSL capabilities)

SSL

Traffic

PEP Application


PEP

SSL

Traffic

PEP Application PEPZone A

Zone B




Guard against DDoSNetwork Attacks Session Attacks Application Attacks

ICMP Floods, Ping Floods, and Smurf AttacksSYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop

SSL Floods, SSL Renegotiation, DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods

Slowloris, Slow Post, HashDos, GET Floods, OWASP Top 10 (SQL Injection, XSS, CSRF, etc.)

Pluribus Mitigation Mechanisms

IP Protection, Rate Limiting, Throttling, MAC Flood protection, NTP attack throttling, UDP flood pruning, rate limiting, strict TCP forwarding .

Appcito Mitigation Mechanisms

SSL termination, SSL renegotiation validation, Elastic scale SSL, DNS mitigation mechanisms, full programmability

Appcito Mitigation Mechanisms

Blacklist and whitelist support, full proxy for HTTP, anomaly detection, web application firewalling

• Leverage Pluribus mitigation mechanisms, Higher buffering, QoS for SLA for certain traffic and default protection mechanisms against infrastructure attacks

• Appcito provides comprehensive DDoS attack mitigation mechanisms against Layer 7 application attacks


Cloud-native Application Security

• Defend against malicious activity and web attacks with Appcito WAF

• Block BOTS while allowing genuine users

• Leverage Pluribus visibility for improved anomaly detection to identify application level attacks

LogsMetricsPolicies

Web

Traffic

PEP Application



PEP

• Appcito Policy enforcement point (PEP) enforces WAF policies on application traffic

• Appcito Barista can blacklist or whitelist IP and block BOTS

• Pluribus analytics is used for determining anomalies and application policy is applied with Appcito




SummaryComplementary SDN Data Plane Layers Forming

A True Application-Aware Fabric• Netvisor distributed programmable fabric architecture

abstracts the network topology and offers API for L1-4 analytics to L7 services.

• Pluribus server-switches provide high-performance NFV platforms to run L7 data plane services.

• Appcito provides Layer 4-7 capabilities as a SaaS from cloud, Appcito works on both Amazon environments and Openstack environments

• Complementary SDN Data Planes provide Application Fabric integrated with Network Fabric resulting in a dramatically simplified services architecture optimized for physical+virtual workloads, E-W traffic patterns and performance

appcito and pluribus - the application-aware fabric

Technology

application issues

cloud applications

cloud deployments

traditional virtual

application level performance

services w netvisor

app services elastic

traffic policies