cohesiveft and ibm joint emea webinar - 20jun13
TRANSCRIPT
Copyright CohesiveFT - 14 Jun 2013
Welcome to the webinar
2
Sam MitchellSenior Solution Architect
Sam leads the technical elements of the sales cycle. He runs demos, technical qualification, technical account management, proof of concepts, technical and competitive positioning, RFI/RFP responses & proposals.
Before CohesiveFT, Sam was a Cloud Solution Architect at Platform Computing, recently acquired by IBM, and Lead Architect at SITA.
Your Presenters
Chris PurringtonGlobal Sales Director
As Global Sales Director at CohesiveFT and Managing Director of CohesiveFT UK, Chris is responsible for worldwide sales. With over 20 years in the software industry. Chris has extensive experience in leading ISVs to success in EMEA, this includes 9+ years at Application Lifecycle Management company Borland where he was UK MD and VP UK, Ireland and Africa.
Copyright CohesiveFT - 14 Jun 2013
Agenda
• Cloud and SDN Market Overview • What is cloud networking?• Working with cloud networks• Security & control solutions• Hybrid cloud solutions• Federated cloud solutions• Cloud networking customer use cases• Wrap up & questions
3
@cohesiveft#CFTWebinars
Copyright CohesiveFT - 14 Jun 2013
About CohesiveFT
4
What We DoWho We Are• Cohesive Flexible Technologies Corp.
(CohesiveFT)
• Founded in 2006 by IT and capital markets professionals with years of experience in operations, enterprise software and client-facing services
• Customers have 50M+ virtual device hours in public, private, & hybrid clouds secured by VNS3
• First product launched in 2007 with followup products in 2008 and 2011
• Offices in Chicago, London, Belo Horizonte and Palo Alto
• Enable enterprises to run business systems in the cloud
• Our solutions help migrate, transform and extend both customer facing systems and internal operational platforms
• Provide more application-centric SDN for cloud than all competition combined
• Only company to promote comprehensive cloud container solution for migration, deployment and control
• Cloud, vendor, and standards neutral for greater customization and control
Copyright CohesiveFT - 14 Jun 2013
Customers
5
ISV SaaS Integrators Self Service Enterprise
VNS3 has helped secure 50M+ virtual device hours in public, private, & hybrid clouds
Copyright CohesiveFT - 14 Jun 2013
Use
r C
ontr
olPr
ovid
er C
ontr
ol
Compute Storage NetworkHardware Ownership
Layer
Virtualization Layer
Web Server Runtime
IaaS
PaaS
Layer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6
Limits of access, control, & visibility Developer Tools
Application-layer : above provider control & access
6
Application Layer
Copyright CohesiveFT - 14 Jun 2013
Phys
ical
Lay
er
SDN Market can be divided into 2 segments1. Application Controlled
• CohesiveFT VNS3• Cisco Cloud Service Router• Citrix CloudBridge
2. Provider Controlled• Nicira/VMware• Open vSwitch• Cisco Nexus 1000v
• IBM• Cisco• Juniper
Software Defined Network - Market Segments
7
Vir
tual
Lay
erA
pplic
atio
n La
yerCloud Instance
OS
App Stack
Prov
ider
Con
trol
led
Hypervisor
Hardware
ComputeStorage
Network
Multiplexed access to:
App
Con
trol
led
} OpenFlow
Layer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6
Perimeter of access, control, & visibility
Copyright CohesiveFT - 14 Jun 2013
Overlay networks can solve common pain points:
8
@cohesiveft#CFTWebinars
Attest to data in motion encryption
Capacity expansion into public cloud
Cloud WAN / connect to customer & partner networks
Federate common, shared infrastructure
Legacy Migration and Integration
Disaster recovery / readiness
Copyright CohesiveFT - 14 Jun 2013
Overlay SDN (Software Defined Network)
gives control in the cloud of:
• IP Addressing• Protocols• Network Topology• Security
• Separate network identity from location•Configure in a mesh for high availability •Overlay across multiple clouds for geographic
distribution, & cloud federation•Rest API or UI
Extend Your Network Across the Clouds with VNS3
9
Copyright CohesiveFT - 14 Jun 2013
VNS3 is a combination of 6 device types:
Firewall
Dynamic & Scriptable SDNProtocol RedistributorIPsec/SSL VPN
concentrator
Router Switch
VNS3
Hybrid virtual device able to
extend to multiple sites
10
Leading Overlay SDN (Software Defined Network) Appliance •Allows control, mobility & agility by separating network location and network identity •Control over IP addressing and topology
Copyright CohesiveFT - 14 Jun 2013
Security lattice: layers of control & access
11
Cloud networks combine with user & provider firewalls and isolation features to create a “security lattice” with layers of security.
Some key security elements must be controlled by the customer but separate from the provider.
Provider Owned/Provider ControlledProvider Owned/User ControlledVNS3 - User Owned/User ControlledUser Owned/User Controlled
Copyright CohesiveFT - 14 Jun 2013
A technical use case preview
13
@cohesiveft#CFTWebinars
Other Cloud 2 Singapore
Other Cloud 1New Jersey, USA
Other Clouds
Copyright CohesiveFT - 14 Jun 2013
Security & control: customer networking setup
14
@cohesiveft#CFTWebinars
App-layer security: Firewalls & IPsec devices
Control: users already control and manage everything
below this layer
Copyright CohesiveFT - 14 Jun 2013
Security & control: IPsec connections
15
@cohesiveft#CFTWebinars
Security: IPsec tunnels with encrypted data-in-
motion
Control: only provide access to certain endpoints; separate
customers and partners
Copyright CohesiveFT - 14 Jun 2013
Security & control: connection into cloud VMs
16
@cohesiveft#CFTWebinars
Control: peering and failover for disaster recovery / readiness
Security: Points of presence &
backup, without vendor lock-in
Other Cloud 2 Singapore
Other Cloud 1New Jersey, USA
Other Clouds
Copyright CohesiveFT - 14 Jun 2013
Cloud Address Control
17
VNS3 Solution:
• Control static addressing of your cloud servers
• Local Area Network (LAN) address extension to the cloud
• Servers and Topologies behave as though the are running locally
• Application centric network is portable
Problem: Public Cloud addressing schemes don’t match your data center addressing.
Copyright CohesiveFT - 14 Jun 2013
Cloud Protocol Control: Multicast
18
Problem:
• Enterprise software uses multicast protocols for service election and service discovery.
• Many public cloud providers block multicast protocols at the user layer.
VNS3 Solution:
• Send multicast traffic via VNS3 overlay network before it is rejected by underlying network infrastructure.
• Control all your protocols with VNS3.
Copyright CohesiveFT - 14 Jun 2013
Cloud Security Control: IPsec Tunneling
19
VNS3 Solution:
• Extend your network with industry standard IPsec.
• Use your existing network security appliances (Cisco, Juniper, Netscreen, SonicWall).
• Use your existing secure communication methods/practices the same as you currently connect offices, data centers or partners/customers.
Problem: Public cloud is accessed via public internet.
Copyright CohesiveFT - 14 Jun 2013
Cloud Security Control: Multiple IPsec
20
Problem: Cloud providers limit the number of IPsec connections.
VNS3 Solution:
• VNS3 Manager enables multiple IPsec connections to a cloud-based overlay network segment.
• Serves as user-controlled, virtualized switch/router (uSwitch) inside the provider cloud.
• Cloud deployed servers can communicate with multiple IPsec gateways via endpoint-to-endpoint encrypted connections.
Copyright CohesiveFT - 14 Jun 2013
Regional Cloud Federation
21
VNS3 Solution:
• Leverage cloud points of presence without sacrificing security and control.
• Link multiple clouds for one logical group of resources.
• Extend connectivity between multiple public and private cloud environments.
Problem: Production cloud deployments require geo distribution for DR and points of presence.
Copyright CohesiveFT - 14 Jun 2013
Use Existing Monitoring Tools
22
VNS3 Solution:
• Use your existing monitoring tools for cloud deployments.
• VNS3 allows you to use your existing NOC to monitor and manage devices in the data center and the cloud.
Problem: Cloud deployments cannot be connected to existing network operations center.
Copyright CohesiveFT - 14 Jun 2013
Customer-Partner and Branch Networks in Public Cloud
23
VNS3 Solution:
• Industry standard secure connectivity to isolated servers in public cloud
• Data in motion in the public cloud is encrypted.
Problem: Securely connect customers, partners or branches to specific servers in shared infrastructure.
Copyright CohesiveFT - 14 Jun 2013
VNS3 Summary
24
Firewall
Dynamic & Scriptable SDNProtocol Redistributor
IPsec/SSL VPN concentrator
Router Switch
VNS3
Hybrid virtual device able to
extend to multiple sites
Leading Overlay SDN (Software Defined Network) Appliance • Allows control, mobility & agility by separating network location and network identity • Control over end to end encryption, IP addressing and network topology
Copyright CohesiveFT - 14 Jun 2013
CohesiveFT EuropeLondon, UK [email protected] +44 208 144 0156
CohesiveFT AmericasChicago, IL [email protected] +1 888.444.3962
Contact Details
25
Follow us for news and updates: blog.cohesiveft.com @cohesiveft
Get in touch:Chris Purrington, Global Sales Director
- [email protected] +44 7962 452661
Sam Mitchell, Senior Solution Architect - [email protected] +44 7917 630020
Copyright CohesiveFT - 14 Jun 2013 26
Appendix 1 - VNS3 LicensesSKU License Parameters Cost
VNS3 Free 1 VNS3 Manager, 1 IPsec Endpoint, 5 Client Packs
Free (no time limit)
VNS3 Lite Edition Cloud Only
1 VNS3 Manager, 0 IPsec Endpoint, 25 Client Packs
$150 per month
VNS3 Lite Edition Data Center Connect
1 VNS3 Manager, 2 IPsec Endpoint, 10 Client Packs
$150 per month
VNS3 SME Edition 1 VNS3 Manager, 1 IPsec Endpoint, 5 Client Packs
$350 per month
VNS3 Enterprise 1 VNS3 Manager, 1 IPsec Endpoint, 5 Client Packs
$750 per month
Larger Licenses additional Managers, IPsec endpoints and client packs can be added to the SME and Enterprise Editions
Contact CohesiveFT [email protected]
Copyright CohesiveFT - 14 Jun 2013
Large mutual fund securely bursts into public cloud to extend their HPC grid
Highlights
Automatically flex existing HPC solution up and down by bursting into public cloud.
Configure and contextualize nodes between data center and cloud.
Used existing workload manager / grid engine software / vendor to extend their grid.
Significantly reduced infrastructure costs, while increasing flexibility and responsiveness.
Challenge: Fund needed to extend their existing grid on the same IP network with security.
Traditional high performance computing (HPC) environments are expensive to own and to operate. Growing demand for faster results and equally strong push to reduce costs pointed to public cloud, but could not provide security and control.
Security & Compliance ChallengesCloud IaaS and multi-tenant solutions still cannot provide the security of a physical grid.
SolutionSeamlessly extended the grid with an overlay network.
The fund’s cloud grid compute nodes connected securely with a pair of highly available VNS3 managers.
Fund bursts into public cloud to extend HPC
28
Public Cloud
Node
Private Data Center
NodeNode
Node
IPse
c co
nnec
tion
Copyright CohesiveFT - 14 Jun 2013
Scalable, pay as you go solution to connect cloud-based apps to partner networks.
Highlights
Had to connect to telco partners with partners’ exact IP addresses
Concerns over keeping customer and partner traffic separate and secure
Needed to quickly scale up and down, with a price package to match
Overlay network segmented partners to take control of security, addressing, and connection
The Situation: Telco with mobile app needed to connect cloud-based app servers to APAC partners on the partners’ exact IP addresses.
Developed a segmented overlay network capable of running in multiple geographic regions and separating customer and partner data with encrypted connections.
Solution used:• Overlay network• Instance-based solution using pay-as-
you-go virtual appliances• Customer-defined address pools• Guarantee encryption for all data in
motion, including customer session tokens and payment information
Mobile app developer connects on overlay
29
Public Cloud
Virtual
Netw
ork
IPsec
conn
ectio
n
Customer Site
Part
ner S
ite
Customer Site
IPsec connection
IPse
c co
nnec
tion
Copyright CohesiveFT - 14 Jun 2013
European clothing designer wanted creativity and capacity without the hardware.
Highlights
Created a fashion social networking site with security and cloud-based capacity
Wanted to scale and control capacity.
Access and reliability will remain to be key aspects of the infrastructure.
Secure, encrypted data in motion and access to data center with VNS3
The Situation: European fashion designer and wholesaler wanted to extend fashion brand by:• Creating first ever fashion-focused
social site• Scaling up and down with demand• Keeping security standards high
The industry, enterprise and infrastructure created hurdles for traditional physical computing.
VNS3 overlay network offered control over addressing and topology for customer-controlled hybrid device.
Solution included:• Overlay network to public cloud• Encryption for all data in motion• End-to-end encryption from data
center to apps• Easy internal approvals for the
corporate “network police”• Perpetual license to accommodate
scaling needs
Capacity expansion: fashion brand grows in cloud
30
Public Cloud
Private Data Center
Hyb
rid
Clo
ud
Copyright CohesiveFT - 14 Jun 2013
Customer Site
BPMS-as-a-SaaS without traditional complexity
31
Business process SaaS vendor reaches customers without on-site data centers or physical networks.
Highlights
Large independent logistics firm wanted to provide SaaS as subscription model without burdening clients.
Hoped to scale cloud containers for more customized solutions.
Removed complexity of migrating and need to change the business model, operations.
Solved end client’s issues with on-site data centers and large software clients.
The international BPM and CRM software vendor wanted to provide a SaaS offering to move customers to subscription revenue model.
Challenges:• Limited multi-tenant environments for
customers that pass industry tests• Required connectivity without the
hurdles of traditional networks, data centers and enterprise rules
• Connecting apps across different public and private clouds
• End customer security concerns
Solution created:• Access as if it is a subnet on their
network• Guaranteed encryption for all data in
motion and at rest• Overlay network that can deploy to
any public cloud provider• Firm can connect their clients’
software to cloud-based data centers without up-front, capital intense processes
Public Cloud
Customer SaaS deployment 2
IPse
c co
nnec
tion
Customer Site
IPsec connection
Customer SaaS deployment 1
Copyright CohesiveFT - 14 Jun 2013
Threat protection firm extended offerings with global cloud points of presence.
Highlights
Global reach for products and global redundancy for security.
Needed secure connections to existing data centers and networks.
Access critical infrastructure “in region” without delays or capital of physical resources.
Offered global redundancy at dramatically lower cost than traditional infrastructure.
A global end point threat prevention company wanted to have global reach for their cloud-based threat protection and virus scanning system.
Additionally, they wanted to ensure global redundancy using multiple cloud data centers with the potential for connected multiple cloud providers.
Challenges:• Working with multiple cloud
providers and cloud regions• Connections across clouds and down
to existing physical data centers and networks
Solution featured:• Guaranteed encryption for all data in
motion and at rest• Overlay network to federate across
any public cloud provider
End customers can access critical resources without waiting for inter-continental lag times, at much lower costs.
Data Center 2
Cloud WAN for global reach and redundancy
32
EU Public Cloud
IPse
c co
nnec
tion
Existing Data Center
IPsec connection
US Public Cloud
Federated Multi-Cloud Network
Failover
Copyright CohesiveFT - 14 Jun 2013
Cloud WAN connectivity without the expensive assets or contracts.
Highlights
Global reach for products and global redundancy for security.
Needed secure connections to existing data centers and networks.
Access critical infrastructure “in region” without phsyical resources.
Offered global redundancy at dramatically lower cost.
A pharmaceutical information systems firm wanted to integrate US-based offices together and to integrate offices to their cloud infrastructure.
Challenges:Offices had different hardware and software, networks and data needs. The firm did not want to invest in assets or long term contracts with vendors.
Solution featured:• Guaranteed encryption for all data in
motion and at rest• Overlay network to federate across
any public cloud provider• IPsec and data in motion encryption
Customer created a true Cloud WAN with overlays and cloud provider.
Each office connected to the cloud-based systems and also connected to each other using VNS3 and the cloud as the network backbone. Medical Data
Center
Pharmaceutical system federates infrastructure
33
Hospital Offices
Medical Office
Public Cloud Region 2
IPsec connection
Public Cloud Region 1
WA
N N
etw
ork
IPse
c co
nnec
tion
IPse
c co
nnec
tion
Copyright CohesiveFT - 14 Jun 2013
Coalescence: Services for the Cloud Container
• Cloud migration framework• Automate your application migration to save time and money • No need to re-instal servers if cloud provider infrastructure fails or upgrades
• Proven methodologies to take planned topologies to the cloud through a set of logical steps
• Experience-informed services:• Cloud strategy / advisory• HPC in the cloud• Cloud training• Cloud / virtualization support• VNS3 design and implementation• Cloud deployment and security audit• Cloud active directory
34
Analyze Requested
Topology
Packaging & Bundling Unit Implementation Cluster Definition &
Contextualization Cluster Mastering Multi Cluster Launch