pervasive visibility in the cloud … · pervasive visibility in the cloud cloudsec 2016 daniel...
TRANSCRIPT
Pervasive Visibility in the Cloud CLOUDSEC 2016
Daniel Poole
Principle Cloud Security Architect – EMEA North
2 Confidential and Proprietary. Not to be distributed without express written consent from Gigamon. © 2016 Gigamon. All rights reserved.
“Amazon AWS growth rate is far outpacing other
enterprise vendors”1
1 http://www.businessinsider.com/amazon-aws-growth-rate-is-far-outpacing-other-enterprise-vendors-2015-12 2 https://view.officeapps.live.com/op/view.aspx?src=http://www.microsoft.com/global/Investor/RenderingAssets/Downloads/FY16/Q1/SlidesFY16Q1.pptx 3 http://fortune.com/2015/12/17/oracle-cloud-growth/ 4 http://www.datacenterknowledge.com/archives/2015/10/20/amid-poor-results-overall-ibms-cloud-business-growing/ 5 http://siliconangle.com/blog/2015/08/21/salesforce-com-maintains-breakneck-growth-in-the-second-quarter-as-cloud-demand-soars/
Microsoft Azure revenue grew 135%, and
compute usage more than doubled year-
over-year2
“Oracle Claims Good Cloud Growth
(But It's Still Not Good Enough)”3
Amid Poor Results Overall,
IBM’s Cloud Business Growing4
“Salesforce.com maintains breakneck growth in the second
quarter as cloud demand soars”5
Every Silver Lining Has a Cloud Inside It!
3 Confidential and Proprietary. Not to be distributed without express written consent from Gigamon. © 2016 Gigamon. All rights reserved.
Deployment Considerations and Visibility Benefits
Stage
Deployment
Considerations
Visibility
Benefits
Server virtualization
• Hypervisor choice
• VM density
• Scope of VM mobility
• Extend visibility “inside VM”
• Business continuity
• Maximize available host capacity
• “Follow the VM”
Private Cloud
• Automation: speed of turn-up
• Admin (provider) vs.
tenant concepts
• Chargeback to business units
• Choice of orchestrator
• Extend visibility “inside cloud”
• Automate visibility for
tenants/apps
• Providers and tenants have
different visibility goals
• Provider: security of infrastructure
• SaaS: Software-as-a-Service [E.g. SFDC, Workday, …]
• IaaS: Infrastructure-as-a-Service [E.g. AWS, Microsoft Azure]
• PaaS: Platform-as-a-Service [E.g. Amazon Elastic Beanstalk]
• Availability and security
• Providers and tenants have
different visibility goals
Public Cloud
Salesforce, Microsoft Office 365,
Amazon Web Services,
Workday, VMware vCloud Air,
Microsoft Azure
4 Confidential and Proprietary. Not to be distributed without express written consent from Gigamon. © 2016 Gigamon. All rights reserved.
Source: Adapted from “Pizza as a Service” by Albert Barron, Sr. Software Client Architect, IBM
Demystifying the Cloud: A Real-World Analogy “PIZZA AS A SERVICE”
DINING TABLE
DRINK
ELECTRIC / GAS
OVEN
TOPPINGS
TOMATO SAUCE
CHEESE
PIZZA DOUGH
DINING TABLE
DRINK
ELECTRIC / GAS
TOMATO SAUCE
CHEESE
PIZZA DOUGH
DINING TABLE
DRINK
ELECTRIC / GAS
OVEN
TOPPINGS
TOMATO SAUCE
CHEESE
PIZZA DOUGH
DINING TABLE
DRINK
ELECTRIC / GAS
OVEN
TOPPINGS
TOMATO SAUCE
CHEESE
PIZZA DOUGH
Customer manages
Provider manages
OVEN
TOPPINGS
Bake a Pizza
at Home
Bake a Frozen
Pizza at Home
Pizza Delivered
to Home
Eat
Out!
Traditional IT IaaS PaaS SaaS
5 Confidential and Proprietary. Not to be distributed without express written consent from Gigamon. © 2016 Gigamon. All rights reserved.
• Security concerns to run critical apps
• Inability to access traffic for analysis
• Lack of sufficient tools in public cloud
• Backhaul costs to enterprise vary
• Industry’s first network visibility solution for AWS EC2
• Applicable for any Linux workloads (Windows to follow)
• Supports multiple deployment models: tools in AWS or enterprise
Today’s Challenges Gigamon Solution
Solving the Visibility Gap in Public Clouds
6 Confidential and Proprietary. Not to be distributed without express written consent from Gigamon. © 2016 Gigamon. All rights reserved.
Hybrid Cloud Deployments
Enterprise
Private Cloud
or On-prem
Combination of Public Cloud, On-prem and
Private Cloud services used by an organization
with orchestration between the platforms
Public Cloud
(e.g. AWS)
7 Confidential and Proprietary. Not to be distributed without express written consent from Gigamon. © 2016 Gigamon. All rights reserved.
VPC: Virtual Private Cloud
Deployment Examples: Hybrid Clouds USE CASE 1: TOOLS IN THE ENTERPRISE DATA CENTER
Tools
Enterprise Data Center
Monitored traffic backhauled from AWS to tools in an enterprise’s data center
L2 GRE Tunnel
Virtual Traffic Policies
AWS EC2 Integration
GigaVUE® V Series
AWS
VPC GigaVUE-FM
Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and subject to change.
Control Traffic
Monitored Data Traffic
8 Confidential and Proprietary. Not to be distributed without express written consent from Gigamon. © 2016 Gigamon. All rights reserved.
Centralized Management using GigaVUE-FM
Confidential and Proprietary
9 Confidential and Proprietary. Not to be distributed without express written consent from Gigamon. © 2016 Gigamon. All rights reserved.
Applications Gigamon
Applications
3rd Party Apps (e.g. Splunk, Viavi)
Applications & Tools Infrastructure,
User Community
Unified Visibility Fabric™ Portfolio
UPDATES WITH GIGAVUE-FM 3.4
Traffic
Intelligence
Visibility
Fabric Nodes (Pervasive visibility across
physical, virtual, remote
sites, and future SDN
production networks)
Fabric
Services Flow Mapping®
Fabric Control
(Management)
Inline Bypass
GigaVUE-HD8 GigaVUE-HB1
GigaVUE-HC2 H S
eri
es
TA
Se
rie
s GigaVUE-TA1 / TA10
GigaVUE-OS
on white box
GigaVUE-TA40
Vir
tual
Vis
ibil
ity
GigaVUE-VM
TA
Ps
G-TAP
G-TAP A Series
G-TAP BiDi
Embedded TAPs
G S
eri
es
GigaVUE-2404
GigaVUE-420
G-SECURE-0216
GigaVUE-FM
Clustering
GigaVUE-HD4
G-TAP M Series
FabricVUE™ Traffic Analyzer
De-duplication
Slicing
FlowVUE™
Masking
GTP
Correlation
Header
Stripping Tunneling
SSL Decryption
Adaptive
Packet Filtering
Application
Session Filtering Time Stamping
AP
I
AP
I
AP
I
NetFlow
Generation
AP
I
Confidential and Proprietary
GigaVUE-TA100