software-based networking & security for the cloud
DESCRIPTION
As the old appliance model in network infrastructures of datacenters and clouds is being replaced by software and virtual machines, next-generation network security is paving the way for secure migration into the cloud. While one of the key benefits of the cloud is network access from any location, this brings to light critical issues including access restrictions and, more importantly, who controls it. Can providers support VPNs or dedicated connections in the IaaS cloud? This session will cover secure cloud migrations and detail the benefits of the customer-controlled virtual firewall, VPN and IPS in the IaaS cloud.TRANSCRIPT
![Page 1: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/1.jpg)
SOFTWARE-BASED NETWORKING & SECURITY
FOR THE CLOUD
Jae Lee, Director of Product Management
![Page 2: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/2.jpg)
2
WHY USE CLOUD SERVICES?WHY USE CLOUD SERVICES?
�No CAPEX, low operational cost
�Fast, flexible, elastic
�You can focus on business
![Page 3: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/3.jpg)
3
WHY OFFER CLOUD SERVICES?WHY OFFER CLOUD SERVICES?
�Significant increase in demand
�Faster time-to-market for new services
�Higher value = greater revenue
![Page 4: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/4.jpg)
4
CLOUD NETWORKING CHALLENGESCLOUD NETWORKING CHALLENGES
�Hardware limitations – cost, inflexibility
�Scale services
�Minimize latency
�Connect securely to DC
�Maintain security policy and compliance
�Decrease complexity
�Automate provisioning
![Page 5: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/5.jpg)
5
STEP 1: VIRTUALIZESTEP 1: VIRTUALIZE
BORDER ROUTER
FIREWALL
VPN
INTRUSION PREVENTION
SWITCH
WEBSERVERS
APPS & STORAGE
DATABASE
10.0.0.0/24
10.3.0.0/24
10.4.0.0/24ENTERPRISE DATACENTER
- UNDER-UTILIZED HARDWARE
- NO AUTOMATION IN NETWORK MAINTENANCE
- EXPENSIVE TO SCALE
- HARD LIMITATIONS FORCE OVERPROVISIONING
![Page 6: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/6.jpg)
6
VIRTUALIZATION STALLVIRTUALIZATION STALL
Hypervisor 1
vSWITCH
VLAN1VLAN2
Web Servers
VLAN1VLAN2
Applications
VLAN1VLAN2
Database
CORE
AGGREGATION
ACCESS
SWITCH
SWITCH
FIREWALL
BORDER ROUTER
Hypervisor 2 Hypervisor 3
LEGACY VIRTUAL DATACENTER
- LATENCY
- NO PROTECTION BETWEEN VLANS
- NOT SCALABLE
- HARDWARE FIREWALL COSTS
- REQUIRES NETWORK ADMIN TO INSTALL / SCALE
System
Network
![Page 7: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/7.jpg)
7
Hypervisor 1
vSWITCH
VLAN1
VLAN2
vNIC
Web Servers
VLAN1 VLAN2
vNIC
Applications
VLAN1 VLAN2
vNIC
Database
10.0.0.0/12
Hypervisor 2 Hypervisor 3
SWITCH
FIREWALL
BORDER ROUTER
AGGREGA
TION
ACCESS
SWITCH
AGGREGA
TION
VIRTUAL DATACENTER W/ VIRTUAL APPLIANCEALL TRAFFIC IS INSPECTED WITHIN HYPERVISOR
- FIREWALL PROTECTS ALL TRAFFIC DIRECTIONS
ELIMINATES LATENCY
INTER-VLAN TRAFFIC INSPECTION
- PER-TENANT DEDICATED NETWORK CONTROLS
PROVISIONED ON DEMAND
ININ--HYPERVISOR NETWORK SECURITYHYPERVISOR NETWORK SECURITY
System
Network
![Page 8: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/8.jpg)
8
APPLICATION ONAPPLICATION ON--BOARDINGBOARDING
Cloud EnvironmentData Center
Vyatta
WAN
DNSActive Directory Vyatta
L2 GRE Tunnel
+
IPSec VPN or OpenVPN (SSL)
VM
Hypervisor
vSwitch
Database Servers
VM
VM
VM
App Servers
VM
VM
VM
Web Servers
VM
VM
VMVM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VDI
VM Management
TestDev
VM
Other Tools
Application
Workload
![Page 9: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/9.jpg)
9
APPLICATION ONAPPLICATION ON--BOARDINGBOARDING
Cloud EnvironmentEnterprise Data Center
Vyatta
WAN
DNSActive Directory Vyatta
L2 GRE Tunnel
+
IPSec VPN or OpenVPN (SSL)
VM
VM
VM
VM
VM
VDI
VM Management
TestDev
VM
Other Tools
Compliance /
Trust Model
Preserved
PhysicalN-Tier
Database Tier
Hypervisor
vSwitch
Application Tier
VM
VM
VM
Web Services Tier
VM
VM
VM
VM
VM
VM
![Page 10: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/10.jpg)
10
LEVERAGING AMAZONLEVERAGING AMAZON
VM VM
VM VM
VMV
M
VPCInternet
Gateway
Public
Private
Web
Ser
vers
Vyatta AMIInternet
VPN
Remote Workers
Enterprise Datacenter
Private or Public Cloud
Dat
abas
e Ser
vers
Cloud Bridge
NAT + Firewall
AGGREGAT
ION
AGGREGAT
ION
VYATTA AMI – COMPLETE NETWORKING IN AMAZON VPC
- NO LIMIT TO # OF VPN TUNNELS
- SECURELY CONNECT INTO MULTIPLE VPCs FROM A SINGLE
- CREATE FULL VPN MESH BETWEEN MULTIPLE VPCs
- SECURELY BRIDGE CLOUD TO CLOUD OR DATACENTER TO CLOUD
- SINGLE INTEGRATED PACKAGE OF FW, VPN, IPS, URL FILTERING, FULL LAYER 3
![Page 11: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/11.jpg)
11
FIREWALL
VPN
IPS
SWITCH
WEBSERVERS
APPS & STORAGE
DATABASE
10.0.0.0/24
10.3.0.0/24
10.4.0.0/24
ROUTER
Vyatta Enterprise With VyattaVyatta Enterprise With Vyatta
APPS & STORAGE
DATABASE
10.3.0.0/24
10.4.0.0/24
VYATTA ENTERPRISE DATACENTERNETWORK EDGE AND LAN COMPRISED OF STANDARD x86-
BASED SYSTEMS and VYATTA SOFTWARE
- LEVERAGE STANDARD x86 SERVER HARDWARE- MODERN QUAD CORE + SYSTEMS DELIVER 10Gbps PERFORMANCE
- SYSTEM SCALABILITY USING STANDARD COMPONENTS - SOFTWARE – BASED UPGRADE PATH- COST A FRACTION OF COMPARABLE CISCO / JNPR GEAR
![Page 12: Software-Based Networking & Security for the Cloud](https://reader033.vdocuments.us/reader033/viewer/2022052905/55838f7ed8b42a282c8b50b2/html5/thumbnails/12.jpg)
12