Best Practices for securing Hybrid CLouds

Slides:



Advertisements
Similar presentations
Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Advertisements

System Center 2012 R2 Overview
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
Unified Logs and Reporting for Hybrid Centralized Management
How to protect your Virtual Datacenter Michiel van den Bos.
Data Center Network Redesign using SDN
Opensource for Cloud Deployments – Risk – Reward – Reality
Introduction To Windows Azure Cloud
AUTOMATING ADVANCED SECURITY
Cloud Scale Performance & Diagnosability Comprehensive SDN Core Infrastructure Enhancements vRSS Remote Live Monitoring NIC Teaming Hyper-V Network.
CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 Automate your way to.
Nov 22/26 Tech Forum 2015 Roberto Trinconi Cloud the New Path to the Business Leadership.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Robert Mahowald August 26, 2015 VP, Cloud Software, IDC
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
Alfresco on Azure Shah Rahman Founder and CEO, CloudlyIO.
WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.
Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
SDN & NFV Driving Additional Value into Managed Services.
Check Point vSEC STORY [Protected] Non-confidential content.
READ ME FIRST Use this template to create your Partner datasheet for Azure Stack Foundation. The intent is that this document can be saved to PDF and provided.
Run Azure Services in your datacenter
AuraPortal Cloud Helps Empower Organizations to Organize and Control Their Business Processes via Applications on the Microsoft Azure Cloud Platform MICROSOFT.
Hybrid Management and Security
Univa Grid Engine Makes Work Management Automatic and Efficient, Accelerates Deployment of Cloud Services with Power of Microsoft Azure MICROSOFT AZURE.
Building ARM IaaS Application Environment
Stop Cyber Threats With Adaptive Micro-Segmentation
Organizations Are Embracing New Opportunities
Transform yourself and build your IT cloud career path
Leading New ICT, Making eFinance More Effective.
Bringing Harmony To the Multi-Cloud Era
DocFusion 365 Intelligent Template Designer and Document Generation Engine on Azure Enables Your Team to Increase Productivity MICROSOFT AZURE APP BUILDER.
Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.
Hybrid Management and Security
New Heights by Guiding Them into the Cloud
Microsoft Azure: The only consistent Hybrid Cloud
Cloud Adoption Framework
Cherwell Service Management is an IT Service Management Solution that Makes it Easier for Users to Capitalize on Power of Microsoft Azure MICROSOFT AZURE.
Logo here Module 8 Implementing and managing Azure networking 1.
How Smart Networks are Changing Corporate Networks
Cloud Security.
Best Practices for Securing Hybrid Clouds
Secure DevOps for Government in MOC
AWS. Introduction AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the.
Bill Banks | Security Engineer
Exploring Azure Event Grid
The Brocade Cloud Manageability Vision
OpenNebula Offers an Enterprise-Ready, Fully Open Management Solution for Private and Public Clouds – Try It Easily with an Azure Marketplace Sandbox MICROSOFT.
Hybrid Cloud Foundation
Logsign All-In-One Security Information and Event Management (SIEM) Solution Built on Azure Improves Security & Business Continuity MICROSOFT AZURE APP.
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Utilizing the Capabilities of Microsoft Azure, Skipper Offers a Results-Based Platform That Helps Digital Advertisers with the Marketing of Their Mobile.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
PowerHub on Microsoft Azure Enables Renewable Energy Professionals to Track and Manage Projects from a Centralized Platform Accessible Anywhere MICROSOFT.
Dell Data Protection | Rapid Recovery: Simple, Quick, Configurable, and Affordable Cloud-Based Backup, Retention, and Archiving Powered by Microsoft Azure.
NAV In The Cloud: Exploring Options for a Cloud-based Deployment
Appcelerator Arrow: Build APIs in Minutes. Connect to Any Data Source
Microsoft Azure, RightsWATCH Help Users Keep Sensitive Information Safe from Security Breaches Resulting from Accidental or Malicious Disclosure MICROSOFT.
Abiquo’s Hybrid Cloud Management Solution Helps Enterprises Maximise the Full Potential of the Microsoft Azure Platform MICROSOFT AZURE ISV PROFILE: ABIQUO.
Single Cell’s Progenitor Powered by Microsoft Azure Improves Organisational Efficiency with Strategic Procurement, Contract Management, and Analytics MICROSOFT.
Guarantee Hyper-V, System Center Performance and Autoscale to Microsoft Azure with Application Performance Control System from VMTurbo MICROSOFT AZURE.
Peter Marini | MSP and Public Cloud Channel
NFV and SD-WAN Multi vendor deployment
Productive + Hybrid + Intelligent + Trusted
Setting up PostgreSQL for Production in AWS
Jason Sones VNO North America – Nuage Networks from Nokia Sherif Awad
Microsoft Virtual Academy
Presentation transcript:

Best Practices for securing Hybrid CLouds Greg Pepper Head of Engineering – Data Center gpepper@checkpoint.com @pepper_greg [Protected] Non-confidential content

THE CLOUD IS HERE ADOPTION GROWTH SECURITY 80% OF ENTERPRISES ARE COMMITTED TO CLOUD STRATEGY BY 2017 (IDC) GROWTH 40% OF IT BUDGETS WILL BE CLOUD- BASED BY 2018 (Forbes) SECURITY SECURITY IS THE MAIN INHIBITOR FOR CLOUD ADOPTION (Gartner) http://www.techrepublic.com/article/it-will-spend-more-than-one-third-of-its-budget-on-cloud-in-2017-says-new-report/ http://www.datamation.com/cloud-computing/cloud-will-have-a-1-trillion-impact-on-it-spending-by-2020-gartner.html http://www.forbes.com/sites/louiscolumbus/2016/03/23/cios-are-prioritizing-big-data-analytics-cloud-computing-and-security-in-20162017-budget-cycles/#2ea8816b54f6 [Protected] Non-confidential content

WHY CLOUD? AGILITY Fast to react ELASTICITY Fast to grow

Centrally Orchestrated NEW IT DEMANDS Self Service Enable business agility, streamline processes, enhance competitive advantages, and lower IT costs Centrally Orchestrated Fully Automated As a result, enterprise IT is evolving from a hardware-centric to an application-centric model, enabling businesses to streamline processes, enhance competitive positioning and improve end-user experiences. IT is now viewed as playing a more strategic role in the overall success of the business, putting pressure on IT organizations to rapidly transform in order to keep pace with business demands. Software Defined  ​

THE MODERN NETWORK Software Defined Networking (SDN) and IaaS allow IT to deliver applications and services in a fraction of the cost and time The need to run processes more efficiently, improve time-to-market and enhance user experience is subsequently driving more and more businesses to embrace the cloud – either private, public or a hybrid combination of both - as part of their IT strategy. The rising tide of cloud deployments is providing sufficient proof-points of the business benefits and fueling further cloud adoption. It is no longer a question of “if” but “when” an organization will start moving data and workflows to the cloud. Once the decision has been made, the next dilemma is determining which cloud deployment model meets the technology needs of the organization. However, this new, more dynamic infrastructure breaks the traditional network boundaries and security controls used to protect legacy infrastructure and introduces a variety of new challenges . . .

CLOUD SHARED RESPONSIBILITY

SECURITY IN THE CLOUD & SDN WORLD Must prevent lateral move of threats between applications and not only at the perimeter Should protect new IT services and applications in seconds not in weeks Should automatically be provisioned and scale within the environment without operational overhead  [Confidential] For designated groups and individuals​

Multiple Cloud & SDN Platforms Computing Cloud

[Restricted] ONLY for designated groups and individuals SDDC Conceptual design SDN Controller Orchestrator Cloud Management Different new concepts and solutions are introduced to improve datacenter turning them into Software-defined: Computing virtualization. Creating a computing cloud Cloud management solution SDN solution Orchestrators Computing Cloud [Restricted] ONLY for designated groups and individuals

SECURITY AUTOMATION USE CASES PERFORM THESE OPERATIONS… Security is automatically provisioned Application is instantly secured Application admin never waits No tickets overhead Everything is auditable KNOWING THAT…. Change application’s networking Scale up your application Virtual Patching Provision a new application Connect a new IOT device  [Confidential] For designated groups and individuals​

CHANGE APPLICATION NETWORKING Legacy Way Many Days / Manual process App owner opens ticket to FW Admin to change policy FW admin changes the policy New policy is published on the weekend Changing Web VM IP Seconds / Dynamic Process Security dynamically learns about this change from SDN and all virtual and physical GWs are instantly updated DevOps Way  [Confidential] For designated groups and individuals​

SCALE UP YOUR APPLICATION Many Days / Manual process Open ticket to FW Admin to change policy FW admin changes the policy New policy is published on the weekend Legacy Way Add a new Web VM cluster Security dynamically learn about the change and instantly update GW policy Seconds / Dynamic Process VM is automatically added to web SDN Group DevOps Way  [Confidential] For designated groups and individuals​

PROVISION A NEW APPLICATION Many hours / Manual process Develop a manual procedure for new Database Manually configure the FW to secure the new Database Legacy Way Develop an orchestration recipe for new Database with security Seconds / Automation Process Recipe is executed and provision the FW policy DevOps Way  [Confidential] For designated groups and individuals​

SECURITY MUST ORCHESTRATE WITH DEVOPS EVOLUTION AND MIGRATION TO CLOUD MOVING TO CLOUD IS A STRATEGIC MOVE IT TAKES TIME AND EFFORT TO REALIZE THE FULL POTENTIAL Phase #1: New Infrastructure Compute (Hypervisor) SDN (Network) Phase #2: New Applications Software Defined Applications Phase #3: New Operation DevOps & Orchestration SECURITY MUST ORCHESTRATE WITH DEVOPS  [Confidential] For designated groups and individuals​

Understand CLOUD & SDN Capabilities [Protected] Non-confidential content

Automatic Deployment of Security Templated Deployments AWS Cloud Formation Templates Azure ARM Templates OpenStack HEAT/YAML Templates vAPP NSX Deployment Orchestrator Integrations Deployment of Security Creation of Policies Creation of Security Tags SDN Traffic Steering

Scale-Up & Scale-Out Vertical Scalability Horizontal Scalability Larger Instance Sizes Compute & Network I/O Horizontal Scalability Native Cloud Scale Groups AutoScaling Groups Scale-Up & Scale-Down DNS Load Balancing https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-general https://aws.amazon.com/ec2/instance-types/

Cloud & SDDC Service Chaining Inter & Intra Zone Visibility Tightly integrate with leading SDN Datacenter Inspects North-South & East-West Using Route & NAT Dynamic Access Controls with Advanced Threat Prevention  [Confidential] For designated groups and individuals​

Routes in AWS and Azure In an AWS VPC, every routing table has a route to the effect that every node “one hop away” from any other in the same VPC In Azure VNET, Intra-VNET routes can override the “Everyone is one hop away” system Route

AWS deployment with VNF Traffic originating from web server Traffic entering to the web site Traffic between subnets After this slide go to show how GW looks like in the smart console & show imported objects for the tag “Web” & DB server in a rule. Routing Routing

Basic single GW Architecture 2 NIC GW N/S traffic flows through vSEC GW Ingress because EIP mapping & Static NAT Egress because default route & Dynamic NAT Intra-VPC traffic not inspected

Azure deployment with VNF Traffic originating from web server Traffic entering to the web site Traffic between subnets Traffic intra subnet After this slide go to show how GW looks like in the smart console & show imported objects for the tag “Web” & DB server in a rule.

Single GW in Azure 2 NIC GW N/S traffic flows through vSEC GW Ingress because LB and GW Static NAT Egress because default route & Dynamic NAT Loadbalancer is used when you need additional PIPs for NATing internal resources Intra-VPC traffic inspected if needed!

LB Sandwiched Autoscaling Group Autoscaling Groups for N/S Perimeter Secondary Gateways for IPSec VPN and or Egress Controls Dynamic Policies Mapped to Security Tags and Security Groups Listens on port 80 Forwards to vSEC GWs on port 8081 External ingress LB Check Point vSEC GW Check Point vSEC Autoscale Cluster Ingress AZ1/10.0.0.0 AZ2/10.0.1.0 Egress proxy web VPN, Admin Ingress, Egress other Listens on port 8081 Forwards to Web Servers on port 80 Listens on port 8080 Forwards to vSEC GWs on port 8080 Internal ingress LB Internal egress “proxy” LB Web Servers AZ1/10.0.2.0 AZ2/10.0.3.0

VM Scale Set

AUTOMATE, AUTOMATE, AUTOMATE Multi-Portal RESTful API API web-server web-services API Container CPM Postgres SQL Management Console Secure IAM Roles for Policy Orchestration Delegated Role Based Access by Controls and Zones Monitoring of API Server Access & Audit Logs [Protected] Non-confidential content

IAAS CLOUD SECURITY PLAN [Protected] Non-confidential content

[Protected] Non-confidential content STEP #1: CONTROL THE APP PERIMETER Use advanced threat prevention at the cloud perimeter Securely connect your cloud with your on-premise environment CLOUD ON-PREMISE [Protected] Non-confidential content

[Protected] Non-confidential content STEP #2: SECURE THE CLOUD FROM THE INSIDE Micro-segment your cloud to control inside communication Prevent lateral threats movement between applications App App App App [Protected] Non-confidential content

[Protected] Non-confidential content STEP #3: MANAGE CONSISTENT SECURITY FOR HYBRID ENVIRONMENTS Deploy unified security management for your hybrid cloud (On-Premise and Cloud) Ensure policy consistency Reduce operation cost CLOUD ON-PREMISE [Protected] Non-confidential content

[Protected] Non-confidential content STEP #4: AUTOMATE YOUR SECURITY Security should be as elastic and dynamic as your cloud Auto-provisioned Auto-scaled Adaptive to changes [Protected] Non-confidential content

Security at the Speed of DevOps Enterprises want a single vendor to secure their modern datacenter with more automation and higher security between applications Security at the Speed of DevOps Public & Private Cloud Service Chaining PUBLIC CLOUD PRIVATE Unified Cloud Visibility Dynamic Cloud Aware Policies Complete Automated Deployment & Policy Orchestration of Hybrid Cloud

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.