Jason Sones VNO North America – Nuage Networks from Nokia Sherif Awad

Slides:



Advertisements
Similar presentations
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Advertisements

Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.
Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF.
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
Microsoft Integration to Automate Deployment DMVMUG Reston, VA
Lucy Yong Susan Hares September 20, 2012 Boston
Cisco Live /23/2017 Enabling a Hybrid Cloud Extension between Enterprises and AWS with Cisco CSR 1000V and LISP
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
Network Architectures and the Advent of Hybrid Cloud Jan 2015
Introduction to Avaya’s SDN Architecture February 2015.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
1 ALCATEL-LUCENT — PROPRIETARY AND CONFIDENTIAL — RESTRICTED — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW. COPYRIGHT © 2015 ALCATEL-LUCENT. ALL.
WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.
IP/MPLS VPN Protocol GAP Analysis For NVO3 draft-hy-nvo3-vpn-protocol-gap-analysis-02 Lucy Yong Susan Hares March 2013 Orlando FL.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
SDN & NFV Driving Additional Value into Managed Services.
Check Point vSEC STORY [Protected] Non-confidential content.
Barracuda NG Firewall ™
Accelerating Your Journey to a Safe Cloud
Usecase Subcommittee Meeting
Enterprise vCPE September 27, 2017.
Run Azure Services in your datacenter
Best Practices for securing Hybrid CLouds
Grow Your Business with the Security Leader
STEPS TO A CLOUD READY DATA CENTER
VPN Extension Requirements for Private Clouds
ONAP Multi-VIM/Cloud Long Term Architecture and Use Cases (Under Community Discussion across Use Case, Optimization Framework, OOM,
5/5/ :05 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Web application hosting with Openshift, and Docker images
Optimize your network for the cloud
Web application hosting with Openshift, and Docker images
Grow Your Business with the Security Leader
Securing Your Web Application in Azure with a WAF
Logo here Module 8 Implementing and managing Azure networking 1.
Cisco Live /2/2018 Enabling a Hybrid Cloud Extension between Enterprises and AWS with Cisco CSR 1000V and LISP
How Smart Networks are Changing Corporate Networks
Enterprise vCPE use case requirement
The NPD Group - Enterprise DC Agenda
Bring new levels of visibility to your datacenter with Cisco Tetration
Best Practices for Securing Hybrid Clouds
Design and Implement Cloud Data Platform Solutions
Enterprise vCPE use case requirement
Kubernetes Container Orchestration
Microsoft Azure P wer Lunch
Securing Cloud-Native Applications Jason Schmitt CEO
WAN. Re-invented..
Healthcare Cloud Security Stack for Microsoft Azure
Management and Orchestration in Complex and Dynamic Environment
Is your deployment in pants-down mode?
Getting Started with Kubernetes and Rancher 2.0
TechEd /7/ :16 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
See your OpenStack Network Like Never Before
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
NSX Data Center for Security
Enabling the hybrid cloud with remote access appliances
Office 365 – How NOT to do it UKNOF43.
Monitor VMware with SC2012 SP1 Operation Manager & Veeam Microsoft Tools for VMware Integration & Migration Symon Perriman Michael Stafford Senior.
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
Managed Services in a Dynamic Cloud-Connected World
NFV and SD-WAN Multi vendor deployment
Microsoft Virtual Academy
Setting up PostgreSQL for Production in AWS
Applying CIM to SD-WAN Weiqiang Cheng, Feng Yang(CMCC)
Keeping Data Secure In Azure
Presentation transcript:

Jason Sones VNO North America – Nuage Networks from Nokia Sherif Awad SDN Solution Architect Lead - Nuage Networks from Nokia Extending the Zero Trust Security Model for Containerized Applications to Public Clouds April 30th, 2019 VNO

Agenda Extending the Zero Trust Security Model for Containerized Applications to Public Clouds or Blah Blah Blah! [title is too long !!!] Overview The Journey The Dream Challenges The Solution Demo Questions

What is this presentation about? Overview What is this presentation about?

Overview What is the Zero Trust Security Model? Never implicitly trust any public infrastructure. Start with the assumption that every potential shared resource can be compromised. Implement policies to enable services based on minimal required access privileges. Always use micro-segmentation, authentication, authorization and encryption Between application and/or user endpoints. Constantly monitor access requests (analytics) and intrusion attempts and adjust policy to maintain the ZTM Prevent/Detect and Respond  Automate this if you can!

Overview The move towards unified networking and IT Unifying Islands of connectivity though central policy and control. Impact of the move to public cloud The emergence of hosting sensitive enterprise IT applications as containers work-loads in public clouds. Challenge is applying enterprise grade security policy to public cloud applications. Simplifying service provisioning and management across branch, private and public clouds. How to ease the end-user provisioning, consumption and management of these new unified services.

How did we get to this point? The Journey How did we get to this point?

1 2 The journey Data Center Connecting & Serving Disparate Locations (Private Cloud) vm Connecting & Serving Disparate Locations (SD-WAN) Site A Site B Site C VPN Kubernetes 1 2 Trusted Infrastrucutre = VxLAN only Public Transport  VxLAN over IPSEC

The journey (continued) SDN Policy Engine Kubernetes Branch 4 MPLS 3 App 1 Branch 3 WAN SDN Controller DC SDN Controller MPLS PE Internet Any DC underlay Branch 1 VNF 2 SDN GW WAN Data Center End-to-End Service Overlay Public Transport  VxLAN over IPSEC Trusted Infrastrucutre = VxLAN only

The Unified Secure Multi-Cloud

The Dream Why Orchestration

Why Orchestration? Internet Underlay SD-WAN overlay SDN / Nuage SlimCPE Internet Underlay SD-WAN overlay Nuage VNS VxLAN SDN / Nuage NSG-BR Local Cloud Nuage VCS OpenStack Telco Cloud Firewall n Enterprises m Branch types q versions p VNF types r configurations a underlays b datacenter stacks c VPC environments ThickCPE NAT Anti-DDoS Access Control WAN optimization Load-balancing Mail-scanner Other VAS 3rd party Cloud AWS Azure GCP ThinCPE GRE IP/MPLS Underlay Legacy Legacy IP/MPLS VPN SR/vSR NSP

Single-click deployment Why Orchestration? Service Updates Maintainable Service Single-click deployment Hypervisor Hypervisor Hypervisor Hypervisor Public Cloud Hypervisor Hypervisor

Identifying the obstacles that are standing in our way. Challenges Identifying the obstacles that are standing in our way.

Challenges What is missing to be able to realize the dream … How to ensure only authorized hosts can run containers workloads? How to secure traffic between containers on different hosts? How to provide end-to-end service provisioning, security, monitoring and visibility from branch to private DC to public cloud? Can I rely on public cloud for data that I am responsible to keep secure?

Putting it all together The Solution Putting it all together

End-to-End Service Overlay The Solution Orchestration SDN Policy Engine Kubernetes WAN SDN Controller Bootstrap Proxy Branch 4 MPLS 3 App 1 Branch 3 DC SDN Controller MPLS PE Internet Public Cloud Network Branch 1 App-22 Public Cloud GW WAN Public Cloud Network End-to-End Service Overlay ZTM  VxLAN over IPSEC

We actually got it to work!!! … mostly … Demo We actually got it to work!!! … mostly …

Lab Topology VSD VNO OpenShift Cluster Branch User Master Node01 Nuage SDN Cluster DATA/CP MGMT VSD WAN Cloud Master Node01 Node02 OpenShift Cluster DNS-NTP Kubernetes Branch SSL Proxy VNO

Demo And so it begins

Questions Don’t be shy! Contact Info sherif.awad@nokia.com jason.sones@nokia.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.