Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1.

Published byLuke Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1."— Presentation transcript:

1 Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1

2 Your data center Let’s begin with how things are, and how things should be… 2

3 The Evolving Architecture – The Neo IT Model 3 On-Premise Data Center New app frameworks Mobile Devices Virtual Desktop (VDI) Branch offices (Partner) Internet of things Public clouds

4 Data Center Virtualization Layer Intelligence in Software Operational Model of VM for Data Center Automated Configuration & Management What is a Software Defined Data Center (SDDC)? Intelligence in Hardware Dedicated, Vendor Specific Infrastructure Manual Configuration & Management Software Hardware Compute, Network and Storage Capacity Pooled, Vendor Independent, Best Price/Performance Infrastructure Simplified Configuration & Management

5 Compute Storage Network Custom Distributed Applications (Security, Application Load Balancing, Routing, HA, etc.) Google, Facebook, Amazon Software Automation Agility & Speed Network Services Distributed out to Applications Simplified Increased Stability & Reliability Lower Cost

6 Compute Storage Network Custom Distributed Applications (Security, Application Load Balancing, Routing, HA, etc.) Google, Facebook, Amazon Compute Storage Network Enterprise Applications Enterprise IT Data Center Virtualization Layer

7 Compute Storage Network Custom Distributed Application Design (Security, Application Load Balancing, Routing, HA, etc.) Google, Facebook, Amazon Compute Storage Network Enterprise Applications Enterprise IT Data Center Virtualization Layer

8 Compute Storage Network Enterprise Applications Enterprise IT Data Center Virtualization Layer The operational model of a VM for the entire data center Programmatically Create Snapshot Store Move Delete Restore The operational model of a VM for the entire data center Programmatically Create Snapshot Store Move Delete Restore

9 Demystifying Data Center Security 9 Perimeter FW Internal FW DMZ IPS Converged Infrastructure, running on data center compute resources and vSphere hypervisors Internet End user computing/desktops Application infrastructure Internet-facing servers: Web, E-mail, DNS, etc. Also for VDI: Horizon View Security Server A/V Other server security Client

10 Why do breaches still occur? Data Center Perimeter Today’s data centers are protected by strong perimeter defense… But threats and exploits still infect servers. Low- priority systems are often the target. Threats can lie dormant, waiting for the right moment to strike. Server-server traffic growth has outpaced client-server traffic. The attack spreads and goes unnoticed. Possibly after months of reconnaissance, the infiltration relays secret data to the attacker. Attacks spread inside the data center, where internal controls are often weak. Critical systems are targeted. 10110100110 101001010000010 1001110010100

11 Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible Little or no lateral controls inside perimeter Internet InsufficientOperationally Infeasible

12 Why traditional approaches are operationally infeasible… 12 Internet Perimeter Firewalls Create firewall rules before provisioning Update Firewall rules when move or change Delete firewall rules when app decommissioned Problem increases with more East-West traffic

13 Let’s start with a story about a firewall The Data Center Traditional Firewall Rule Mgt & Operations Physical Firewalls (2 – 100 Gbps) Physical Firewalls 13

14 Traditional Firewall Rule Mgt & Operations Physical Firewalls (2 – 100 Gbps) Physical Firewalls The Data Center Traditional Firewall Rule Mgt & Operations Virtual Firewalls (1 – 3 Gbps) Virtual Firewalls 14

15 Traditional Firewall Rule Mgt & Operations Virtual Firewalls (1 – 3 Gbps) Virtual Firewalls Automated Policy Mgt & Operations, Distributed Enforcement Kernel-based Performance, Distributed Scale-out Capacity (20 Gbps/host) Distributed Firewalling The Data Center 15

16 The Data Center 16

17 SDDC Platform – “Zero Trust” is Now Operationally Feasible 17 Hypervisor-based, in kernel distributed firewalling High throughput rates on a per hypervisor basis Every hypervisor adds additional east-west firewalling capacity Native feature of the VMware NSX platform Platform-based automation Automated provisioning and workload adds/moves/changes Accurate firewall policies follow workloads as they move Audit Compliance 20 Gbps Firewalling throughput per host Data center micro-segmentation becomes operationally feasible

18 Micro-segmentation simplifies network security  Each VM can now be its own perimeter  Policies align with logical groups  Prevents threats from spreading App DMZ Services DB Perimeter firewall AD NTPDHCPDNSCERT Inside firewall Finance Engineering HR

19 Network Virtualization is at the core of an SDDC approach Network, storage, compute Virtualization layer Non-Disrupting Deployment

20 Network, storage, compute Virtualization layer “Network hypervisor” Virtual Data Centers Network Virtualization is at the core of an SDDC approach Non-Disrupting Deployment

21 Intelligent Grouping Groups defined by customized criteria Operating System Machine Name Application Tier Services Security PostureRegulatory Requirements CONFIDENTIAL21

22 Automated Security in a Software-Defined Data Center Data Center Micro-Segmentation CONFIDENTIAL22

23 IsolationExplicit Allow Comm.Secure Communications IPS FIM AM WR Service Insertion Application A Application B App Tier DB Tier (e.g TCP,1433) No Communication Path Intrusion Protection File Integrity Anti-Malware Web Reputation Inserting Advanced Security Services For Fine-Grained Policy & Control

24 Copyright 2015 Trend Micro Inc.24 Internet Traffic Steering NSX: Advanced Partner Security Services Security Policy

25 Add Trend Micro advanced services to your micro-segmentation deployment for greater security Apply the NSX operational model to your advanced security products Adapt to changing security conditions in the data center by enabling security solutions that share intelligence Traditional Data Center Static service chain In a traditional data center, security services must be configured when the network is architected, meaning the “chain” of services is locked in once deployed. This is an inefficient use of resources and cannot defend against changing threat conditions. NSX Data Center Dynamic service chain In an NSX data center, 3 rd -party security solutions use NSX security tags to share intelligence, adapting to changing security conditions. NSX automatically applies the correct security function as needed. 13 2 NSX: Security Extensible Platform

26 Copyright 2015 Trend Micro Inc.26 Build security into the application lifecycle With VMware NSX and their partners, security is enforced through every step of an application’s lifecycle Prepare Deploy security service Create security groups and policies Instantiate Dynamically assign security groups and policies Monitor Run periodic automated scans for threats Monitor applications for vulnerabilities Monitor and record system changes Manage Address known threats & vulnerabilities Respond to emergent attacks Adjust security policy as app changes over time Decommission security services Report compliance and generate audit logs Decommission

27 NSX Vision Managing Security and Connectivity for many Heterogeneous End Points 27 Automation IT at the Speed of Business Security Inherently Secure Infrastructure Application Continuity Data Center Anywhere On-Premise Data Center New app frameworks Mobile Devices (Airwatch) Virtual Desktop (VDI) Branch offices (Partner) Internet of things Public clouds

28 Compute Virtualization Network Virtualization Software-Defined Storage Hybrid Cloud Mobile Workspace Intrinsic Security Server Virtualization 2000 Software-Defined Data Center 2011 Software-Defined Business 2016 VMware: Fearless Innovator of “Software-Defined” 28

29 Thank You!

30 Thank you

31 CONFIDENTIAL31

Download ppt "Deep Security and VMware NSX Advanced Security Framework for the Software-Defined Data Center Anand Patil National Sales Manager, SDDC CONFIDENTIAL1."

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.
The future of Desktops Transform Your Desktop with Virtualization.

The future of Desktops Transform Your Desktop with Virtualization.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
A SOLUTION: 2X REMOTE APPLICATION SERVER. 2X REMOTE APPLICATION SERVER.

A SOLUTION: 2X REMOTE APPLICATION SERVER. 2X REMOTE APPLICATION SERVER.
© 2010 VMware Inc. All rights reserved Confidential VMware Vision Jarod Martin Senior Solutions Engineer.

© 2010 VMware Inc. All rights reserved Confidential VMware Vision Jarod Martin Senior Solutions Engineer.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
© 2015 VMware Inc. All rights reserved. Software-Defined Data Center: Security for the new battlefield Rob Randell, CISSP Director/Principal Architect.

© 2015 VMware Inc. All rights reserved. Software-Defined Data Center: Security for the new battlefield Rob Randell, CISSP Director/Principal Architect.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
How to protect your Virtual Datacenter Michiel van den Bos.

How to protect your Virtual Datacenter Michiel van den Bos.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Cloud Computing Cloud Security– an overview Keke Chen.

Cloud Computing Cloud Security– an overview Keke Chen.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Software-Defined Networks Jennifer Rexford Princeton University.

Software-Defined Networks Jennifer Rexford Princeton University.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Computing on the Cloud Jason Detchevery March 4 th 2009.

Computing on the Cloud Jason Detchevery March 4 th 2009.

Similar presentations

Ads by Google