Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to protect your Virtual Datacenter Michiel van den Bos.

Published byProsper Richardson Modified over 9 years ago

Similar presentations

Presentation on theme: "How to protect your Virtual Datacenter Michiel van den Bos."— Presentation transcript:

1 How to protect your Virtual Datacenter Michiel van den Bos

2 Security challenges in the cloud Physical firewalls may not see the East-West traffic  Firewalls placement is designed around expectation of layer 3 segmentation  Network configuration changes required to secure East-West traffic flows are manual, time-consuming and complex  Ability to transparently insert security into the traffic flow is needed MS-SQLSharePointWeb Front End 2 | ©2014, Palo Alto Networks. Confidential and Proprietary.

3 Security challenges in the cloud Incomplete security features on existing virtual security solutions In the cloud, applications of different trust levels now run on a single server  VM-VM traffic (East-West) needs to be inspected  Port and protocol-based security is not sufficient  Virtualized next-generation security is needed to:  Safely enable application traffic between VMs  Protect against against cyber attacks MS-SQLSharePointWeb Front End 3 | ©2014, Palo Alto Networks. Confidential and Proprietary.

4 Security challenges in the cloud Static policies cannot keep pace with dynamic workload deployments  Provisioning of applications can occur in minutes with frequent changes  Security approvals and configurations may take weeks/months  Dynamic security policies that understand VM context are needed 4 | ©2014, Palo Alto Networks. Confidential and Proprietary.

5 VMware and Palo Alto Networks solution Cloud security challengesSolution Manual networking configuration to steer traffic to security appliance Automated, transparent services insertion of VM- Series with VMware NSX Incomplete security capabilitiesVirtualized security appliance supporting PAN-OS TM Static policies cannot keep up with virtual machine changes Dynamic security policies with VM context 5 | ©2014, Palo Alto Networks. Confidential and Proprietary.

6 Applying Zero Trust concepts in the data center All resources are accessed in a secure manner regardless of location. Access control is on a “need-to-know” basis and is strictly enforced. Verify and never trust.Inspect and log all traffic. 6 | ©2014, Palo Alto Networks. Confidential and Proprietary.

7 Segmentation for all data center traffic Virtualized serversPhysical servers corporate network/DMZ Security Network Application Segment North South (physical) and East West (virtual) traffic Tracks virtual application provisioning and changes via dynamic address groups Automation and orchestration support via REST-API 7 | ©2014, Palo Alto Networks. Confidential and Proprietary.

8 VM-Series for east-west traffic inspection Next-generation firewall in a virtual form factor Consistent features as hardware-based next-generation firewall Inspects and safely enables intra-host communications (East- West traffic) Tracks VM creation and movement with dynamic address groups New model will be released to support VMware NSX 8 | ©2014, Palo Alto Networks. Confidential and Proprietary.

9 Dynamic address groups Dynamic Address Groups delivers policy abstraction layer for physical and virtual security appliances Replaces static object definitions with dynamic data Dynamic Address Groups replaces Dynamic Address Objects: Supports multiple tags representing VM attributes Increased maximum of registered IP addresses per object and per system Multiple tags can be resolved for policy (Example: Policy for VMs with “DB” & “windows O/S” tags) Policies Database IP: 14.28.56.112 12.12.12.12 22.22.22.22 33.33.33.33 Windows 9 | ©2014, Palo Alto Networks. Confidential and Proprietary.

10 VMware vCenter or ESXi Power of dynamic address groups NameIPGuest OSContainer web-sjc-0110.1.1.2Ubuntu 12.04Web sp-sjc-0410.1.5.4Win 2008 R2SharePoint web-sjc-0210.1.1.3Ubuntu 12.04Web exch-mia-0310.4.2.2Win 2008 R2Exchange exch-dfw-0310.4.2.3Win 2008 R2Exchange sp-mia-0710.1.5.8Win 2008 R2SharePoint db-mia-0110.5.1.5Ubuntu 12.04MySQL db-dfw-0210.5.1.2Ubuntu 12.04MySQL PAN-OS Security Policy SourceDestinationAction PAN-OS Dynamic Address Groups NameTagsAddresses SharePoint Servers MySQL Servers Miami DC San Jose Linux Web Servers NameTagsAddresses SharePoint Servers SharePoint Win 2008 R2 “sp” MySQL Servers MySQL Ubuntu 12.04 “db” Miami DC“mia” San Jose Linux Web Servers “sjc” “web” Ubuntu 12.04 NameTagsAddresses SharePoint Servers SharePoint Win 2008 R2 “sp” 10.1.5.4 10.1.5.8 MySQL Servers MySQL Ubuntu 12.04 “db” 10.5.1.5 10.5.1.2 Miami DC“mia” 10.4.2.2 10.1.5.8 10.5.1.5 San Jose Linux Web Servers “sjc” “web” Ubuntu 12.04 10.1.1.2 10.1.1.3 IP 10.1.1.2 10.1.5.4 10.1.1.3 10.4.2.2 10.4.2.3 10.1.5.8 10.5.1.5 10.5.1.2 Name SharePoint Servers MySQL Servers Miami DC San Jose Linux Web Servers SourceDestinationAction SharePoint Servers San Jose Linux Web Servers ✔ MySQL Servers Miami DC  db-mia-0510.5.1.9Ubuntu 12.04MySQL 10.5.1.9 10 | ©2014, Palo Alto Networks. Confidential and Proprietary.

11 Panorama centralized management and policy automation  Global, centralized management of security policies for all Palo Alto Networks datacenter firewalls, physical or virtual platforms  Centralized logging and reporting  Deploy virtually or via M-100 physical appliance  Scalability to manage up to 1,000 firewalls  Automatically provision security policies together with your existing orchestrated tasks  RESTful XML API over SSL connection enables integration with leading orchestration vendors  Derive management efficiencies via orchestrated:  Application/service/tenant resource allocations  Service state tracking  Policy mapping Integration With Orchestration Vendors 11 | ©2014, Palo Alto Networks. Confidential and Proprietary.

12 How The Joint Integration Works 12 | ©2014, Palo Alto Networks. Confidential and Proprietary.

13 VMware NSX and Palo Alto Networks integration 13 | ©2014, Palo Alto Networks. Confidential and Proprietary. VM-1000-HV

14 Meeting the needs of both infrastructure and security Accelerate app deployments and unlock cloud agility Meet expectations of security in new operating model Increase visibility and protection against cyber attacks Maintain consistent security controls for all DC traffic CloudSecurity 14 | ©2014, Palo Alto Networks. Confidential and Proprietary. For more information on the integration, visit www.paloaltonetworks.com/partners/vmware.html

15

Download ppt "How to protect your Virtual Datacenter Michiel van den Bos."

Similar presentations

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Palo Alto Networks Jay Flanyak Channel Business Manager

Palo Alto Networks Jay Flanyak Channel Business Manager
Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
NOTES to presenter  Slides 3-6 are very different than what you may have seen before. Review the animation and practice them – there are some speaker.

NOTES to presenter  Slides 3-6 are very different than what you may have seen before. Review the animation and practice them – there are some speaker.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.

Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
DevOps and Private Cloud Automation 23 April 2015 Hal Clark.

DevOps and Private Cloud Automation 23 April 2015 Hal Clark.
Best of.

Best of.
CON7349 - Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.

CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.

Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.
Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.

Monitor Linux OS health & performance Monitor log files Monitor JEE app servers Monitor line-of-business applications Monitor databases and web.
Getting Started with Oracle Compute Cloud

Getting Started with Oracle Compute Cloud
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Similar presentations

Ads by Google