Балансировка и защита приложений как «облачный» сервис Алексей Кушнир,
Балансировка и защита приложений как «облачный» сервис Алексей Кушнир, Региональный директор Россия и СНГ Radware & Cloud Cloud Customer & Partner Growth 189 Company Growth 167 144 109 38 5 43 44 55 68 78 81 89 95 14 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 Recognized ADC Market Leader Cloud Optimized Solutions ADC MQ 2012 Slide 2 Overview Radware Solutions Attack Mitigation Services Elastic WAF Services ADC Services Summary Top Cloud Adoption Challenges QoE Performance Visibility Availability Application SLA Hybrid Cloud Support Cloud Infrastructure Resiliency Security Shared Risk Lack of Control Compliance Slide 4 Challenge & Opportunity Solution Overview Attack Mitigation Services Elastic WAF Services ADC Services Summary Radware Cloud Service Solutions Attack Mitigation • • • Protect Shared Infrastructure Protect Tenants Virtual Infrastructure Protect Tenant Applications Elastic WAF • • • Shared WAF Policy Per-Tenant WAF Policy Per-Tenant Private WAF • • Server and Site Load Balancing Application Performance • SSL & WPO • APM ADC Cloud Product Portfolio Vision 256 Fully Isolated Tenants AppWall VA Alteon 10000 24 Alteon 6420 Alteon 5224 1 DefensePro x420 Alteon VA 1G 10G 16G 20G 80G Cloud Infrastructure Eco-System Portals Cloud Management Platform Orchestration Monitoring vDirect Automation External Networks Messaging & Queing Network Services Alteon Network Fabrics DefensePro AppWall Virtual Infrastructure Storage Infrastructure Challenge & Opportunity Solution Overview Attack Mitigation Services Elastic WAF Services ADC Services Summary You Must Protect Shared Infrastructure 30% 30% 27% 24% 25% 63% of DDoS attacks take down shared infrastructure 20% 15% 8% 10% 5% 4% 5% 0% Internet pipe (saturation) Firewall IPS/IDS Load Balancer (ADC) The server under attack SQL Server Slide 10 DDoS Security to Customers How many DDoS attacks have you experienced in the past 12 months? 65% of organizations had an average of 3 DDoS attacks in the past 12 months DDoS attacks occur often and cost your customers a lot of money. $22,000 Average cost per minute of downtime $3,000,000 Average annual cost of DDoS attacks Slide 11 Radware Attack Mitigation System (AMS) Slide 12 Radware Products for DDoS as a Service APSolute Vision • • Security infrastructure management Tenant incident reporting DefensePro Protection • Remote Protect datacenter infrastructure and offer a secure cloud platform Users Mobile Users DefensePro Service • Protect tenant VM’s • Provide tenant applications Slide 13 Challenge & Opportunity Solution Overview Attack Mitigation Services Elastic WAF Services ADC Services Summary Web Security Statistics of organizations have been hacked at least once in the past two years through insecure web applications. State of Web Application Security Survey, Ponemon Institute of IT practitioners believe web application security is either more critical or equally critical to other security issues faced by their organizations. State of Web Application Security Survey, Ponemon Institute million median annual cost of a cyber attack. The First Annual Cost of Cyber Crime Study, Ponemon Institute Slide 15 WAF Technology Selection Criteria Tenant 1 Tenant 2 Tenant 3 Shared WAF Service Managed WAF appliance Virtual WAF Service Infrastructure Cost Low High Low Integration Effort Low High Low Self- Learning None Fast Fast Accuracy Low High High Service Cost Low High High Profitability Low Low High Slide 16 Radware Elastic WAF POD Solution AppWall Virtual Appliance AppWall WAF Auto-policy generation Multi-tenant support OOTB complianceCandidate reports • ADC-VX Service POD Scalability and Resiliency Services Known attack protection Alteon ADC-VX Prevent known attacks using signatures Remote Users • Compliance reporting and enforcement Block non-compliant traffic and produce compliance reports • Advanced web application security Application specific, adaptive auto-learningRadware WAF policy Vision per tenant Mobile Users Vision & vDirect Management, Reporting and Automation Adaptive Auto Policy Generation App Mapping Threat Analysis Policy Generation Policy Activation • Shortest time to protection – Up-to one week for rapid policy • Best security coverage – Auto threat aanalysis - No admins intervention – All rules are applied • Lowest false-positives – Auto optimization for negative security model – Adaptive security policy per security zone (“app- path”) • Security also when application changes – Automatically detects application changes Slide 18 Elastic WAF POD Cloud Integration • Operational Flexibility – Easy integration of service into tenant onboarding process – Operator defined Web security service profiles • Multi-Tenant Cloud Security OSS Operator Different Tenants – Security reports with tenant and operator views – Policy auto-learning - per customer/application • Network Integration – Seamless network integration - no need to redesign – Highly redundant design with no single point of failure Slide 19 Challenge & Opportunity Solution Overview Attack Mitigation Services Elastic WAF Services ADC Services Summary ADC Services Deployment Models • Shared ADC – – – – • All tenants share running ADC instance Tenants impacted by other tenants Configuration changes may affect all tenants Alteon hardware or virtual appliance Dedicated vADC per customer – Tenant has dedicated management and networking – Tenant level bw/cps/ssl/isolation guarantees on ADC-VX – Tenant level bw/cps/ssl/isolation reservation on x86 • Dedicated Alteon per customer – Tenant has dedicated hardware appliance Virtual Host ADC Technology Selection Criteria Shared ADC ADC per Customer vADC per Customer Infrastructure Cost Low High Low Integration Effort Low High Low Operational Model Risky Standard Standard SLA Enforcement None High High Service Cost Low High High Profitability High Low High Slide 22 Alteon Cloud & Hosting ADC Platform • Highest Density vADC Platform – 24 vADC’s on 1Gbps Platform – 256 vADC’s on 7RU Platform • Identical Offering Across Form Factors – Alteon VA for Virtual Servers – Alteon vADC’s for ADC-VX = Slide 23 Central Management and Automation Application____ HA__________ SSL__________ • Management of multiple devices as resource pool • Simplification of service rollout with AppShape and configuration templates Configuration Template Hardware SLB Soft HA Application XL High Capacity DMZ network Vision Management • OOTB automation services for vADC’s – Add tenants and vADCs – Increase vADC capacity – Add services/capabilities Slide 24 On Demand Scaling on ADC-VX Platform • Add tenants/vADC’s • Add capacity (Gbps) • Add services (APM, GSLB) Slide 25 Potential Services • Compute Scale Out Services – Automatically scale applications when needed – Update the ADC when scaling applications • Multi-cloud HA – traffic distribution across sites w/ experience optimization • Hybrid Cloud – Allow customers to run applications in private and cloud datacenters with single access address • SSL Offload – Offload processing of SSL encryption from servers to – Very significant with 2kb keys and virtual machines • Caching – Cache images and static content on ADC – Dynamically mark objects for client side caching Challenge & Opportunity Solution Overview Attack Mitigation Services Elastic WAF Services ADC Services Summary Top Hosting and Cloud Provider Challenges Customer confidence in the cloud Creating unique value proposition Revenue per customer Why Radware for the Cloud Datacenter Category Leading Technology Native Service Automation ADC-VX DefensePro AppWall Virtual and Cloud Appliances Form Factor Flexibility Cloud Aligned Business Model Thank You www.radware.com
© Copyright 2024