Балансировка и защита приложений как «облачный» сервис Алексей Кушнир,

Балансировка и защита
приложений как
«облачный» сервис
Алексей Кушнир,
Региональный директор
Россия и СНГ
Radware & Cloud
Cloud Customer & Partner Growth
189
Company Growth
167
144
109
38
5
43
44
55
68
78
81
89
95
14
1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
Recognized ADC Market Leader
Cloud Optimized Solutions
ADC MQ 2012
Slide 2
Overview
Radware Solutions
Attack Mitigation Services
Elastic WAF Services
ADC Services
Summary
Top Cloud Adoption Challenges
QoE
Performance
Visibility
Availability
Application
SLA
Hybrid Cloud
Support
Cloud
Infrastructure
Resiliency
Security
Shared Risk
Lack of
Control
Compliance
Slide 4
Challenge & Opportunity
Solution Overview
Attack Mitigation Services
Elastic WAF Services
ADC Services
Summary
Radware Cloud Service Solutions
Attack Mitigation
•
•
•
Protect Shared Infrastructure
Protect Tenants Virtual Infrastructure
Protect Tenant Applications
Elastic WAF
•
•
•
Shared WAF Policy
Per-Tenant WAF Policy
Per-Tenant Private WAF
•
•
Server and Site Load Balancing
Application Performance
• SSL & WPO
• APM
ADC
Cloud Product Portfolio
Vision
256
Fully Isolated Tenants
AppWall VA
Alteon 10000
24
Alteon 6420
Alteon 5224
1
DefensePro x420
Alteon VA
1G
10G
16G
20G
80G
Cloud Infrastructure Eco-System
Portals
Cloud
Management
Platform
Orchestration
Monitoring
vDirect
Automation
External
Networks
Messaging & Queing
Network Services
Alteon
Network
Fabrics
DefensePro
AppWall
Virtual Infrastructure
Storage Infrastructure
Challenge & Opportunity
Solution Overview
Attack Mitigation Services
Elastic WAF Services
ADC Services
Summary
You Must Protect Shared Infrastructure
30%
30%
27%
24%
25%
63% of DDoS attacks
take down shared
infrastructure
20%
15%
8%
10%
5%
4%
5%
0%
Internet pipe
(saturation)
Firewall
IPS/IDS
Load
Balancer
(ADC)
The server
under attack
SQL Server
Slide 10
DDoS Security to Customers
How many DDoS attacks have you
experienced in the past 12 months?
65%
of organizations had an
average of 3 DDoS
attacks in the past 12
months
DDoS attacks occur often and cost
your customers a lot of money.
$22,000
Average cost per minute of downtime
$3,000,000
Average annual cost of DDoS attacks
Slide 11
Radware Attack Mitigation System (AMS)
Slide 12
Radware Products for DDoS as a Service
APSolute Vision
•
•
Security infrastructure management
Tenant incident reporting
DefensePro Protection
• Remote
Protect datacenter infrastructure and offer a
secure cloud platform
Users
Mobile
Users
DefensePro Service
• Protect tenant VM’s
• Provide tenant applications
Slide 13
Challenge & Opportunity
Solution Overview
Attack Mitigation Services
Elastic WAF Services
ADC Services
Summary
Web Security Statistics
of organizations have been hacked at least once in the past two years through insecure
web applications.
State of Web Application Security Survey, Ponemon Institute
of IT practitioners believe web application security is either more critical or equally
critical to other security issues faced by their organizations.
State of Web Application Security Survey, Ponemon Institute
million
median annual cost of a cyber attack.
The First Annual Cost of Cyber Crime Study, Ponemon Institute
Slide 15
WAF Technology Selection Criteria
Tenant
1
Tenant
2
Tenant
3
Shared WAF
Service
Managed WAF
appliance
Virtual WAF
Service
Infrastructure Cost
Low
High
Low
Integration Effort
Low
High
Low
Self- Learning
None
Fast
Fast
Accuracy
Low
High
High
Service Cost
Low
High
High
Profitability
Low
Low
High
Slide 16
Radware Elastic WAF POD Solution
AppWall Virtual
Appliance
AppWall WAF
Auto-policy generation
Multi-tenant support
OOTB complianceCandidate
reports
•
ADC-VX
Service POD Scalability
and Resiliency
Services
Known attack protection
Alteon ADC-VX
Prevent known attacks using signatures
Remote
Users
•
Compliance reporting and enforcement
Block non-compliant traffic and produce compliance reports
•
Advanced web application security
Application specific, adaptive auto-learningRadware
WAF policy
Vision per tenant
Mobile
Users
Vision & vDirect
Management, Reporting
and Automation
Adaptive Auto Policy Generation
App
Mapping
Threat
Analysis
Policy
Generation
Policy
Activation
• Shortest time to protection
– Up-to one week for rapid policy
• Best security coverage
– Auto threat aanalysis - No admins intervention
– All rules are applied
• Lowest false-positives
– Auto optimization for negative security model
– Adaptive security policy per security zone (“app- path”)
• Security also when application changes
– Automatically detects application changes
Slide 18
Elastic WAF POD Cloud Integration
• Operational Flexibility
– Easy integration of service into tenant onboarding process
– Operator defined Web security service profiles
• Multi-Tenant Cloud Security
OSS
Operator
Different Tenants
– Security reports with tenant and operator views
– Policy auto-learning - per customer/application
• Network Integration
– Seamless network integration - no need to redesign
– Highly redundant design with no single point of failure
Slide 19
Challenge & Opportunity
Solution Overview
Attack Mitigation Services
Elastic WAF Services
ADC Services
Summary
ADC Services Deployment Models
•
Shared ADC
–
–
–
–
•
All tenants share running ADC instance
Tenants impacted by other tenants
Configuration changes may affect all tenants
Alteon hardware or virtual appliance
Dedicated vADC per customer
– Tenant has dedicated management and networking
– Tenant level bw/cps/ssl/isolation guarantees on ADC-VX
– Tenant level bw/cps/ssl/isolation reservation on x86
•
Dedicated Alteon per customer
– Tenant has dedicated hardware appliance
Virtual Host
ADC Technology Selection Criteria
Shared ADC
ADC per
Customer
vADC per
Customer
Infrastructure Cost
Low
High
Low
Integration Effort
Low
High
Low
Operational Model
Risky
Standard
Standard
SLA Enforcement
None
High
High
Service Cost
Low
High
High
Profitability
High
Low
High
Slide 22
Alteon Cloud & Hosting ADC Platform
• Highest Density vADC Platform
– 24 vADC’s on 1Gbps Platform
– 256 vADC’s on 7RU Platform
• Identical Offering Across Form Factors
– Alteon VA for Virtual Servers
– Alteon vADC’s for ADC-VX
=
Slide 23
Central Management and Automation
Application____
HA__________
SSL__________
• Management of multiple devices as
resource pool
• Simplification of service rollout with
AppShape and configuration templates
Configuration
Template
Hardware SLB
Soft HA
Application XL
High Capacity
DMZ network
Vision
Management
• OOTB automation services for vADC’s
– Add tenants and vADCs
– Increase vADC capacity
– Add services/capabilities
Slide 24
On Demand Scaling on ADC-VX Platform
• Add tenants/vADC’s
• Add capacity (Gbps)
• Add services (APM, GSLB)
Slide 25
Potential Services
• Compute Scale Out Services
– Automatically scale applications when needed
– Update the ADC when scaling applications
• Multi-cloud HA
– traffic distribution across sites w/ experience optimization
• Hybrid Cloud
– Allow customers to run applications in private and cloud datacenters with
single access address
• SSL Offload
– Offload processing of SSL encryption from servers to
– Very significant with 2kb keys and virtual machines
• Caching
– Cache images and static content on ADC
– Dynamically mark objects for client side caching
Challenge & Opportunity
Solution Overview
Attack Mitigation Services
Elastic WAF Services
ADC Services
Summary
Top Hosting and Cloud Provider Challenges
Customer confidence in the cloud
Creating unique value proposition
Revenue per customer
Why Radware for the Cloud Datacenter
Category Leading
Technology
Native Service
Automation
ADC-VX
DefensePro
AppWall
Virtual and
Cloud
Appliances
Form Factor
Flexibility
Cloud Aligned
Business Model
Thank You
www.radware.com