Presenting the VMware NSX ECO System May 2015 Geert Bussé| Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15 - 11:00 VMware NSX, the Network Virtualization Platform 11.15 - 12.00 Palo Alto - Finally, Data Center Security without Compromise 12.00 - 12.45 Juniper - QFX & MetaFabric - the Integration of VMware NSX 12:45 - 13:30 Lunch 13:30 - 14:15 Trend Micro - Optimised Security for Modern Data Centre 14:15 - 15:00 F5 - Discover how F5 and VMware deliver a software-defined data center by providing simplified end-to-end networking through an application-centric approach 15:00 - 15:15 Break 15:15 - 16:00 Check Point - Automating Multi-tiered Security in the NSX Eco system 16:00 - 16:15 Q&A 16:15 - 18:00 Network Drink with WINE TASTING Securing the Software Defined Data Center • Typical Security Challenges in (Traditional) Data Centers • SDDC: Definition and Components • From Traditional to Software Defined Data Center • Security Solutions • Layered Architecture • Key Takeaways Typical Security Challenges in (Traditional) Data Centers • Different layers and trust levels: Web - App – DB • Process intensive to apply security between VM’s. (100-1000’s of VM’s) • Lateral movement once compromised • Speed of server provisioning: avoid ‘instant on’ security gaps • Security impact on availability and performance Typical Security Challenges in (Traditional) Data Centers • Handling encrypted traffic (SSL) • Measure and monitor compliance • Application traffic vs. file system traffic • Cloud readiness The Software Defined Data Center: Definition Definition: Refers to a data center where all infrastructure is virtualized and delivered as a service. The core architectural components: • Computer virtualization • Software-defined networking (SDN) • Software-defined storage (SDS) • Management and automation software From Traditional to Software Defined Data Centers Security with NSX • Perimeter Security still required • Micro segmentation becomes feasible. • The automated provisioning of firewall policies when a workload is programmatically created. • Distributed enforcement at every virtual interface and in-kernel, distributed to every hypervisor and baked into the platform. • Native Isolation: No physical subnets, no VLANs, no ACLs are required. • Segmentation is enforced at the virtual interface and advanced security services can be added. Software Defined Data Center: Security Solutions • Data center firewall to secure datacenter access • Network segmentation firewall to secure inter VM traffic • DDOS protection: cloud & on premise • Web application firewall • Web Access Management Software Defined Data Center: Security Solutions • IPS for virtual patching • Data leakage prevention • Anti malware detection and cleaning • Compliance monitoring Layered Architecture Cloud Scrubbing Center DataCenter Firewall Volumetric DDOS attacks IPS Known signature attacks Sandboxing DLP Application Delivery Controler Web Application Firewall Anti DDOS Network Segmentation Firewall IPS – Anti Malware – Compl. Web App VM Finance VM VM VM HR VM Engineering DB VM VM VM VM Layered Architecture Cloud Scrubbing Center Volumetric DDOS attacks Known signature attacks • Multiple TB attack mitigation bandwidth • Multiple scrubbing datacenters • Fast mitigation • Limited false positives • Up to L7 • Customer portal with centralized attack and threat monitoring reports Layered Architecture DataCenter Firewall • IPS Sandboxing DLP High new connections per second (Application Traffic) • High number of concurrent connections • Scalable architecture: processing power and connectivity • User identity and application awareness • Platform for additional security modules • Policy integration with Network Segmentation Firewall Layered Architecture Application Delivery Controller Web Application Firewall Web Application Firewall: • OWASP top 10 threats • Cover Zero Day Attacks by Positive Security Model • HTTP anti-DDoS • Integration with Vulnerability Management Solution • Detection and Prevention of Web Scraping • PCI compliance Software Defined Data Center: Web Application Firewall Layered Architecture Anti DDOS On Premise DDOS protections • Application Visibility • Threat Intelligence • Built in SSL decryption • Real Time Reporting and Forensics Layered Architecture • Integration via API with Virtualized Network Network Segmentation Firewall Web and Compute App DB • Security is completely decoupled from logical network topology. VM Finance VM • The firewall function is brought directly to the VM VM. Any traffic sent or received by this VM processed by the NSF. VM HR VM • Application Visibility Engineering VM VM VM VM Layered Architecture • Virtual Patching via IPS IPS- Anti Malware – Compl. Web • Agentless Anti Malware App DB • Hypervisor integrity Monitoring • Data Encryption VM Finance VM • DLP VM • Server Compliance Monitoring • System Log inspection VM HR VM • Automatically quarantining of compromised VM’s Engineering VM VM VM VM Key Takeaways • Perimeter Security ‘only’ is not sufficient in today’s world of advanced threats • NSX simplifies significantly inter VM security and makes it feasable but you still need additional security solutions from leading security vendors to increase security effectiveness. • Don’t forget Anti DDOS, WAF & Anti Malware • Talk to our vendors today about your requirements and needs Enjoy the rest of the day!
© Copyright 2024