BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud
-
Upload
ixia -
Category
Technology
-
view
418 -
download
1
description
Transcript of BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud
![Page 1: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/1.jpg)
Practical Advice for Securing the High-Performance CloudFebruary 16th at 4:30 PM
![Page 2: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/2.jpg)
You Deal With An IT Firestorm Every Day…
![Page 3: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/3.jpg)
…And Now You Are Moving To The Cloud
3
Can you stay compliant?
Will it be secure?
Will it remain high-performing?
![Page 4: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/4.jpg)
Market DYNAMICS
50% of the world’s workloads will be virtualized by 2012
–CDW Survey
–Yankee Group
37% of large enterprises expect to adopt IaaS (cloud) in the next year
Security is a top concern for virtualization adoption
Virtualization is near de-facto architecture for clouds
–Gartner
–GigaOM
![Page 5: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/5.jpg)
5
The Challenge & Opportunity
![Page 6: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/6.jpg)
Page 6
How IS virtualization Different
![Page 7: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/7.jpg)
Page 7
Virtualization/Cloud Security Challenges
• Monitoring and auditing breaks– Physical security is blind to traffic– VMs can “move” to low trust zones
• Continuous enforcement is very difficult– VM replicate on a click and sprawl– VM users can self provision– “Bad” configurations proliferate easily
• Separation of duties is lost– Server, network boundaries are blurred– Unified administration gives too
• Least privilege access policy enforcement is lost– VM access patterns can change with “migration”– Too much change means errors
![Page 8: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/8.jpg)
Page 8
Goal: Enable Cloud/Retain Control
1. VLANs offer no granular security
2. Physical FWs are expensive
1. Agents are very costly to manage
2. Significant perfdegradation
1. Superior security2. “Wire-line” perf3. Minimal
overhead4. 10x cost
reduction
![Page 9: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/9.jpg)
Page 9
The IDEAL MIX: Hypervisor-BASED Security1. Using a custom kernel enforcement embeds into the ESX hypervisor in “fast path” mode 2. All packets flow through the hypervisor-embedded security engine
![Page 10: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/10.jpg)
vGW & The Hypervisor-based Architecture
Enterprise-gradeVMware “VMsafe Certified”Protects each VM and the hypervisorFault-tolerant architecture (i.e. HA)
Virtualization Aware“Secure VMotion” scales to 1,000+ ESX“Auto Secure” detects/protects new VMs
Granular, Tiered DefenseStateful firewall and integrated IDSFlexible Policy Enforcement – Zone, VM group, VM, Application, Port, Protocol, Security state
THE vGW ENGINE
Virtual Center VM
VM1 VM2 VM3
Partner Server(IDS, SIM,
Syslog, Netflow)
Packet Data
VMWARE DVFILTER
VMWARE VSWITCH OR CISCO 1000V
HYPERVISOR
ESX Kernal
ESX H
ost
Security Design
for VGW
![Page 11: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/11.jpg)
Traditional Cloud Validation Approach
Application TrafficTest Software
FirewallRouter IPS
Load Balancer
Switch
SSL Accelerator
Virtual or Physical Server, Server
Farm, Data Center
• 100-1000+ servers• $ Millions in software licenses• Multiple products with
separate interfaces• Many disassociated reports • No security validation
• High total cost of ownership• Limited performance• Doesn’t effectively stress
infrastructure• Inaccurate and error-prone• Complex and labor intensive
![Page 12: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/12.jpg)
BreakingPoint’s Approach• Stresses infrastructure with mix of stateful application traffic • Validates performance/effectiveness under extreme load conditions • Validates the integrity of server transactions• Integrates security for ability to assess performance under attack
![Page 13: BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High Performance Cloud](https://reader033.fdocuments.in/reader033/viewer/2022060122/559533c31a28ab8b5f8b4700/html5/thumbnails/13.jpg)
Questions and Answers
13