HP Networking Secure Virtualisation Framework
-
Upload
hp-enterprise -
Category
Technology
-
view
1.339 -
download
4
description
Transcript of HP Networking Secure Virtualisation Framework
![Page 1: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/1.jpg)
SECURE VIRTUAL FRAMEWORK
Glen Gibson, Solution Architect – HP ESSN
Gary Boniface, Solution Architect - HP TippingPoint
![Page 2: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/2.jpg)
TECH AT WORK 2011 -- AGENDA
– DataCenter Trends => Cloud Computing
– HP Intrusion Prevention Systems Overview
– Virtual Visibility Gap
– vController Technology
– Automated Policy Enforcement
– VMware Partnership
![Page 3: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/3.jpg)
Present & Future
Virtualisation, Blades,Increased Bandwidth
Do more with less
Past
Dispersed, Physical
Connect everyone to everything
DATA CENTER TRENDS
Efficiency DrivesConsolidation
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
11K
8.8K
6.6K
4.4K
2.2K
0K
OSVDB Data: Year
Tota
l vu
lnera
bili
ties
Over the last 5 years on average, roughly 8k vulnerabilities are disclosed each year
Flawed Software is developed almost daily
![Page 4: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/4.jpg)
HP CLOUDSYSTEMINTEGRATED SYSTEM, PROVEN TECHNOLOGY
HP 3PAR
HP Cloud Service
Automation
HP BladeSystemMatrix
+ HP Networking
Service Provider Enhancements
Securing physical & virtual
Scalable utility storage
High performance fabric
Mission critical computing
SAAS aggregation
![Page 5: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/5.jpg)
Security Zone 2 Security Zone 3Security Zone 1
Layer3-4 Filters are not enough to block common attacks
WHY NIPS?
FW
NIPS NIPS
Internet DMZ LANFW
![Page 6: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/6.jpg)
Security Zone 2 Security Zone 3Security Zone 1
Layer3-4 Filters are not enough to block common attacks
WHY NIPS?
Remote LAN Productionrouter switch
NIPS NIPS
![Page 7: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/7.jpg)
Layer3-4 Filters are not enough to block common attacks
WHY NIPS?
Security Zone 2 Security Zone 3Security Zone 1
Guest OS 1 vSwitchvSwitch
NIPS NIPS
Guest OS 2
Guest OS 3 - n
![Page 8: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/8.jpg)
HP TIPPINGPOINT DVLABS LEADS THE INDUSTRY
Cumulative vulnerability discoveries(September 2005 to December 2010)
2010 vulnerability discoveries
Security research with real-world application
719
9453
8 70
200
400
600
800
1000319
48
10 0 70
50
100
150
200
250
300
350
![Page 9: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/9.jpg)
HP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE
VIRTUAL SECURITY GAP
![Page 10: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/10.jpg)
Virtualised Host
VM
App
OS
VM
App
OS
Virtualised Host
VM
App
OS
VM
App
OS
Virtualised Host
VM
App
OS
VM
App
OS
VMs moved to separate site
2
4
1
3
Hypervisor Security
– Mission critical
Host to Host Threats
– Can‟t deploy IPS in front of every server
VM to VM Threats
– Virtual trust zones
– Traffic does not enter the physical network for inspection
– A victim VM can attack other VMs
VM Mobility
– vMotion launches VMs in separate sites for DR
– Physical IPS options are cost prohibitive for these uses
THE VIRTUAL NETWORK VISIBILITY GAP
![Page 11: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/11.jpg)
TippingPoint IPS
VMCComponents– vController– Virtual Management Center (vMC)– IPS Platform
Flexibly Inspect Data in both the physical and virtual DC
Single set of security policies for entire DC protection.
VMware vCenter
Hypervisor
VMsafe Kernel Module
vSwitch
Redirect Policy
App App AppApp
Application VMs
OS OS OSOS vController
Service VM
ESX Virtual Hosts ESX Virtual Hosts ESX Virtual Hosts
SECURE VIRTUALISATION FRAMEWORK (SVF)
![Page 12: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/12.jpg)
TippingPoint IPS
VMC
VMware vCenter
Hypervisor
VMsafe Kernel Module
vSwitch
Redirect Policy
App App AppApp
Application VMs
OS OS OSOS vController
Service VM
SECURE VIRTUALISATION FRAMEWORK (SVF)
![Page 13: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/13.jpg)
It‟s all about the inspection policiesTIPPINGPOINT VMC
• Assign policies by VM and/or zone, not location or network connection
• Automate trust zone assignment for new or untrusted workloads
• Ensure policies follow VM regardless of state (in motion, powered on, powered off)
• Cloned VMs must automatically inherit parent policies
![Page 14: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/14.jpg)
VQL BASED TRUST ZONE DEFINITION
Example – card data holder environment
– Automated and highly scalable zone/policy definition• All VMs residing on datastore „pci_ide‟ in zone
• Zone/Policy definitions follow VMs throughout lifecycle
– Visualise security policies• VMs in „pci_cde‟ zone prohibited from communicating
with „dmz‟ zone VMs
• VMs within „pci_cde‟ are allowed to communicate
• Assign policies by VM and/or zone, not location or network connection
• Automate trust zone assignment for new or untrusted workloads
• Ensure policies follow VM regardless of state (in motion, powered on, powered off)
• Cloned VMs must automatically inherit parent policies
![Page 15: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/15.jpg)
VMware VMSafe Hypervisor Integration
– vController is fully integrated with VMware vSphereusing the VMSafe API
VMware vCenter Integration
– VMC is fully integrated with VMware‟s vCentermanagement console
Certified “VMware Ready”
– Supports Vmware vShere 4 (ESX / ESXi4)
VMWARE CERTIFIED
![Page 16: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/16.jpg)
DEMO
![Page 17: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/17.jpg)
HP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE
HP TIPPINGPOINT AND
VMWARE PARTNERSHIP
![Page 18: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/18.jpg)
HP TippingPoint and VMware Strategic Partnership
FEBRUARY 15 ANNOUNCEMENT
Strategic Development Partnership
VMware #1 Virtualization Platform
HP TippingPoint #1 Security Research/Architecture
Virtual Security Solutions today with vController and vShield
Building Next Generation Security APIs for Cloud Environments
Today:
HP TippingPoint‟s vController and VMware‟s vShield protect today‟s virtual environments
Tomorrow:
HP TippingPoint and VMware jointly develop next generationsecurity APIs to protect complex cloud environments
![Page 19: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/19.jpg)
Traditional IT Private Cloud Public Cloud
VMware vSphere and vShield
Hybrid Cloud
Anchored Enterprise
HP TippingPoint Network Intrusion Prevention
Best of Breed UbiquitousPervasive
Instant-On Enterprise
HP TIPPINGPOINT & VMWARE: SECURE THE CLOUD
![Page 20: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/20.jpg)
HP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE
NEXT STEPS
Visit: The Cloud System Feature
Engage: See the HP Rep at rear of clinic
Seek more: Request follow up via Eval Form
Re-Live: www.hp.com.au/taw11post
![Page 21: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/21.jpg)
HP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE
QUESTIONS?
![Page 22: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/22.jpg)
Eg: Mapped ModeVIRTUAL CONNECT – MAPPED & TUNNELED VLANS
Serverblades
VC Ethernet modules
Top of Rack Switch
T-40,50,60,190,191
VID 190
SUS
VID 191
tagged multiple VLANs
vNet-Out
vNIC
VID 40
T-40,50,60
vNIC
VID 50
vNIC
VID 60
VID 20 VID 30
SUS
UT UT
vNet2 vNet3
pNIC pNIC
vNet-In
pNIC
vSwitch
Multiple vNets
VIDs 40,50,60
T-190
T-191
![Page 23: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/23.jpg)
23
VCONTROLLER
![Page 24: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/24.jpg)
24
VCONTROLLER
![Page 25: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/25.jpg)
25
VCONTROLLER
![Page 26: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/26.jpg)
![Page 27: HP Networking Secure Virtualisation Framework](https://reader031.fdocuments.in/reader031/viewer/2022020122/546c23d9b4af9f612c8b4ed5/html5/thumbnails/27.jpg)
HP TECHNOLOGY@WORK 2011THE INSTANT-ON ENTERPRISE IS HERE