SlideShare una empresa de Scribd logo

Design and Deploy Secure Clouds for Financial Services Use Cases

Descargar como PPTX, PDF
P
PLUMgrid

This document discusses using Red Hat OpenStack Platform and micro-segmentation to securely deploy financial services clouds. It covers common OpenStack security challenges, how Red Hat OpenStack Platform addresses these challenges through automation and templates, and how micro-segmentation provides isolation and strict access controls. The presentation then demonstrates micro-segmentation using virtual domains to separate workloads and apply fine-grained security policies in a demo.

Tecnología
1 de 28
Design and Deploy Secure Clouds for Financial Services – Use Cases August 18, 2016
Copyright © PLUMgrid, Inc. 2011-2015 Introduction Speakers 2 Principal Solutions Architect Justin Moore Sr. Solution Architect – OpenStack Tiger Team Joe Antkowiak PLUMgrid Red Hat
Copyright © PLUMgrid, Inc. 2011-2015 Agenda What’s will be covered today 3 1 OpenStack Infrastructure Security - Addressing Common Security Challenges using Red Hat OpenStack Platform Security and compliance through automation and micro-segmentation with OpenStack and SDN Micro-Segmentation Demo3 2
OpenStack Infrastructure Security Addressing Common Security Challenges using Red Hat OpenStack Platform Joe Antkowiak Sr Solution Architect August 18, 2016
Agenda  Common OpenStack Infrastructure Security Challenges  Addressing Challenges with Red Hat OpenStack Platform Director  Addressing Challenges with Red Hat CloudForms
OpenStack Infrastructure Security Common Challenges  Many Manual Tasks  Infrastructure Secured Post Deployment  Detecting Change and Enforcing Policy  Maintaining Secure Configuration and Policy When Upgrading and Scaling
<footer> OPENSTACK PLATFORM DIRECTOR DAY 1 + SCALING/UPGRADING Director is included in Red Hat OpenStack Platform CLOUDFORMS DAY 2 + LIFECYCLE CloudForms is included in Red Hat OpenStack Platform
<footer> Red Hat OpenStack Platform Director DEPLOYMENTPLANNING OPERATIONS Updates and upgrades Scaling up and down Change management Deployment orchestration Service configuration Sanity checks Network topology Service parameters Resource capacity OpenStack Orchestration
OpenStack Platform Director (OSPd) Advantages for OpenStack Security USES OPENSTACK TO DEPLOY OPENSTACK Concepts applicable to workloads running on OpenStack are applicable to OpenStack itself IMAGE BASED Nodes installed from a customize-able source image TEMPLATE BASED Customize-able, reusable, repeatable use of Heat templates (YAML) to install, scale, and upgrade
OSP Director Image Customization Image Customization Examples for Security KERNEL Deploy a custom kernel build, or hardened kernel (with validation) PACKAGES Deploy specific package versions or additional packages LOCAL ACCOUNTS AND POLICIES Define custom local accounts and SELinux configuration
OSP Director Template-Based Deployment Template-Based Configuration Examples for Security SSL/TLS ENABLED CONTROL PLANE AND ENDPOINTS Enable transport encryption on all control plane communication using your certificates AAA INTEGRATION Integrate with your AAA infrastructure (LDAP, Kerberos, etc) SERVICES CONFIGURATION Configure Logging, NTP, Monitoring Tools
<footer> Red Hat CloudForms UNIFIED MANAGEMENT AND OPERATIONS COMPLETE LIFECYCLE MANAGEMENT VISIBILITY AND ANALYTICS COMPLIANCE AND GOVERNANCE INTEGRATION AND COMPOSABILITY Unified Management for OpenStack
CloudForms Compliance and Governance ANALYZE Automatically perform SmartState Analysis on OpenStack Nodes and Instances (agent-less) TRACK AND ALERT Report on changes and drift, automatically alert based on defined policy REMEDIATE Automatically kick off defined remediation or deeper inspection actions Example Functions
CloudForms SmartState Analysis Examples of Items Tracked PACKAGES AND FILES Package versions, new/changed files LOCAL USERS AND ACTIONS User actions/commands, users and groups added or changed COMPONENT CHANGES Added or changed network interfaces, storage attached, new instances or containers running
Thank you! Please Post Questions in Webinar Visit Red Hat at OpenStack East August 23-24, NYC red.ht/openstack red.ht/cloudforms
Security and compliance through automation and micro-segmentation with OpenStack and SDN Justin Moore
Copyright © PLUMgrid, Inc. 2011-2015 • Regulatory Compliance • PCI • SOX • Security • Separation of concerns • Minimize attack surface • Strict enforcement of access control • Operations • Reduce manual effort through automation • Protect against misconfiguration • Dev/Test pointed to Prod • Incorrect or invalid firewall rule • Server placed on wrong network • Rapidly scale Technology Challenges in FSI
Copyright © PLUMgrid, Inc. 2011-2015 • Too slow • Ticket based manual workflows take days or weeks • New methodologies demand on-demand infrastructure, and tight integration with the SDLC • Agile • CI/CD • Micro-services • Error prone • Lack of automation and standardization leads to errors • Incomplete or inadequate de-comission processes • Too expensive • Scale-up Access Control devices/Forklift upgrades • Highly skilled and highly paid engineers performing trivial ticket based activities Traditional Approaches No Longer Work 18
Copyright © PLUMgrid, Inc. 2011-2015 • Cloud! • Ok – it’s not really that simple. What about all of that security stuff? • SDN! • Again – it’s not really as simple as buying an SDN. • How will we design the system to ensure that security is baked into the end-to-end environment? • Micro-segmentation • Great – another buzzword! • Micro-segmentation is the process of controlling access to and from a service based on the combination of security boundary and attack foot- print • Don’t we already do that? • Not really! So How Do We Keep Up? 19
Copyright © PLUMgrid, Inc. 2011-2015 Virtual Domains Your Private Virtual Data Center 20 • Tenant Virtual Domains • Isolation & segmentation of workloads • Self-service provision of all functions • Service Virtual Domains • Owned by Cloud Operator • Used to apply common services or security policies • Hosts external connectivity • Virtual Domain Chaining • Decouple changes from physical infrastructure • Fully distributed within IO Visor layer on each compute node DNS Service Virtual Domain Tenant Virtual Domains
Copyright © PLUMgrid, Inc. 2011-2015 PLUMgrid Virtual Domains Components of a Virtual Domain 21 Virtual Domain DistributedPolicy EnforcementZone Edge Policy Enforcement Point Virtual Domain (VD) — ISOLATION • Secure Tenant Isolation for multi-tenant clouds Contains all Network definitions for that Project • Rich set of analytics and monitoring • Option to encrypt traffic on a per VD basis Topology — Overlay based fully Distributed Network Functions • Network topology view • DVS/DVR/NAT/DNS/DHCP functions • Fully Distributed (No hairpin or network nodes) • Integration with external VTEP Gateways • Topology based Service Insertion (FW/LB/IPS) Policy boundary — SEGMENTATION • Group Based Policies & Micro-segmentation • All traffic in-out of VD goes through Policy Engine • Used for Security Groups (L2-4 stateless or state- full security) • Policy based VTAP (traffic capture) • Policy based Service Insertion (FW/LB/IPS) • Support for Service Chains or single Service Function
Copyright © PLUMgrid, Inc. 2011-2015 PLUMgrid ONS Components 22 Internet IO Visor Gateway IO Visor Edges (Compute Nodes) PLUMgrid Directors VXLAN-based Overlay PLUMgrid CloudApex & OpsVM
Copyright © PLUMgrid, Inc. 2011-2015 Example Application – Customer Service Tool 23 DNS Global Cloud Policy Prod CSTDev CST
Copyright © PLUMgrid, Inc. 2011-2015 Three-Tier Architecture Presentation tier Logic tier Data tier Database Storage GET LIST OF ALL SALES MADE LAST YEAR ADD ALL SALES TOGETHER > GET SALES TOTAL > GET SALES TOTAL 4 TOTAL SALES QUERY SALE 1 SALE 2 SALE 3 SALE 4
Copyright © PLUMgrid, Inc. 2011-2015 PLUMgrid Policy Path 25 Group Classification (source & destination End Point classification) Packets - sMAC / .1Q - src_IP/dst_IP - Application / Ports - Protocols Meta Data - Tenant ID / App ID - VM UUID / Name - End Point Type / Group - Location / physical Server Behavior - Traffic Profile - Sys Call profile - Storage Access Profile Stateful Security Groups Security Logs & Alerts Policy based VTAP Traffic mirroring Policy based Service Insertion VNF 1 VNF 2 VNF 3 - Service Chains - Distributed Service Insertion - Local Affinity
Micro-Segmentation Demo 26
Q&A Please use the Q&A panel to ask questions
Copyright © PLUMgrid, Inc. 2011-2015 THANK YOU!

Recomendados

Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack Clouds
PLUMgrid
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile Edge
PLUMgrid
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
Hands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack NetworkHands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack Network
PLUMgrid
 
See Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never BeforeSee Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never Before
PLUMgrid
 
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
PLUMgrid
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 

Recomendados

Monitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack CloudsMonitoring Security Policies for Container and OpenStack Clouds
Monitoring Security Policies for Container and OpenStack Clouds
PLUMgrid
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
Delivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile EdgeDelivering Composable NFV Services for Business, Residential and Mobile Edge
Delivering Composable NFV Services for Business, Residential and Mobile Edge
PLUMgrid
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
Hands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack NetworkHands-on Lab: Test Drive Your OpenStack Network
Hands-on Lab: Test Drive Your OpenStack Network
PLUMgrid
 
See Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never BeforeSee Your OpenStack Network Like Never Before
See Your OpenStack Network Like Never Before
PLUMgrid
 
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
SDN Scale-out Testing at OpenStack Innovation Center (OSIC)
PLUMgrid
 
You Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it TooYou Can Build Your OpenStack and Consume it Too
You Can Build Your OpenStack and Consume it Too
PLUMgrid
 
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
PLUMgrid
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud Foundry
PLUMgrid
 
Why OpenDaylight
Why OpenDaylightWhy OpenDaylight
Why OpenDaylight
Lumina Networks
 
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBHow to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
SDNRG ITB
 
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
Cisco DevNet
 
Nuage Networks for Dynamic Network Orchestration
Nuage Networks for Dynamic Network OrchestrationNuage Networks for Dynamic Network Orchestration
Nuage Networks for Dynamic Network Orchestration
Jonas Vermeulen
 
OpenStack (projects 101)
OpenStack (projects 101)OpenStack (projects 101)
OpenStack (projects 101)
Hazzim Anaya
 
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate RelationshipOpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
PLUMgrid
 
Hope, fear, and the data center time machine
Hope, fear, and the data center time machineHope, fear, and the data center time machine
Hope, fear, and the data center time machine
Cisco Canada
 
7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra
SDNRG ITB
 
OpenStack Telco Cloud Challenges, David Fick, Oracle
OpenStack Telco Cloud Challenges, David Fick, OracleOpenStack Telco Cloud Challenges, David Fick, Oracle
OpenStack Telco Cloud Challenges, David Fick, Oracle
Sriram Subramanian
 
The Changing Data Center Landscape
The Changing Data Center LandscapeThe Changing Data Center Landscape
The Changing Data Center Landscape
Cisco Canada
 
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
シスコシステムズ合同会社
 
Discover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solutionDiscover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solution
Scaleway
 
OpenStack for EDGE computing
OpenStack for EDGE computingOpenStack for EDGE computing
OpenStack for EDGE computing
Hazzim Anaya
 
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
Cisco Canada
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Mitchell Pronschinske
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Robb Boyd
 
The Evolution of the Data Centre
The Evolution of the Data CentreThe Evolution of the Data Centre
The Evolution of the Data Centre
Cisco Canada
 
1 - SDNRG ITB, 10 minutes intro by Affan Basalamah
1 - SDNRG ITB, 10 minutes intro by Affan Basalamah 1 - SDNRG ITB, 10 minutes intro by Affan Basalamah
1 - SDNRG ITB, 10 minutes intro by Affan Basalamah
SDNRG ITB
 
What manufacturing teaches about DevOps
What manufacturing teaches about DevOpsWhat manufacturing teaches about DevOps
What manufacturing teaches about DevOps
Gordon Haff
 
Cloudforms Workshop
Cloudforms WorkshopCloudforms Workshop
Cloudforms Workshop
Scalar Decisions
 

Más contenido relacionado

La actualidad más candente

CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
Cisco DevNet
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Robb Boyd
 

La actualidad más candente (20)

How to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | WebinarHow to Quickly Implement a Secure Cloud for Government and Military | Webinar
How to Quickly Implement a Secure Cloud for Government and Military | Webinar
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud Foundry
 
Why OpenDaylight
Why OpenDaylightWhy OpenDaylight
Why OpenDaylight
 
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBHow to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
 
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...
 
Nuage Networks for Dynamic Network Orchestration
Nuage Networks for Dynamic Network OrchestrationNuage Networks for Dynamic Network Orchestration
Nuage Networks for Dynamic Network Orchestration
 
OpenStack (projects 101)
OpenStack (projects 101)OpenStack (projects 101)
OpenStack (projects 101)
 
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate RelationshipOpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
OpenStack and Application Delivery: Joy and Pain of an Intricate Relationship
 
Hope, fear, and the data center time machine
Hope, fear, and the data center time machineHope, fear, and the data center time machine
Hope, fear, and the data center time machine
 
7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra
 
OpenStack Telco Cloud Challenges, David Fick, Oracle
OpenStack Telco Cloud Challenges, David Fick, OracleOpenStack Telco Cloud Challenges, David Fick, Oracle
OpenStack Telco Cloud Challenges, David Fick, Oracle
 
The Changing Data Center Landscape
The Changing Data Center LandscapeThe Changing Data Center Landscape
The Changing Data Center Landscape
 
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
【Cisco OpenStack Seminar 2015.10.26】 OpenStack as Strategy for future growth
 
Discover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solutionDiscover the benefits of Kubernetes to host a SaaS solution
Discover the benefits of Kubernetes to host a SaaS solution
 
OpenStack for EDGE computing
OpenStack for EDGE computingOpenStack for EDGE computing
OpenStack for EDGE computing
 
Expanding your impact with programmability in the data center
Expanding your impact with programmability in the data centerExpanding your impact with programmability in the data center
Expanding your impact with programmability in the data center
 
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft AzureModernizing Application Deployments with HashiCorp Consul on Microsoft Azure
Modernizing Application Deployments with HashiCorp Consul on Microsoft Azure
 
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch CloudProtect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
 
The Evolution of the Data Centre
The Evolution of the Data CentreThe Evolution of the Data Centre
The Evolution of the Data Centre
 
1 - SDNRG ITB, 10 minutes intro by Affan Basalamah
1 - SDNRG ITB, 10 minutes intro by Affan Basalamah 1 - SDNRG ITB, 10 minutes intro by Affan Basalamah
1 - SDNRG ITB, 10 minutes intro by Affan Basalamah
 

Destacado

What manufacturing teaches about DevOps
What manufacturing teaches about DevOpsWhat manufacturing teaches about DevOps
What manufacturing teaches about DevOps
Gordon Haff
 
Testing the limits of cloud networks
Testing the limits of cloud networksTesting the limits of cloud networks
Testing the limits of cloud networks
PLUMgrid
 
How to grow a vegetable garden
How to grow a vegetable gardenHow to grow a vegetable garden
How to grow a vegetable garden
natalie_0302
 
Capstone Presentation _ NND
Capstone Presentation _ NNDCapstone Presentation _ NND
Capstone Presentation _ NND
Nisel Desai
 

Destacado (14)

What manufacturing teaches about DevOps
What manufacturing teaches about DevOpsWhat manufacturing teaches about DevOps
What manufacturing teaches about DevOps
 
Cloudforms Workshop
Cloudforms WorkshopCloudforms Workshop
Cloudforms Workshop
 
Cloud nfv intro at UoG
Cloud nfv intro at UoGCloud nfv intro at UoG
Cloud nfv intro at UoG
 
Testing the limits of cloud networks
Testing the limits of cloud networksTesting the limits of cloud networks
Testing the limits of cloud networks
 
How to grow a vegetable garden
How to grow a vegetable gardenHow to grow a vegetable garden
How to grow a vegetable garden
 
Q1 - evaluation
Q1 - evaluationQ1 - evaluation
Q1 - evaluation
 
Capstone Presentation _ NND
Capstone Presentation _ NNDCapstone Presentation _ NND
Capstone Presentation _ NND
 
Building a Scalable Federated Hybrid Cloud
Building a Scalable Federated Hybrid CloudBuilding a Scalable Federated Hybrid Cloud
Building a Scalable Federated Hybrid Cloud
 
ERA_Overview
ERA_OverviewERA_Overview
ERA_Overview
 
Método de proyecto para la educación en tecnología
Método de proyecto para la educación en tecnologíaMétodo de proyecto para la educación en tecnología
Método de proyecto para la educación en tecnología
 
Tiffanie Pierce Vitae
Tiffanie Pierce VitaeTiffanie Pierce Vitae
Tiffanie Pierce Vitae
 
Communicable disease
Communicable diseaseCommunicable disease
Communicable disease
 
Federation manager demo
Federation manager demoFederation manager demo
Federation manager demo
 
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
Managing Multi-hypervisor OpenStack Cloud with Single Virtual NetworkManaging Multi-hypervisor OpenStack Cloud with Single Virtual Network
Managing Multi-hypervisor OpenStack Cloud with Single Virtual Network
 

Similar a Design and Deploy Secure Clouds for Financial Services Use Cases

Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
Cisco Russia
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
Srinivasa Addepalli
 

Similar a Design and Deploy Secure Clouds for Financial Services Use Cases (20)

Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
 
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
Cisco Connect Toronto 2018 sd-wan - delivering intent-based networking to t...
 
CISCO: Accelerating Small Cell Deployments in the Enterprise
CISCO: Accelerating Small Cell Deployments in the EnterpriseCISCO: Accelerating Small Cell Deployments in the Enterprise
CISCO: Accelerating Small Cell Deployments in the Enterprise
 
APT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptxAPT iTest and Velocity 7.3 Use Cases.pptx
APT iTest and Velocity 7.3 Use Cases.pptx
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
Platform Observability and Infrastructure Closed Loops
Platform Observability and Infrastructure Closed LoopsPlatform Observability and Infrastructure Closed Loops
Platform Observability and Infrastructure Closed Loops
 
Science logic cloudstack london meetup 2015 02-11
Science logic cloudstack london meetup 2015 02-11Science logic cloudstack london meetup 2015 02-11
Science logic cloudstack london meetup 2015 02-11
 
Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
 
Application Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centreApplication Centric Infrastructure (ACI), the policy driven data centre
Application Centric Infrastructure (ACI), the policy driven data centre
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Fluentd – Making Logging Easy & Effective in a Multi-cloud & Hybrid Environme...
Fluentd – Making Logging Easy & Effective in a Multi-cloud & Hybrid Environme...Fluentd – Making Logging Easy & Effective in a Multi-cloud & Hybrid Environme...
Fluentd – Making Logging Easy & Effective in a Multi-cloud & Hybrid Environme...
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
Enterprise Cloud Transformation
Enterprise Cloud TransformationEnterprise Cloud Transformation
Enterprise Cloud Transformation
 
Baltimore jan2019 mule4
Baltimore jan2019 mule4Baltimore jan2019 mule4
Baltimore jan2019 mule4
 
OpenFlow: What is it Good For?
OpenFlow: What is it Good For? OpenFlow: What is it Good For?
OpenFlow: What is it Good For?
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
 

Más de PLUMgrid

In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
PLUMgrid
 
Service Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices ArchitectureService Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices Architecture
PLUMgrid
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
PLUMgrid
 

Más de PLUMgrid (11)

In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
 
Service Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices ArchitectureService Discovery and Registration in a Microservices Architecture
Service Discovery and Registration in a Microservices Architecture
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
 
Implementing vCPE with OpenStack and Software Defined Networks
Implementing vCPE with OpenStack and Software Defined NetworksImplementing vCPE with OpenStack and Software Defined Networks
Implementing vCPE with OpenStack and Software Defined Networks
 
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
Docker Networking in Swarm, Mesos and Kubernetes [Docker Meetup Santa Clara |...
 
Unified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack CloudsUnified Underlay and Overlay SDNs for OpenStack Clouds
Unified Underlay and Overlay SDNs for OpenStack Clouds
 
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFVRevolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
Revolutionizing IT and Telecom Industry with OpenStack, SDN and NFV
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Network Monitoring and Analytics
Network Monitoring and AnalyticsNetwork Monitoring and Analytics
Network Monitoring and Analytics
 
Navigating OpenStack Networking
Navigating OpenStack NetworkingNavigating OpenStack Networking
Navigating OpenStack Networking
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Design and Deploy Secure Clouds for Financial Services Use Cases

  • 1. Design and Deploy Secure Clouds for Financial Services – Use Cases August 18, 2016
  • 2. Copyright © PLUMgrid, Inc. 2011-2015 Introduction Speakers 2 Principal Solutions Architect Justin Moore Sr. Solution Architect – OpenStack Tiger Team Joe Antkowiak PLUMgrid Red Hat
  • 3. Copyright © PLUMgrid, Inc. 2011-2015 Agenda What’s will be covered today 3 1 OpenStack Infrastructure Security - Addressing Common Security Challenges using Red Hat OpenStack Platform Security and compliance through automation and micro-segmentation with OpenStack and SDN Micro-Segmentation Demo3 2
  • 4. OpenStack Infrastructure Security Addressing Common Security Challenges using Red Hat OpenStack Platform Joe Antkowiak Sr Solution Architect August 18, 2016
  • 5. Agenda  Common OpenStack Infrastructure Security Challenges  Addressing Challenges with Red Hat OpenStack Platform Director  Addressing Challenges with Red Hat CloudForms
  • 6. OpenStack Infrastructure Security Common Challenges  Many Manual Tasks  Infrastructure Secured Post Deployment  Detecting Change and Enforcing Policy  Maintaining Secure Configuration and Policy When Upgrading and Scaling
  • 7. <footer> OPENSTACK PLATFORM DIRECTOR DAY 1 + SCALING/UPGRADING Director is included in Red Hat OpenStack Platform CLOUDFORMS DAY 2 + LIFECYCLE CloudForms is included in Red Hat OpenStack Platform
  • 8. <footer> Red Hat OpenStack Platform Director DEPLOYMENTPLANNING OPERATIONS Updates and upgrades Scaling up and down Change management Deployment orchestration Service configuration Sanity checks Network topology Service parameters Resource capacity OpenStack Orchestration
  • 9. OpenStack Platform Director (OSPd) Advantages for OpenStack Security USES OPENSTACK TO DEPLOY OPENSTACK Concepts applicable to workloads running on OpenStack are applicable to OpenStack itself IMAGE BASED Nodes installed from a customize-able source image TEMPLATE BASED Customize-able, reusable, repeatable use of Heat templates (YAML) to install, scale, and upgrade
  • 10. OSP Director Image Customization Image Customization Examples for Security KERNEL Deploy a custom kernel build, or hardened kernel (with validation) PACKAGES Deploy specific package versions or additional packages LOCAL ACCOUNTS AND POLICIES Define custom local accounts and SELinux configuration
  • 11. OSP Director Template-Based Deployment Template-Based Configuration Examples for Security SSL/TLS ENABLED CONTROL PLANE AND ENDPOINTS Enable transport encryption on all control plane communication using your certificates AAA INTEGRATION Integrate with your AAA infrastructure (LDAP, Kerberos, etc) SERVICES CONFIGURATION Configure Logging, NTP, Monitoring Tools
  • 13. CloudForms Compliance and Governance ANALYZE Automatically perform SmartState Analysis on OpenStack Nodes and Instances (agent-less) TRACK AND ALERT Report on changes and drift, automatically alert based on defined policy REMEDIATE Automatically kick off defined remediation or deeper inspection actions Example Functions
  • 14. CloudForms SmartState Analysis Examples of Items Tracked PACKAGES AND FILES Package versions, new/changed files LOCAL USERS AND ACTIONS User actions/commands, users and groups added or changed COMPONENT CHANGES Added or changed network interfaces, storage attached, new instances or containers running
  • 15. Thank you! Please Post Questions in Webinar Visit Red Hat at OpenStack East August 23-24, NYC red.ht/openstack red.ht/cloudforms
  • 16. Security and compliance through automation and micro-segmentation with OpenStack and SDN Justin Moore
  • 17. Copyright © PLUMgrid, Inc. 2011-2015 • Regulatory Compliance • PCI • SOX • Security • Separation of concerns • Minimize attack surface • Strict enforcement of access control • Operations • Reduce manual effort through automation • Protect against misconfiguration • Dev/Test pointed to Prod • Incorrect or invalid firewall rule • Server placed on wrong network • Rapidly scale Technology Challenges in FSI
  • 18. Copyright © PLUMgrid, Inc. 2011-2015 • Too slow • Ticket based manual workflows take days or weeks • New methodologies demand on-demand infrastructure, and tight integration with the SDLC • Agile • CI/CD • Micro-services • Error prone • Lack of automation and standardization leads to errors • Incomplete or inadequate de-comission processes • Too expensive • Scale-up Access Control devices/Forklift upgrades • Highly skilled and highly paid engineers performing trivial ticket based activities Traditional Approaches No Longer Work 18
  • 19. Copyright © PLUMgrid, Inc. 2011-2015 • Cloud! • Ok – it’s not really that simple. What about all of that security stuff? • SDN! • Again – it’s not really as simple as buying an SDN. • How will we design the system to ensure that security is baked into the end-to-end environment? • Micro-segmentation • Great – another buzzword! • Micro-segmentation is the process of controlling access to and from a service based on the combination of security boundary and attack foot- print • Don’t we already do that? • Not really! So How Do We Keep Up? 19
  • 20. Copyright © PLUMgrid, Inc. 2011-2015 Virtual Domains Your Private Virtual Data Center 20 • Tenant Virtual Domains • Isolation & segmentation of workloads • Self-service provision of all functions • Service Virtual Domains • Owned by Cloud Operator • Used to apply common services or security policies • Hosts external connectivity • Virtual Domain Chaining • Decouple changes from physical infrastructure • Fully distributed within IO Visor layer on each compute node DNS Service Virtual Domain Tenant Virtual Domains
  • 21. Copyright © PLUMgrid, Inc. 2011-2015 PLUMgrid Virtual Domains Components of a Virtual Domain 21 Virtual Domain DistributedPolicy EnforcementZone Edge Policy Enforcement Point Virtual Domain (VD) — ISOLATION • Secure Tenant Isolation for multi-tenant clouds Contains all Network definitions for that Project • Rich set of analytics and monitoring • Option to encrypt traffic on a per VD basis Topology — Overlay based fully Distributed Network Functions • Network topology view • DVS/DVR/NAT/DNS/DHCP functions • Fully Distributed (No hairpin or network nodes) • Integration with external VTEP Gateways • Topology based Service Insertion (FW/LB/IPS) Policy boundary — SEGMENTATION • Group Based Policies & Micro-segmentation • All traffic in-out of VD goes through Policy Engine • Used for Security Groups (L2-4 stateless or state- full security) • Policy based VTAP (traffic capture) • Policy based Service Insertion (FW/LB/IPS) • Support for Service Chains or single Service Function
  • 22. Copyright © PLUMgrid, Inc. 2011-2015 PLUMgrid ONS Components 22 Internet IO Visor Gateway IO Visor Edges (Compute Nodes) PLUMgrid Directors VXLAN-based Overlay PLUMgrid CloudApex & OpsVM
  • 23. Copyright © PLUMgrid, Inc. 2011-2015 Example Application – Customer Service Tool 23 DNS Global Cloud Policy Prod CSTDev CST
  • 24. Copyright © PLUMgrid, Inc. 2011-2015 Three-Tier Architecture Presentation tier Logic tier Data tier Database Storage GET LIST OF ALL SALES MADE LAST YEAR ADD ALL SALES TOGETHER > GET SALES TOTAL > GET SALES TOTAL 4 TOTAL SALES QUERY SALE 1 SALE 2 SALE 3 SALE 4
  • 25. Copyright © PLUMgrid, Inc. 2011-2015 PLUMgrid Policy Path 25 Group Classification (source & destination End Point classification) Packets - sMAC / .1Q - src_IP/dst_IP - Application / Ports - Protocols Meta Data - Tenant ID / App ID - VM UUID / Name - End Point Type / Group - Location / physical Server Behavior - Traffic Profile - Sys Call profile - Storage Access Profile Stateful Security Groups Security Logs & Alerts Policy based VTAP Traffic mirroring Policy based Service Insertion VNF 1 VNF 2 VNF 3 - Service Chains - Distributed Service Insertion - Local Affinity
  • 27. Q&A Please use the Q&A panel to ask questions
  • 28. Copyright © PLUMgrid, Inc. 2011-2015 THANK YOU!