Aplicaciones de la derivada Maximizar volumen (Maximize volume)
Cloud Security Solution - DAWNING TECH · Servers/Com pute Storage Network “Virtualization and...
Transcript of Cloud Security Solution - DAWNING TECH · Servers/Com pute Storage Network “Virtualization and...
Cloud Security Solution
游源濱游源濱游源濱游源濱 Vince Yu 技術總監技術總監技術總監技術總監 Juniper NetworksOct 2011
2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER 專注於兩個主要市場趨勢專注於兩個主要市場趨勢專注於兩個主要市場趨勢專注於兩個主要市場趨勢
智慧型手機已超越個人電腦—行動體驗也取代桌上系統的體驗模式
2009 2010
120Million
60
90
30智慧型手機個人電腦
40%2013
雲端運算預估支出佔 IT 總支出的百分比
201570%
雲端運算雲端運算 行動網際網路行動網際網路
資料來源:Gartner總金額總金額總金額總金額::::$2.78 兆美元兆美元兆美元兆美元
資料來源:Gartner
3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
我們才剛開始利用這兩個相關連趨勢的潛在力量我們才剛開始利用這兩個相關連趨勢的潛在力量我們才剛開始利用這兩個相關連趨勢的潛在力量我們才剛開始利用這兩個相關連趨勢的潛在力量
大幅降低 IT 的成本結構
巨幅提升 IT 的速度和規模
可從任何地點存取應用程式和服務
例如例如例如例如::::
行動網際網路行動網際網路
雲端運算雲端運算 難以想像的龐大商機難以想像的龐大商機
iPhone iPad + iCloud
4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮 --雲端安全雲端安全雲端安全雲端安全
5 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮 --雲端安全雲端安全雲端安全雲端安全
6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
On-Premise
Apps
On-Premise
Apps
Dedicated Servers
Dedicated Servers
Dedicated Storage
Dedicated Storage
Layers of ComplexityLayers of
Complexity
服務雲端化的最大障礙服務雲端化的最大障礙服務雲端化的最大障礙服務雲端化的最大障礙–網路虛擬化網路虛擬化網路虛擬化網路虛擬化
Software-as-a-serviceSoftware-as-a-service
Virtualized workloadsVirtualized workloads
Virtualized storageVirtualized storage
ApplicationsApplications
Servers/Compute
Servers/Compute
StorageStorage
NetworkNetwork
“Virtualization and distributed applications are transforming every part of the data center. To maximize the potential of virtualization, the network must also transform.”
— Zeus Kerravala
SVP & Distinguished Research Fellow
Yankee GroupNetworkNetwork
RIG
ID, L
EG
AC
Y M
OD
EL
OF
I.T
.R
IGID
, LE
GA
CY
MO
DE
L O
F I.
T.
FLE
XIB
LE, V
IRT
UA
LIZE
D M
OD
EL
FLE
XIB
LE, V
IRT
UA
LIZE
D M
OD
EL
FromFrom ToTo
7 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Physical Server is no longer the interesting entity
Virtual Network has become a new network layer
Isolating within physical network doesn’t address vNe twork
Inter-VM communication is a “blind spot” for physical tools
VMwareVirtual Switch
SERVERS
SERVER VIRTUAL MACHINES
Physical Network
Physical Network
服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮 –安全虛擬化安全虛擬化安全虛擬化安全虛擬化
8 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
CLOUD END TO END SECURITY
Data CentersData CentersClientsClients Global HighGlobal High --Performance NetworkPerformance Network
Server to Server
Client to DCClient to DC
9 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER CLOUD SECURITY STRATEGY
NetworkNetwork
Comprehensive cloud security solutionComprehensive cloud security solution
DeviceDevice ApplicationApplication
vGWSecure Cloud Virtualization
11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
THE VGW HYPERVISOR-BASED APPROACH
Enterprise-grade� VMware “VMsafe Certified”
� Protects each VM and the hypervisor
� Fault-tolerant architecture (i.e. HA)
Virtualization Aware� “Secure VMotion” scales to
1,000+ ESX
� “Auto Secure” detects/protects new VMs
Granular, Tiered Defense� Stateful firewall and integrated IDS
� Flexible Policy Enforcement – Zone, VM group, VM, Application, Port, Protocol, Security state
THE vGW ENGINE
Virtual Center VM
VM1 VM2 VM3
Partner Server(IDS, SIM,
Syslog, Netflow)
Packet Data
VMWARE DVFILTER
VMWARE VSWITCH OR CISCO 1000V
HYPERVISOR
ES
X K
ernel
ES
X H
ost
Security Design
for VGW
SRXSecure Cloud Application
13 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Application Security
Attack traffic
Legitimate traffic
Botnets targeting services for disruption
Mixture of legitimate and attack traffic
INTERNET
Server Connection Monitoring
Protocol Analysis
Bot / Client Classification
Cloud Provider / Data Center
SRX Series
EX / MXCloud Infrastructure Virtualization
15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
以以以以VPLS虛擬化延伸跨虛擬化延伸跨虛擬化延伸跨虛擬化延伸跨CLOUD 的的的的 V-MOTION
Secure Remote Access
17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Junos Pulse GatewayJunos Pulse Client
MOBILITY SSLVPN
Corporate Applications(of any type)
Dedicated or Virtual Appliance Deployment
Datacenter
18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
SP owned Services ComplexInternet
Corporate
VPN
Protected
SecureRemoteAccess
Enterprise owned Private
cloud
VPLS extend vMotion
End to End security – Securing virtualization, Network, applications, devices and manage it at scale
SECURE CLOUD EVERYWHERE
Device ApplicationNetwork
SRX
SRX
AppSecureAppSecure
STRM
STRM
Junos Space OrchestratedOSS / BSS Ecosystem
AltorVM
AltorVM
vGW VMsafe FW
AltorVM
AltorVM
vGW VMsafe FW
SA SSL VPN
SA SSL VPN
MX
MX
AppSecureAppSecure