Cloud Security Solution

游源濱游源濱游源濱游源濱 Vince Yu 技術總監技術總監技術總監技術總監 Juniper NetworksOct 2011

2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

JUNIPER 專注於兩個主要市場趨勢專注於兩個主要市場趨勢專注於兩個主要市場趨勢專注於兩個主要市場趨勢

智慧型手機已超越個人電腦—行動體驗也取代桌上系統的體驗模式

2009 2010

120Million

60

90

30智慧型手機個人電腦

40%2013

雲端運算預估支出佔 IT 總支出的百分比

201570%

雲端運算雲端運算 行動網際網路行動網際網路

資料來源：Gartner總金額總金額總金額總金額：：：：$2.78 兆美元兆美元兆美元兆美元

資料來源：Gartner

3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

我們才剛開始利用這兩個相關連趨勢的潛在力量我們才剛開始利用這兩個相關連趨勢的潛在力量我們才剛開始利用這兩個相關連趨勢的潛在力量我們才剛開始利用這兩個相關連趨勢的潛在力量

大幅降低 IT 的成本結構

巨幅提升 IT 的速度和規模

可從任何地點存取應用程式和服務

例如例如例如例如：：：：

行動網際網路行動網際網路

雲端運算雲端運算 難以想像的龐大商機難以想像的龐大商機

iPhone iPad + iCloud

4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮 --雲端安全雲端安全雲端安全雲端安全

5 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮 --雲端安全雲端安全雲端安全雲端安全

6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

On-Premise

Apps

On-Premise

Apps

Dedicated Servers

Dedicated Servers

Dedicated Storage

Dedicated Storage

Layers of ComplexityLayers of

Complexity

服務雲端化的最大障礙服務雲端化的最大障礙服務雲端化的最大障礙服務雲端化的最大障礙–網路虛擬化網路虛擬化網路虛擬化網路虛擬化

Software-as-a-serviceSoftware-as-a-service

Virtualized workloadsVirtualized workloads

Virtualized storageVirtualized storage

ApplicationsApplications

Servers/Compute

Servers/Compute

StorageStorage

NetworkNetwork

“Virtualization and distributed applications are transforming every part of the data center. To maximize the potential of virtualization, the network must also transform.”

— Zeus Kerravala

SVP & Distinguished Research Fellow

Yankee GroupNetworkNetwork

RIG

ID, L

EG

AC

Y M

OD

EL

OF

I.T

.R

IGID

, LE

GA

CY

MO

DE

L O

F I.

T.

FLE

XIB

LE, V

IRT

UA

LIZE

D M

OD

EL

FLE

XIB

LE, V

IRT

UA

LIZE

D M

OD

EL

FromFrom ToTo

7 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

Physical Server is no longer the interesting entity

Virtual Network has become a new network layer

Isolating within physical network doesn’t address vNe twork

Inter-VM communication is a “blind spot” for physical tools

VMwareVirtual Switch

SERVERS

SERVER VIRTUAL MACHINES

Physical Network

Physical Network

服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮服務雲端化的最大疑慮 –安全虛擬化安全虛擬化安全虛擬化安全虛擬化

8 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

CLOUD END TO END SECURITY

Data CentersData CentersClientsClients Global HighGlobal High --Performance NetworkPerformance Network

Server to Server

Client to DCClient to DC

9 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

JUNIPER CLOUD SECURITY STRATEGY

NetworkNetwork

Comprehensive cloud security solutionComprehensive cloud security solution

DeviceDevice ApplicationApplication

vGWSecure Cloud Virtualization

11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

THE VGW HYPERVISOR-BASED APPROACH

Enterprise-grade� VMware “VMsafe Certified”

� Protects each VM and the hypervisor

� Fault-tolerant architecture (i.e. HA)

Virtualization Aware� “Secure VMotion” scales to

1,000+ ESX

� “Auto Secure” detects/protects new VMs

Granular, Tiered Defense� Stateful firewall and integrated IDS

� Flexible Policy Enforcement – Zone, VM group, VM, Application, Port, Protocol, Security state

THE vGW ENGINE

Virtual Center VM

VM1 VM2 VM3

Partner Server(IDS, SIM,

Syslog, Netflow)

Packet Data

VMWARE DVFILTER

VMWARE VSWITCH OR CISCO 1000V

HYPERVISOR

ES

X K

ernel

ES

X H

ost

Security Design

for VGW

SRXSecure Cloud Application

13 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

Application Security

Attack traffic

Legitimate traffic

Botnets targeting services for disruption

Mixture of legitimate and attack traffic

INTERNET

Server Connection Monitoring

Protocol Analysis

Bot / Client Classification

Cloud Provider / Data Center

SRX Series

EX / MXCloud Infrastructure Virtualization

15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

以以以以VPLS虛擬化延伸跨虛擬化延伸跨虛擬化延伸跨虛擬化延伸跨CLOUD 的的的的 V-MOTION

Secure Remote Access

17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

Junos Pulse GatewayJunos Pulse Client

MOBILITY SSLVPN

Corporate Applications(of any type)

Dedicated or Virtual Appliance Deployment

Datacenter

18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net

SP owned Services ComplexInternet

Corporate

VPN

Protected

SecureRemoteAccess

Enterprise owned Private

cloud

VPLS extend vMotion

End to End security – Securing virtualization, Network, applications, devices and manage it at scale

SECURE CLOUD EVERYWHERE

Device ApplicationNetwork

SRX

SRX

AppSecureAppSecure

STRM

STRM

Junos Space OrchestratedOSS / BSS Ecosystem

AltorVM

AltorVM

vGW VMsafe FW

AltorVM

AltorVM

vGW VMsafe FW

SA SSL VPN

SA SSL VPN

MX

MX

AppSecureAppSecure