Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jason Sones VNO North America – Nuage Networks from Nokia Sherif Awad

Published byΠάνδαρος Παπάγος Modified over 4 years ago

Similar presentations

Presentation on theme: "Jason Sones VNO North America – Nuage Networks from Nokia Sherif Awad"— Presentation transcript:

1 Jason Sones VNO North America – Nuage Networks from Nokia Sherif Awad SDN Solution Architect Lead - Nuage Networks from Nokia Extending the Zero Trust Security Model for Containerized Applications to Public Clouds April 30th, 2019 VNO

2 Agenda Extending the Zero Trust Security Model for Containerized Applications to Public Clouds or Blah Blah Blah! [title is too long !!!] Overview The Journey The Dream Challenges The Solution Demo Questions

3 What is this presentation about?
Overview What is this presentation about?

4 Overview What is the Zero Trust Security Model?
Never implicitly trust any public infrastructure. Start with the assumption that every potential shared resource can be compromised. Implement policies to enable services based on minimal required access privileges. Always use micro-segmentation, authentication, authorization and encryption Between application and/or user endpoints. Constantly monitor access requests (analytics) and intrusion attempts and adjust policy to maintain the ZTM Prevent/Detect and Respond  Automate this if you can!

5 Overview The move towards unified networking and IT
Unifying Islands of connectivity though central policy and control. Impact of the move to public cloud The emergence of hosting sensitive enterprise IT applications as containers work-loads in public clouds. Challenge is applying enterprise grade security policy to public cloud applications. Simplifying service provisioning and management across branch, private and public clouds. How to ease the end-user provisioning, consumption and management of these new unified services.

6 How did we get to this point?
The Journey How did we get to this point?

7 1 2 The journey Data Center Connecting & Serving Disparate Locations
(Private Cloud) vm Connecting & Serving Disparate Locations (SD-WAN) Site A Site B Site C VPN Kubernetes 1 2 Trusted Infrastrucutre = VxLAN only Public Transport  VxLAN over IPSEC

8 The journey (continued)
SDN Policy Engine Kubernetes Branch 4 MPLS 3 App 1 Branch 3 WAN SDN Controller DC SDN Controller MPLS PE Internet Any DC underlay Branch 1 VNF 2 SDN GW WAN Data Center End-to-End Service Overlay Public Transport  VxLAN over IPSEC Trusted Infrastrucutre = VxLAN only

9 The Unified Secure Multi-Cloud

10 The Dream Why Orchestration

11 Why Orchestration? Internet Underlay SD-WAN overlay SDN / Nuage
SlimCPE Internet Underlay SD-WAN overlay Nuage VNS VxLAN SDN / Nuage NSG-BR Local Cloud Nuage VCS OpenStack Telco Cloud Firewall n Enterprises m Branch types q versions p VNF types r configurations a underlays b datacenter stacks c VPC environments ThickCPE NAT Anti-DDoS Access Control WAN optimization Load-balancing Mail-scanner Other VAS 3rd party Cloud AWS Azure GCP ThinCPE GRE IP/MPLS Underlay Legacy Legacy IP/MPLS VPN SR/vSR NSP

12 Single-click deployment
Why Orchestration? Service Updates Maintainable Service Single-click deployment Hypervisor Hypervisor Hypervisor Hypervisor Public Cloud Hypervisor Hypervisor

13 Identifying the obstacles that are standing in our way.
Challenges Identifying the obstacles that are standing in our way.

14 Challenges What is missing to be able to realize the dream …
How to ensure only authorized hosts can run containers workloads? How to secure traffic between containers on different hosts? How to provide end-to-end service provisioning, security, monitoring and visibility from branch to private DC to public cloud? Can I rely on public cloud for data that I am responsible to keep secure?

15 Putting it all together
The Solution Putting it all together

16 End-to-End Service Overlay
The Solution Orchestration SDN Policy Engine Kubernetes WAN SDN Controller Bootstrap Proxy Branch 4 MPLS 3 App 1 Branch 3 DC SDN Controller MPLS PE Internet Public Cloud Network Branch 1 App-22 Public Cloud GW WAN Public Cloud Network End-to-End Service Overlay ZTM  VxLAN over IPSEC

17 We actually got it to work!!! … mostly …
Demo We actually got it to work!!! … mostly …

18 Lab Topology VSD VNO OpenShift Cluster Branch User Master Node01
Nuage SDN Cluster DATA/CP MGMT VSD WAN Cloud Master Node01 Node02 OpenShift Cluster DNS-NTP Kubernetes Branch SSL Proxy VNO

19 Demo And so it begins

20 Questions Don’t be shy! Contact Info

Download ppt "Jason Sones VNO North America – Nuage Networks from Nokia Sherif Awad"

Similar presentations

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.

Module 1: Demystifying Software Defined Networking Module 2: Realizing SDN - Microsoft’s Software Defined Networking Solutions with Windows Server 2012.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.

SharePoint Farm On Azure IAAS Prepared By : Prakhar Rastogi Premier Field engineer Microsoft India.
Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF.

Using LISP for Secure Hybrid Cloud Extension draft-freitasbellagamba-lisp-hybrid-cloud-use-case-00 Santiago Freitas Patrice Bellagamba Yves Hertoghs IETF.
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.

© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
Microsoft Integration to Automate Deployment DMVMUG Reston, VA

Microsoft Integration to Automate Deployment DMVMUG Reston, VA
Lucy Yong Susan Hares September 20, 2012 Boston

Lucy Yong Susan Hares September 20, 2012 Boston
Cisco Live 2014 4/23/2017 Enabling a Hybrid Cloud Extension between Enterprises and AWS with Cisco CSR 1000V and LISP http://cisco.com/go/cloudrouter.

Cisco Live /23/2017 Enabling a Hybrid Cloud Extension between Enterprises and AWS with Cisco CSR 1000V and LISP
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.

Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
Network Architectures and the Advent of Hybrid Cloud Jan 2015

Network Architectures and the Advent of Hybrid Cloud Jan 2015
Introduction to Avaya’s SDN Architecture February 2015.

Introduction to Avaya’s SDN Architecture February 2015.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.

Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
1 ALCATEL-LUCENT — PROPRIETARY AND CONFIDENTIAL — RESTRICTED — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW. COPYRIGHT © 2015 ALCATEL-LUCENT. ALL.

1 ALCATEL-LUCENT — PROPRIETARY AND CONFIDENTIAL — RESTRICTED — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW. COPYRIGHT © 2015 ALCATEL-LUCENT. ALL.
WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.

WINDOWS AZURE AND THE HYBRID CLOUD. Hybrid Concepts and Cloud Services.
IP/MPLS VPN Protocol GAP Analysis For NVO3 draft-hy-nvo3-vpn-protocol-gap-analysis-02 Lucy Yong Susan Hares March 2013 Orlando FL.

IP/MPLS VPN Protocol GAP Analysis For NVO3 draft-hy-nvo3-vpn-protocol-gap-analysis-02 Lucy Yong Susan Hares March 2013 Orlando FL.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.
SDN & NFV Driving Additional Value into Managed Services.

SDN & NFV Driving Additional Value into Managed Services.
Check Point vSEC STORY [Protected] Non-confidential content.

Check Point vSEC STORY [Protected] Non-confidential content.

Similar presentations

Ads by Google