friday 24 th april

Friday 24 th April Keynote Presentation by Guido Appenzeller, Chief - PowerPoint PPT Presentation

Jan 26, 2024 •46 likes •486 views

Friday 24 th April Keynote Presentation by Guido Appenzeller, Chief Technology Strategy Officer for Networking and Security The Next Horizon for Cloud Networking and Security The Next Horizon for Cloud Networking and Security Guido

  1. Friday 24 th April Keynote Presentation by Guido Appenzeller, Chief Technology Strategy Officer for Networking and Security ‘The Next Horizon for Cloud Networking and Security ’

  2. The Next Horizon for Cloud Networking and Security Guido Appenzeller Chief Technology & Strategy Officer Networking & Security VMware

  3. Networking is a Software Industry

  4. Evolution of Compute vs Evolution of Networking Orchestration & Software Management Software Software Software OS OS OS OS OS OS Operating Compute Compute System Virtualization Virtualization Software System System System System CPU CPU CPU CPU Compute Mainframe / Workstation Client Server Cloud Software Software Software Software System System System System Chip Chip Chip Chip Networking 4

  5. Revolution in Networking • Stanford Photo with quote around innovation, fossilization CONFIDENTIAL 5

  6. Revolution in Networking 6

  7. Evolution of Software Defined Networking Network Virtualization has Research Products & Architecture become mainstream. • • OpenFlow Overlay Networks • Operational Readiness • • Mostly in Academia Centralized Control Planes • Easy Deployment • • Experimental Service Providers & Enterprise • Operational Tools 2008 2010 2012 2014 2015 2016 Architectural Battles 7

  8. NSX 2014 Customer & Business Momentum 400 + 70 80 % of Top Banks NSX Customers Production Deployments Adopting NSX (adding 25-50 per QTR) 8

  9. Software Defined Network is the big moment to create the unified way of operating and teaming Operations Audit Network Security Servers Storage

  10. Software Defined Network is the big moment to create the unified way of operating and teaming Cloud Business

  11. The golden era of network administration is now. DevOps Mentality + Rich APIs + Scripting Network Automation Nirvana

  12. State of Network Virtualization and SDN Virtual infrastructure 3 rd Generation Apps and Cloud

  13. Two Tier Infrastructure Model VM or server workloads and network are separate security domains Physical Servers Physical Network Infrastructure Internet

  14. Two Tier Infrastructure Model VM or server workloads and network are separate security domains Virtual Machines Physical Network Infrastructure Internet

  15. Two Tier Infrastructure Model VM or server workloads and network are separate security domains Virtual Machines Virtual Infrastructure Physical Network Infrastructure Internet

  16. Virtual Infrastructure Virtualizing the Network and Security Virtual Machines Switches (L2) Virtual Infrastructure Routers (L3) Load Balancer Firewall (Security) Physical Network Infrastructure Internet

  17. Virtual Infrastructure What else can we do with virtual infrastructure? • End point security Virtual Machines • Monitoring/Loggin g • Key storage • PII/PCI data storage Virtual Infrastructure Physical Network Infrastructure • App Delivery • VPN • IDS/IPS • DLP Internet

  18. Why virtual infrastructure? Security Automation Application Continuity 18

  19. Perimeter-focused security Unconstrained Communication Little or no lateral controls inside perimeter Sophisticated attackers bypass perimeter defenses. The initial system that is compromised, is often of lowvalue. Because of a lack of internal controls, attackers can move around the data center freely and over time infect systems with sensitive data. Internet 10110100110 Attackers gather and 101001010000010 exfiltrate data over weeks or 1001110010100 even months. Data Center Perimeter 19

  20. Micro-Segmentation Why can’t we have individual firewalls for every VM? With traditional technology, this is operationally infeasible. Physical firewalls Cost prohibitive with complex configurations Internet Virtual firewalls Slower performance, costly and complicated Data Center Perimeter 20

  21. Secure Micro-Segmentation in the Data Center Security Policy Cloud Management Platform Internet Perimeter Firewalls 2 1

  22. Security: Protected Domain The hypervisor can bridge the context / isolation gap Virtual Machine VM VM Endpoint Application Trusted Module Virtualization Protected Domain Trusted Secure Provision Network Module Data Keys Hypervisor Verify Signature Secure Audit 22

  23. Microsegments as a Policy Primitive Policy & Security Load Balancer Allow TCP Port 443 Web Tier Deny All … Provision: SSL Certificate Hypervisor based IDS Firewall App Servers Allow TCP Port 80 Network Encryption to DB Hypervisor based IDS Firewall Allow TCP Port 3306 Database Allow PCI Data to be stored on this server Hypervisor based IDS

  24. Why virtual infrastructure? Security Automation Application Continuity 24

  25. Automation Application Workloads Virtual Infrastructure Physical Network Infrastructure Internet 25

  26. Platform Services Enable Robust Ecosystem We expect the vast majority of this functionality to come from partners Applications and End Hosts Virtual Infrastructure Physical Network Infrastructure Internet 26

  27. Self Service IT: Driving IT Agility Automation by IT Automation by IT Automation by IT for IT for End user for External Use Cloud Consumer Provider - Faster project on boarding - Community Cloud - Developer Cloud - Elastic Services - Services Cloud - Streamline Security Enforcement - IAAS - Mergers & Acquisition 27 27

  28. Why virtual infrastructure? Security Automation Application Continuity 28

  29. Hardware Refresh Viertual infrastructure decouples applications from hardware Virtual Machines Virtual Infrastructure Isolation Physical Network Infrastructure Internet

  30. Desaster Recovery Network configuration becomes easily replicable once it is software defined Application Workloads Application Workloads Virtual Infrastructure Virtual Infrastructure Physical Network Infrastructure Physical Network Infrastructure Internet Internet Original Site Backup Site 30

  31. State of Network Virtualization and SDN Virtual infrastructure 3 rd Generation Apps and Cloud

  32. 3rd Platform Apps How are these apps different? • Built-in scale-out • Built-in redundancy • Often stateless with state stored in a service • Build on higher level abstractions • • File system Storage Services What does this mean for • • L2+L3 Networking L3 Networking Only networking and security infrastructure? • • ADC Appliance Load Balancing Service 32

  33. Containers Containers emerging as the application management layer of choice Application Containers VM Applications Application Containers Host Host Containers Applications Applications Applications App App App App App App App App App App App App Framework Framework Framework OS OS OS App Framework OS Hypervisor

  34. Container Networking Enterprise Model Today VM VM Containers run inside of VMs • One VM per server per security domain Container Container Container Container Container Container Container Container • Containers often behind NAT • No container level networking Hypervisor Does this make sense? vSwitch It actually does… 34

  35. Container Networking In the future, container level visibility VM VM Two levels of vSwitch Container Container Container Container Container Container Container Container • First layer vSwitch inside the container VM • Second layer vSwitch inside the Hypervisor vSwitch vSwitch • Container level networking Hypervisor vSwitch 35

  36. Containers – do we still need a Hypervisor? Without a hypervisor, attackers can spread Without Hypervisor: • Attacker compromises Server Server Server container • Privilege escalation Container Container Container Container Container Container Container Container Container Container Container Container to get root access on container host • Now has direct access to the physical network vSwitch vSwitch vSwitch • Can compromise other physical hosts Physical Network Infrastructure Internet 36

  37. Containers – do we still need a Hypervisor? Hypervisor provides a security control point With Hypervisor: Attacker can’t escalate Guest Guest Guest • from container to vSwitch Container Container Container Container Container Container Container Container Container Container Container Container • Does not gain physical network access • Ability to spread is limited Hypervisor Hypervisor Hypervisor vSwitch vSwitch vSwitch Physical Network Infrastructure Internet 37 37

  38. Three Tier Model Containers still need virtual infrastructure Applications and End Hosts Container Container Container Container Container Container Container Container Container Container Container Container Virtual Infrastructure Physical Network Infrastructure Internet 38

  39. Power of cloud: workload mobility

  40. Lock-in through services Load Load Load Storage Balancin Firewall Storage Balancin Firewall Storage Balancin Firewall Service g Service Service g Service Service g Service Service Service Service

  41. Cloud: Just new Silos? Load Load Load Storage Balancin Firewall Storage Balancin Firewall Storage Balancin Firewall Service Service Service Service Service Service g g g Service Service Service

Recommend

Amazing Android How We Built Square Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14,

Amazing Android How We Built Square Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14,

Amazing Android How We Built Square Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14, 2010 Friday, May 14, 2010 Friday, May

817 views • 33 slides
anton@linevich.com http://viewdle.com Friday, July 3, 2009 Friday, July 3, 2009 Friday, July 3,

anton@linevich.com http://viewdle.com Friday, July 3, 2009 Friday, July 3, 2009 Friday, July 3,

anton@linevich.com http://viewdle.com Friday, July 3, 2009 Friday, July 3, 2009 Friday, July 3, 2009 Beams Friday, July 3, 2009 Axel and connectors Friday, July 3, 2009 Gears Friday, July 3, 2009 Friday, July 3, 2009 Electronics

538 views • 21 slides
Friday, 9 May 14 Welcome to your New Project Friday, 9 May 14 Friday, 9 May 14 Friday, 9 May

Friday, 9 May 14 Welcome to your New Project Friday, 9 May 14 Friday, 9 May 14 Friday, 9 May

Friday, 9 May 14 Welcome to your New Project Friday, 9 May 14 Friday, 9 May 14 Friday, 9 May 14 Things are starting to smell Friday, 9 May 14 Code Smells Symptoms in the source code that indicate there may be trouble ahead: Bugs Reduced

816 views • 53 slides
Beautiful Android by Eric Burke Square Inc. Friday, October 7, 2011 Android Developers?

Beautiful Android by Eric Burke Square Inc. Friday, October 7, 2011 Android Developers?

Beautiful Android by Eric Burke Square Inc. Friday, October 7, 2011 Android Developers? Friday, October 7, 2011 Friday, October 7, 2011 Friday, October 7, 2011 Friday, October 7, 2011 Friday, October 7, 2011 Friday, October 7, 2011 Time

1.59k views • 99 slides
Sacred Rhy t ms Friday, January 10, 14 Simeon the Stylite Friday, January 10, 14 Friday,

Sacred Rhy t ms Friday, January 10, 14 Simeon the Stylite Friday, January 10, 14 Friday,

Sacred Rhy t ms Friday, January 10, 14 Simeon the Stylite Friday, January 10, 14 Friday, January 10, 14 Solitude is a state of mind an outer discipline Friday, January 10, 14 5 I am the vine; you are the branches. If you remain in me and

255 views • 22 slides
Lecture 27 Logistics HW8 due Friday Ants problem due Friday Ants problem due Friday

Lecture 27 Logistics HW8 due Friday Ants problem due Friday Ants problem due Friday

Lecture 27 Logistics HW8 due Friday Ants problem due Friday Ants problem due Friday Lab kit must be returned to Tony by Friday Review Sunday 12/7 3pm, Location TBD Last lecture State encoding One-hot encoding

390 views • 12 slides
Outernauts: From AAA Console to AAA Flash Joe Valenzuela Insomniac Games Friday, April 19, 13

Outernauts: From AAA Console to AAA Flash Joe Valenzuela Insomniac Games Friday, April 19, 13

Outernauts: From AAA Console to AAA Flash Joe Valenzuela Insomniac Games Friday, April 19, 13 Outernauts: From AAA Console to AAA Flash Joe Valenzuela Insomniac Games Friday, April 19, 13 Insomniac Games Friday, April 19, 13 Friday,

865 views • 70 slides
Resilient Response in Complex Systems John Allspaw SVP, Tech Ops Friday, March 9, 12

Resilient Response in Complex Systems John Allspaw SVP, Tech Ops Friday, March 9, 12

Resilient Response in Complex Systems John Allspaw SVP, Tech Ops Friday, March 9, 12 OPERABILITY Friday, March 9, 12 PRODUCTION Friday, March 9, 12 http://whoownsmyavailability.com Friday, March 9, 12 Friday, March 9, 12 How important

956 views • 92 slides
WTS 2017 Paper Presentation Sessions Friday, April 28, 2017 Friday, April 28 Holiday Inn Chicago

WTS 2017 Paper Presentation Sessions Friday, April 28, 2017 Friday, April 28 Holiday Inn Chicago

WTS 2017 Paper Presentation Sessions Friday, April 28, 2017 Friday, April 28 Holiday Inn Chicago Mart Plaza International Journal of Interdisciplinary Telecommunications & Networking Papers and Invited Presentations I-A Security, Forensics

396 views • 6 slides
WTS 2018 Paper Presentation Sessions Friday, April 20, 2018 Friday, April 20 Ocotillo Golf Club

WTS 2018 Paper Presentation Sessions Friday, April 20, 2018 Friday, April 20 Ocotillo Golf Club

WTS 2018 Paper Presentation Sessions Friday, April 20, 2018 Friday, April 20 Ocotillo Golf Club International Journal of Interdisciplinary Telecommunications & Networking Papers and Invited Presentations I-A Wireless Security & Smart

174 views • 4 slides
WTS 2015 Papers Presented Friday, April 17, 2015 Friday, April 17 Holiday Inn Midtown 57 th Street

WTS 2015 Papers Presented Friday, April 17, 2015 Friday, April 17 Holiday Inn Midtown 57 th Street

WTS 2015 Papers Presented Friday, April 17, 2015 Friday, April 17 Holiday Inn Midtown 57 th Street Paper Presentation Session (I - A) Wireless Modeling, Algorithms and Simulations I Chair: Jan Holub. Czech Technical University Symbol Request

77 views • 7 slides
PRE-COMPETITION 1 April 2011, Friday BRIEFING Friday, 1 April 2011 Programme Welcome! -

PRE-COMPETITION 1 April 2011, Friday BRIEFING Friday, 1 April 2011 Programme Welcome! -

PRE-COMPETITION BRIEFING PRE-COMPETITION 1 April 2011, Friday BRIEFING Friday, 1 April 2011 Programme Welcome! - City Developments Limited (CDL) Competition Brief - Singapore Motor Sports Association (SMSA) Introduction to

574 views • 22 slides
Building a Modern MUD with your host, termie Friday, July 20, 12 Me. Friday, July 20, 12 Me.

Building a Modern MUD with your host, termie Friday, July 20, 12 Me. Friday, July 20, 12 Me.

Building a Modern MUD with your host, termie Friday, July 20, 12 Me. Friday, July 20, 12 Me. Friday, July 20, 12 working on games always seemed like a dream job, probably isnt i really loved playing muds so much, i wanted to make one

962 views • 80 slides
Designing Continuous Delivery Into Your Platform John Simone - Heroku @j_simone Friday,

Designing Continuous Delivery Into Your Platform John Simone - Heroku @j_simone Friday,

Designing Continuous Delivery Into Your Platform John Simone - Heroku @j_simone Friday, November 1, 13 Continuous Delivery Who haz it? Friday, November 1, 13 The Easy Bits Friday, November 1, 13 The Easy Bits Version your code Friday,

608 views • 48 slides
Scaling Marty Weiner Yashh Nelapati Orodruin, Mordor The Shire Friday, November 9, 12

Scaling Marty Weiner Yashh Nelapati Orodruin, Mordor The Shire Friday, November 9, 12

Scaling Marty Weiner Yashh Nelapati Orodruin, Mordor The Shire Friday, November 9, 12 Pinterest is . . . An online pinboard to organize and share what inspires you. Scaling Pinterest Friday, November 9, 12 Friday, November 9, 12 Friday,

1.08k views • 55 slides
Lecture 11: Security January 25, 2020 Chris Stone Lab 3 (Bomb) Due 1:15pm Friday Lab 4 (Attack)

Lecture 11: Security January 25, 2020 Chris Stone Lab 3 (Bomb) Due 1:15pm Friday Lab 4 (Attack)

Lecture 11: Security January 25, 2020 Chris Stone Lab 3 (Bomb) Due 1:15pm Friday Lab 4 (Attack) Starts 1:15pm Friday Take-Home Midterm available by 5pm Friday Afternoon (75-minute exam due 5pm the following Friday) Recommended textbook

576 views • 33 slides
The Lattice Organization W. L. Gore & Associates, Inc. Bill Gore Co-founder of W. L. Gore

The Lattice Organization W. L. Gore & Associates, Inc. Bill Gore Co-founder of W. L. Gore

The Lattice Organization W. L. Gore & Associates, Inc. Bill Gore Co-founder of W. L. Gore & Associates, Inc., with his wife, Vieve Creator of the lattice organization A lattice organization is one that involves direct

1.74k views • 16 slides
A LA F RANCAISE Louis COLLARDEAU Regulation 1 T HE NEW MICROLIGHT F RENCH REGULATION

A LA F RANCAISE Louis COLLARDEAU Regulation 1 T HE NEW MICROLIGHT F RENCH REGULATION

T HE NEW MICROLIGHT F RENCH REGULATION A LA F RANCAISE Louis COLLARDEAU Regulation 1 T HE NEW MICROLIGHT F RENCH REGULATION A LA F RANCAISE Three major modifications of the regulation 2019 >> second major evolution

405 views • 17 slides
IRAN after S anctions 2016 April - 14 The country of Iran, at a Glance Industry,

IRAN after S anctions 2016 April - 14 The country of Iran, at a Glance Industry,

IRAN after S anctions 2016 April - 14 The country of Iran, at a Glance Industry, Resources GDP HR Iranian Calendar Opportunities and challenges Iran's financial system Banks Currency exchange International

624 views • 29 slides
Points from Durban Meeting 1. DEA PROPOSALS FROM DURBAN, AND FOSAF/TROUT-SA RESPONSES Proposals

Points from Durban Meeting 1. DEA PROPOSALS FROM DURBAN, AND FOSAF/TROUT-SA RESPONSES Proposals

Points from Durban Meeting 1. DEA PROPOSALS FROM DURBAN, AND FOSAF/TROUT-SA RESPONSES Proposals from DEA following the two Responses from FOSAF and Trout-SA meetings held in Durban 1 Brown trout and rainbow trout ("trout") will be

450 views • 31 slides
In Pari Delicto Doctrine in Bankruptcy In Pari Delicto Doctrine in Bankruptcy Litigation:

In Pari Delicto Doctrine in Bankruptcy In Pari Delicto Doctrine in Bankruptcy Litigation:

Presenting a live 90 minute webinar with interactive Q&A In Pari Delicto Doctrine in Bankruptcy In Pari Delicto Doctrine in Bankruptcy Litigation: Anticipating or Raising the Defense Strategies for Trustee and Creditors' Committee Lawsuits

748 views • 21 slides
Welcome to ProSpecieRara Bla Bartha, director ProSpecieRara ProSpecieRara Portfolio of

Welcome to ProSpecieRara Bla Bartha, director ProSpecieRara ProSpecieRara Portfolio of

Welcome to ProSpecieRara Bla Bartha, director ProSpecieRara ProSpecieRara Portfolio of ProSpecieRara Field crops, veg. and Fruits, berries and vine Rare Breeds ornamental plants 121 Orchards 17 Animal farms and With 1800 varieties

501 views • 34 slides
State of the ZEV Market in Massachusetts Massachusetts ZEV Commission Meeting July 28, 2016 What

State of the ZEV Market in Massachusetts Massachusetts ZEV Commission Meeting July 28, 2016 What

State of the ZEV Market in Massachusetts Massachusetts ZEV Commission Meeting July 28, 2016 What We Do Energy Programs Public Sector Services Workforce Training Outline Electric Vehicle Sales Growth of Market Vehicle Models

459 views • 25 slides
Modern view of the nearest vicinity of UXORs based on modeling their emission spectra L.V.

Modern view of the nearest vicinity of UXORs based on modeling their emission spectra L.V.

Modern view of the nearest vicinity of UXORs based on modeling their emission spectra L.V. Tambovtseva and V.P. Grinin Pulkovo Astronomical observatory, Saint-Petersburg, RUSSIA Specific features of modeling emission spectra in UXORs

349 views • 21 slides

More recommend