using sdn to secure the campus - networkshop44
TRANSCRIPT
![Page 1: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/1.jpg)
Using SDN to secure the campusHewlett Packard EnterpriseEugene BergerHPE Aruba CTO, UK&I@Eugatwork
![Page 2: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/2.jpg)
Cloud and Datacenter Leader
Leadership in both SMB & enterprise
networkingLeading the Mobility
and Campus Enterprise
HPE and Aruba – Better Together
![Page 3: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/3.jpg)
![Page 4: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/4.jpg)
HPE SDN vision and strategy
SDN provides programmable networks that rapidly aligns to business applications
Data center, campus& branch automation
Open Standards ecosystem
Reigniteinnovation
Easily accessible marketplace
Agility Alignment
Coexist with brownfield Platform for innovation
Use case-led Automation & simplicity
![Page 5: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/5.jpg)
Journey to Software-defined Networking
HP & Stanford collaborate and demo OpenFlow
HP Ships 30 Million SDN-Enabled Ports& SDN Controller
Software-defined Networking
2007
2011
2015+Solving the problems of the New Style of IT
SDN is NowSecurity Cloud Big Data Mobility Innovation
![Page 6: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/6.jpg)
Defining Software-defined Networking
Open standard-based programmatic access to infrastructureInfrastructure
Control
Application
Separate control and data plane; abstract control plane of many devices to one
Deliver open programmable interfaces to orchestrate network service automation
SD
N A
rchi
tect
ure
Source: opennetworking.org
![Page 7: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/7.jpg)
Delivering the functions of an SDN architecture
Software-defined Network components
Infrastructure
Control
Application
Separate control and data plane; abstract control plane of many devices to one
Deliver open programmable interfaces to orchestrate network service automation
SD
N A
rchi
tect
ure
Open standard-based programmatic access to infrastructureNetwork Device Network Device Network Device
Controller
Open Programmable Interface
Cloud Orchestration
SDN Applications
Open Programmable APIs
![Page 8: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/8.jpg)
Virtual Application Networks SDN Controller
Infrastructure
SD
N A
rchi
tect
ure
Programmable network aligned to business objectives
Virtual Application Networks deliver automation, agility
Virtual Cloud
Network Protector
Load Balancing
Partner Apps
Network Optimizer
ConvergedControl Design Implementation
and Support Services
Over 30 million ports across 50 Switches10 Routers
VAN Network Resource
Automation
Inte
llige
nt
Man
agem
ent C
ente
r
VAN SDN ManagerManagement
Applications
Control
VAN Server Connect
VXLAN, NVGRE
![Page 9: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/9.jpg)
Phase 1SDN Ready
Phase 2Hybrid SDN
Phase 3Native SDN
Investment protectionOpen standardsLow risk
Application aware network Reduced complexity Non disruptive
Fully programmableHighly automated Rapid innovation
Risk-free SDN Deployment
![Page 10: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/10.jpg)
Snapshot of Where We are Today
92 Members
Optimization Security Orchestration
Select SDN Customers
21 SDN Apps
![Page 11: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/11.jpg)
Enabling real-time threat protection across enterprise networks
HPE Network Protector – Security
• Malware/Botnet/ Spyware Protection
• IPS as a Service
• Security Sensors
& Actions
TippingPoint
![Page 12: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/12.jpg)
HP Network Protector – IPS Integration
Core
Distribution
Edge
Threat Management Center(1M+ bad sites)
OpenFlow (Redirect all traffic to
IPS)
• Reputation(piratesmustdie.com) Malware• Inspect all User traffic
Bad DNS Response
IPS
SDN Controller &Network Protector
![Page 13: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/13.jpg)
South Washington County
Network Protector SDN App
• Maintain 31-site wired and wireless network serving over 30,000 users with 1 staff member
• Deploy in less than 1 hour• Fraction of the cost, $200K vs $2million of
hardware
![Page 14: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/14.jpg)
Roseville – R&D Protector
![Page 15: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/15.jpg)
Roseville – R&D Protector
![Page 16: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/16.jpg)
SDN: Knowing the context vs guessing - Clearpass
Traditional Network ‘guessing’ User/Application Directed
??
Traffic ClassificationIdentity InferenceContext InferenceTelemetry
Inferred Network Policy Inferred Action
AppUser
Traffic ClassificationTelemetry
Network Policy Coordinated Action
IdentityEvent ContextService Request
CLEARPASS
![Page 17: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/17.jpg)
SDN Customer References
SDN Customer References Brochure
![Page 18: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/18.jpg)
18
Thank you
![Page 19: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/19.jpg)
19CONFIDENTIAL © Copyright 2015. Aruba Networks, an HP company. All rights reserved.
Network Optimizer Customers
SDN Customer References Brochure
![Page 20: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/20.jpg)
HPE VMware Network Virtualization (SDN) collaboration
Network virtualization solutions can run over any IP network, but app performance/reliability and service delivery rely on underlying physical network.
VN = logical network services L2/3, L4-7 - connected to workloads
![Page 21: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/21.jpg)
Problem: Data Center Network SecurityPerimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible
Little or nolateral controls
inside perimeter
Internet Internet
Insufficient OperationallyInfeasible
+
![Page 22: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/22.jpg)
Why traditional approaches are operationally infeasible…
Internet
Hypervisor
Physical Host
VM VM
vSwitchHypervisor
Physical Host
vSwitch
VM VM
Perimeter Firewalls
• Create firewall rules before provisioning• Update Firewall rules when move or change• Delete firewall rules when app decommissioned• Problem increases with more East-West traffic
+
![Page 23: Using sdn to secure the campus - Networkshop44](https://reader036.vdocument.in/reader036/viewer/2022062522/587986111a28ab6c358b6637/html5/thumbnails/23.jpg)
VMware NSX makes micro-segmentation possible
Internet
Hypervisor
Physical Host
VM VMVM
vSwitchHypervisor
Physical Host
vSwitch
VM VMVM
Security Policy
Perimeter Firewalls
VM
CloudManagement
Platform
+