Upload
pluribusnetworks
View
78
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Learn how SDN powered analytics can help with network security.
Citation preview
FileNewTemplate
SDN and Advanced Network AnalyticsDave Ginsburg, CMOThe Network Hypervisor
CIO Top of Mind / Priorities: Security and Visibility
Bare Metal
Push security all the way into the data centerActive / self-defending and distributedMulti-layer - secure the exterior and the interiorMonitoring and visibility into overlay and underlayCommon toolsEliminate duplicate architecture for tapsApply services to 100%, not 20%
Protect your companys reputation - eliminate data lossMore capability for NetOps without retrainingSecurity identified as area of greatest new funding in 2015
Fabric Applications
Pluribus Core Technology: Netvisor Network OS for merchant silicon platforms
Runs on white box, brite box and wedge style platforms
L2 or IP/BGP Fabric
Fabric ApplicationsBringing Hyper-Convergence To The NetworkSimplify InfrastructureReduce time to deployRun any application @ scale
ComputeStorage
Compute & Storage
Simplify InfrastructureReduce time to deployRun network virtual services w/ HW off-load (reduce appliance sprawl)StorageCompute
Network FabricNetwork
Network As A True Extension of Compute
Traditional Switch
SDN Server-Switch ODM/OCP white box
SwitchChipNetvisor
SDN Hyper-Converged SwitchNetvisor Leaf-Spine POD Architectures
IP
L2Up to 28 racks w/ E28Q-L
Up to 28 racks w/ E28Q-L
L2 + Fabric Cluster++ Single pt of mgmt++ Broadcast-free fabric ++ Fabric-wide visibility (ports, VMs)++ Single pt of mgmt ++ Fabric-wide visibility (ports, VMs)
IP + Fabric Cluster
Bare Metal
North-South Traditional Security PerimeterAs low as ~20% of the trafficSecure VMsLimited/no security for mare metal computeNetwork Fabric: Limited/No security for East-West trafficAs high as ~80% of trafficFabric value in monitoring and visibilitybut a separate monitoring fabric is requiredSecurity As A Layered Architecture: Current
Bare Metal
E-W/N-S visibility of services/apps Forensic analysis, auditing, security (flow filtering w/ packet capture)Capacity planning (network utilization, traffic patterns, hot-spots)Optional addition of virtual firewalls within fabric for east-west and in-rack securityEliminate taps and separate visibility fabric!Security As A Layered Architecture: Integrated Client-Server Connection Flow Analytics Client-server conversations, Top talkers, Top listeners, SYN-flood attack monitoring
Application-aware Flow Analytics Fabric BW by applications, application latency
Server VM/Overlay visibility VM traffic connection analysis/mobility
Forensic Data RecorderForensic analysis, compliance, capacity planning, troubleshooting
Fabric Sniffer Full flow packet capture with filtering. Store flow packets in PCAP format. Onboard wireshark. Netvisor Tap-Free inFabric Analytics
Analytics Deployment For Brownfield Networks
Production Network3rd party ToolsNetwork MonitoringApplication MonitoringSecurity ToolsUC/VoIP MonitoringNetvisor Visibility FabricSpan/TapsIntelligent Packet Broker:Tap Aggregation + Full Flow Analytics & Forensic Data Recording
demo
DDoS Demo
Thank You!www.pluribusnetworks.com