Upload
pluribusnetworks
View
170
Download
0
Tags:
Embed Size (px)
Citation preview
Proprietary & Confidential
Taking Cloud Applications from Good to Great
Appcito and Pluribus
The “Application-aware” Fabric
Siva MandalamVP, Strategy and Marketing
Software for Cloud Application Developers 2Proprietary & Confidential
Traditional Services Model
1Extremely expensive only 15-20% of the DC apps are covered by services
2Manual slow configuration, required specialized trained staff
4Sub-optimal traffic routing, hair-pinning, hard to scale across physical and virtual
3Services have no shared state; do not scale dynamically
5Difficult to troubleshoot application issues
Software for Cloud Application DevelopersProprietary & Confidential
Logs, Metrics, Policies
Appcito CAFE High Level Architecture
Web
Traffic
Policy Execution Point (PEP): Data Plane
Application
Application Services ControllerControl | Management | Analytics
• Orchestrates App Services • Elastic, Multi-tenant• API Driven• Programmable Policies• Insights
• Implements Traffic Policies:• Availability, Performance, Security, Continuous Deployment
• Programmable • Multi-Cloud
Runs inCloud/on Prem,
managedby Appcito/customer
Proxy inCloud/
On-Prem, in front of customer
applications
Shared persistent state between PEPs
Software for Cloud Application Developers 4Proprietary & Confidential
Pluribus-Appcito Cloud Scale Services Fabric
Distributed Services Data Plane
Layer 4-7 services close to the transaction, offloading servers and leveraging HW acceleration
1Cover 100% of your application. Disruptive economics, pay as you grow.
2From weeks to minutes: 5 min activation!
4Optimized traffic routing for E-W trafficOff-load & accelerate services w/ Netvisor
3Elastic scaling. Automatic chaining. Cloud bursting for hybrid deployments.
5Easy to troubleshoot application level performance, security and availability issues
Software for Cloud Application Developers 5Proprietary & Confidential
Re-thinking Cloud Services
Appcito+Pluribus
Traditional Fabric+Services
Comments
East-West, Virtual Workloads OptimizedServices close to transaction
Enforce policy to inter-VM traffic, without the need to hairpin traffic to physical devices designed to protect north-south traffic.
Uncompromised security for East-west and North-south traffic with scale and performance
SSL everywhere, L7 firewalling, DDOS protection everywhere
Elastic Auto-scaling Shared state across distributed instances of a service. Unlike traditional virtual services or appliances
L1-L7 application analytics @ scale
Pluribus L1-L4 analytics w/ Appcito L7 analytics engine
Free servers cycles to run applications - Off-load vServices to network
Pluribus TOR Hyper-converged SDN Appliances with HW acceleration
Optimized for hybrid on-premise and Cloud deployments
Built for cloud bursting
Application Firewalling, Load Balancing, Performance and Insights
Software for Cloud Application Developers 6Proprietary & Confidential
Appcito+Pluribus Integration Use cases
L1-L7 Application Analytics Correlation
TOR Services off-load andHW acceleration e.g. SSL
L2-L7 DDOS Protectionw/ HW off-load
Integration with PluribusVirtualized Infrastructure &OpenStack Orchestration
Distributed Services Data Plane
Software for Cloud Application Developers 7Proprietary & Confidential 7
Seamless Availability, Scaling of Private Cloud Applications
• Industry’s first cloud-native distributed stateful proxy that leverages Application Fabric
• Extend infrastructure capacity without additional boxes
• Seamlessly support availability of multiple applications
LogsMetricsPolicies
Web
Traffic
PEP Application
Barista Application Services Controller (ASC)
Control | Management | Analytics
PEP
• Appcito Policy enforcement point (PEP) provides full proxy by being closer to applications
• Appcito PEP can be deployed in any rack in fabric in front of any application
• Open stack is used for provisioning management, and Barista for analytics, policy recos.
Network Computing Appliance
Netvisor ODM Switch/ Server-Switch
Software for Cloud Application Developers 8Proprietary & Confidential 8
Application Analytics Performance and Health Monitoring
• Real-time application health monitoring from application all the way to network
• Barista Analytics for insights on application data and policy recommendations
• Leverage Pluribus visibility for improved anomaly detection to identify application level attacks
LogsMetricsPolicies
Web
Traffic
PEP Application
Barista Application Services Controller (ASC)
Control | Management | Analytics
PEP
• Appcito Policy enforcement point (PEP) collects detailed metrics of applications
• Pluribus fabric collects detailed statistics for every flow, and time machine for historical analysis
• Customers can easily troubleshoot applications inside private cloud
Network Computing Appliance
Netvisor ODM Switch/ Server-Switch
Software for Cloud Application Developers 9Proprietary & Confidential 9
Elastic SSL and full SSL Visibility
• Appcito Policy enforcement point (PEP) provides SSL offloading with strong ciphers
• Appcito ASC can auto scale SSL minimizing SSL handshakes and service interruptions
• Barista ASC provides full visibility of SSL traffic
• Offload SSL- reduce load on application server instances
• Gain full visibility and detection of SSL encrypted attacks
• Leverage Pluribus powerful hardware (CPU, memory, offload SSL capabilities)
SSL
Traffic
PEP Application
Barista Application Services Controller (ASC)
PEP
SSL
Traffic
PEP Application PEPZone A
Zone B
Network Computing Appliance
Netvisor ODM Switch/ Server-Switch
Software for Cloud Application Developers 10Proprietary & Confidential 10
Guard against DDoSNetwork Attacks Session Attacks Application Attacks
ICMP Floods, Ping Floods, and Smurf AttacksSYN Flood, Connection Flood, UDP Flood, Push and ACK Floods, Teardrop
SSL Floods, SSL Renegotiation, DNS UDP Floods, DNS Query Floods, DNS NXDOMAIN Floods
Slowloris, Slow Post, HashDos, GET Floods, OWASP Top 10 (SQL Injection, XSS, CSRF, etc.)
Pluribus Mitigation Mechanisms
IP Protection, Rate Limiting, Throttling, MAC Flood protection, NTP attack throttling, UDP flood pruning, rate limiting, strict TCP forwarding .
Appcito Mitigation Mechanisms
SSL termination, SSL renegotiation validation, Elastic scale SSL, DNS mitigation mechanisms, full programmability
Appcito Mitigation Mechanisms
Blacklist and whitelist support, full proxy for HTTP, anomaly detection, web application firewalling
• Leverage Pluribus mitigation mechanisms, Higher buffering, QoS for SLA for certain traffic and default protection mechanisms against infrastructure attacks
• Appcito provides comprehensive DDoS attack mitigation mechanisms against Layer 7 application attacks
Software for Cloud Application Developers 11Proprietary & Confidential 11
Cloud-native Application Security
• Defend against malicious activity and web attacks with Appcito WAF
• Block BOTS while allowing genuine users
• Leverage Pluribus visibility for improved anomaly detection to identify application level attacks
LogsMetricsPolicies
Web
Traffic
PEP Application
Barista Application Services Controller (ASC)
Control | Management | Analytics
PEP
• Appcito Policy enforcement point (PEP) enforces WAF policies on application traffic
• Appcito Barista can blacklist or whitelist IP and block BOTS
• Pluribus analytics is used for determining anomalies and application policy is applied with Appcito
Network Computing Appliance
Netvisor ODM Switch/ Server-Switch
Software for Cloud Application Developers 12Proprietary & Confidential 12
SummaryComplementary SDN Data Plane Layers Forming
A True Application-Aware Fabric• Netvisor distributed programmable fabric architecture
abstracts the network topology and offers API for L1-4 analytics to L7 services.
• Pluribus server-switches provide high-performance NFV platforms to run L7 data plane services.
• Appcito provides Layer 4-7 capabilities as a SaaS from cloud, Appcito works on both Amazon environments and Openstack environments
• Complementary SDN Data Planes provide Application Fabric integrated with Network Fabric resulting in a dramatically simplified services architecture optimized for physical+virtual workloads, E-W traffic patterns and performance