Upload
adva-optical-networking
View
310
Download
0
Embed Size (px)
Citation preview
ADVA Optical NetworkingSeptember, 2016
Secure Connectivity on Every Network LayerConnectGuard™ Security - Intelligent. Fast. Secure!
© 2016 ADVA Optical Networking. All rights reserved. Confidential.2
Need for Network Security• Organized crime has turned to cyberspace
• Data protection obligations are evolving
• Cost of data breaches is increasing rapidly
• Cloud brings additional security challenge
• New attack surface due to network functionsvirtualization (NFV)
Proactively securing data through encryption becomes mandatory
© 2016 ADVA Optical Networking. All rights reserved. Confidential.3
High-Tech Attacks, High Cost• Average incident costs a company
3.8 million US dollars
• Reputation and the loss of customerloyalty does the most damage
• Healthcare, education and financialsector incur highest costs
Ponemon Group: 2015 Cost of a Data Breach Study: Global Analysis
It's just easier to say, “If it goes out of our premises, it's encrypted”
© 2016 ADVA Optical Networking. All rights reserved. Confidential.4
Security for All WAN Infrastructures
Cloud InterconnectCloud Access
Service delivery and assurance
Metro/core distribution and hosting
Business continuity
Cloud & OTT services
Synchronization delivery and assurance
Cloud Extension
Security at the speed of cloud is scary – and necessary
© 2016 ADVA Optical Networking. All rights reserved. Confidential.5
Adopters of Network Layer Encryption
Banking Government Health Sector CriticalInfrastructure
Connectivity Service Provider
Encryption is part of a toolkit for a tiered data security strategy
© 2016 ADVA Optical Networking. All rights reserved. Confidential.6
Encryption Options
Securing Data in Motion
PhysicalPHY
Data linkMAC
Network layerIP/MPLS
Transport layerTCP, UDP
Application, presentation,session layer
Bits
Frames
Packets
Segments
Data
1
2
3
4
765
OS
I Lay
er
IPsec
TLS, SSH
In-flight encryption
MACsec
© 2016 ADVA Optical Networking. All rights reserved. Confidential.7
IPsec Challenges – Technical Aspects
• Delay is measured in msec instead of µsec
Latency• Up to 50% addi-
tional bandwidth overhead
Efficiency• No wire-speed
performance up to 100Gbps
Scalability
• Slower connection establishment
Speed• Only works for
IP traffic
Compatibility• Issues scale
linearly with links and endpoints
Complexity
© 2016 ADVA Optical Networking. All rights reserved. Confidential.8
Tapping Fiber-Optic Cables is Reality
… GCHQ was able to boast a larger collection of data than the US, tapping into 200 fiber-optic cables to give it the ability to monitor up to 600 million communications every day …
… the GCHQ operation codenamed “Tempora” has been running for 18 months …
… information from Internet and phone use was stored for up to 30 days to be sifted andanalyzed …
UK Government Communications Headquarter– GCHQ –
© 2016 ADVA Optical Networking. All rights reserved. Confidential.9
Secure Data Center Interconnection
Innovation for high-performance cloud data center interconnect
Application
Technology
• Highest performance• Lowest latency• Maximum security
Benefits
Solution
FSP 3000
© 2016 ADVA Optical Networking. All rights reserved. Confidential.10
Use Case: Secure VPN ConnectivityConnectGuardTM Ethernet
• Encryptors against vulnerabilities
• Secure end-to-end encryption based on hardware and software appliances
• Connect multiple enterprise security domains without modifying existing infrastructure
• Cost-efficient high-performance HW encryption
• Leverage virtual network functions (VNFs) for open firewall and encryption solutions
• Consistent security solution across all OSI layers to balance performance and flexibility
Business Drivers Benefits
Service provider
BranchesDC
© 2016 ADVA Optical Networking. All rights reserved. Confidential.11
• Highest flexibility• Minimum overhead• Maximum security
Secure Access in Virtual Networks
Innovation for flexible cloud access in fixed and mobile applications
Application
Technology
Benefits
Solution
FSP 150
© 2016 ADVA Optical Networking. All rights reserved. Confidential.12
Use Case: Secure Access to the CloudCloud Extension
• Virtual private cloud providers looking to offer virtualized, hosted XaaS to enterprises
• LAN extension provides on-network user experience delivered via a hosted cloud environment
• Security and assurance are critical
• Enables seamless, layer-2 network connectivity between customer premise and virtual functions implemented in data center
• Pure-play software (with HW options for CPE side)
• Integration with orchestrated data center services
Business Drivers Benefits
Internet/PrivateIP/MPLS Network
Access
Customer LAN
VXLAN
Gateway
Customer Site Data CenterVXLAN
IPsec
© 2016 ADVA Optical Networking. All rights reserved. Confidential.13
• Virtual infrastructure• Fastest service activation• Choice of VNF vendor,
hardware and location
Secure Access to Virtual Machines
Leveraging Ensemble virtualization for customer choice
Application
Technology
Benefits
Solution
Orchestrator&
Connector
Customer Premises Data Center
VM VM
EnsembleOrchestration
CE2.0 Direct Connect / VXLAN (Internet / Private IP Net)
Advanced MACsec
Transparent LAN with SLA measurement and performance monitoring
PhysicalServer
VirtualMachines
vSecurity
© 2016 ADVA Optical Networking. All rights reserved. Confidential.14
Most Important Features of Encryption
Performance, latency and support for flexible deployment are key
© 2016 ADVA Optical Networking. All rights reserved. Confidential.15
Making Connectivity Networks Secure
High throughput, low latency and cost-effective trust model
Data Center
Main Office
Branch Office
Data Center
Main Office
Main Office
Branch Office
LAN
LAN
LAN LAN
LAN
LAN/SANCluster
LAN/SANCluster
OTN leased line
Carrier Ethernet
Carrier Ethernet VPN /overlay on IP private/public VPN
100M
100M
10G 10G
1G
10G10G
100G 100G
© 2016 ADVA Optical Networking. All rights reserved. Confidential.16
ConnectGuard™ Management
FSP NMserver
FSP NMclients
LAN
DCNGUI server
running NM client apps
Customer A
3rd
PartyNE
Encryption domain management by managed service subscriber
ConnectGuard Managerrunning on FSP NM
© 2016 ADVA Optical Networking. All rights reserved. Confidential.17
ADVA ConnectGuard™
• Intelligent! – Efficient integration with transport technology
• Fast! – Scales up to 100Gbit/s
• Secure! – Industry-compliant
Differentiation by high-performance protection of data in motion
IMPORTANT NOTICEThe content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.
The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation.
Copyright © for the entire content of this presentation: ADVA Optical Networking.