Beruflich Dokumente
Kultur Dokumente
SLOW
REPONSES
SERVICE
OUTAGES
PROLIFERATION
OF DEVICES
SECURITY
HIGH USER
EXPECTATIONS
CLOUD SILOS
DECLINING BUDGET
INTEGRATION
PROBLEMS
PRIVACY
ISSUES
DIFFERENT
APPLICATIONS
FRAGMENTED
DATA CENTER
AGING INFRASTRUCTURE
LIMITED
RESOURCES
SHORTAGE
OF RIGHT
SKILLS
FLUID
SECURE
Enterprise IT
Enterprise Applications
(Network & Security delivered by
infrastructure)
Data Center
Virtualization Layer
Compute
Compute
Storage
Storage
Network
Network
Enterprise IT
Enterprise Applications
(Network & Security delivered by
infrastructure)
Data Center
Virtualization Layer
Compute
Compute
Storage
Storage
Network
Network
Enterprise IT
Enterprise Applications
(Network & Security delivered by
infrastructure)
Data Center
Virtualization Layer
Compute
Storage
Network
Bridging
Two Worlds
Traditional
Approach
Software Defined
Data Center Approach
Network Virtualization is
at the core of an SDDC
approach
Virtualization layer
Network, storage, compute
Network Virtualization is
at the core of an SDDC
approach
Switching
Firewalling/ACLs
Web Tier
L3 Subnet
Internet
App Tier
NAT
L3 Subnet
DB Tier
L3 Subnet
Physical Network
Programmatically Provisioned
Native Isolation
192.168.2.11
192.168.2.11
192.168.2.10
192.168.2.10
Recovery Site
Snapshot VM
Change IP Address
4 Reconfig Security
10.0.20.21
10.0.10.21
SAN
SAN
3 Recover
the VM
Major
RTO
Impact
Step 1&2
(e.g VMware SRM)
10.0.10/24
Replicate
VM & Storage
10.0.20/24
21
Recovery Site
Virtual Network
10.0.30/24
Virtual Network
10.0.30/24
1
10.0.30.21
2b
Snapshot VM
Snapshot
Network &
Security
NSX Controller
NSX Controller
SAN
3
Recover
the VM
10.0.30.21
80%
RTO
SAN
Step 1&2
(e.g VMware SRM)
10.0.10/24
2a
Replicate
VM & Storage
10.0.20/24
22
Non-Disruptive Deployment
Internet
Internet
Little or no
lateral controls
inside perimeter
Insufficient
Operationally
Infeasible
Internet
Perimeter
Firewalls
28
Internet
Perimeter
Firewalls
29
10.0.4.72
production
src,dest,port,protocol
database tier
allow<=application tier>
customer Data
allow<appid=3456>
pci data
allow<appid=6789>
quarantine
cvss=2
production
src,dest,port,protocol
database tier
allow<=application tier>
customer Data
allow<appid=3456>
pci data
allow<appid=6789>
quarantine
cvss=2
Security Policy
Development Workload
Test Workload
Production Workload
Web Tier
App Tier
Quarantine: If CVSS>5
Audit
30
Physical Firewalls
Virtual Firewalls
Distributed Firewalling
CONFIDENTIAL
33
App Tier
No Communication Path
Application B
DB Tier
Secure Communications
Service Insertion
Application A
(e.g TCP,1433)
Isolation
NGFW
IPS
IPS
NGFW
Security Admin
Security Policy
Internet
Traffic
Steering
Intelligent grouping
Groups defined by customized criteria
Operating System
Application Tier
Machine Name
Services
Regulatory
Requirements
Security Posture
CONFIDENTIAL
38
CONFIDENTIAL
39
Value
Application Continuity
Micro-segmentation
IT Automating IT
Disaster Recovery
Secure infrastructure
at 1/3 the cost
Reduce infrastructure
provisioning time from
weeks to minutes
DMZ Anywhere
Developer Cloud
Metro Pooling
Multi-tenant
Infrastructure
Hybrid Cloud
Networking
40
Advanced
technology capabilities
Industry and
domain expertise
Compatibility
and integration
Industry specific
solutions
Global and
local presence
1,000+
100+
75,000
1,100
4,000
VMware Service
Professionals
Consulting
Partners
Solution
Partners
Technology
Partners
vCloud Air
Network Partners
Jump in
Thank you!