Download - Visibility in the Cloud
Visibility In The Cloud
20th-October, IPExpo London
Paul ReeveChannel Sales and Business Development
Time Shared Computing
The Underlying Economics of Cloud Computing
• Has less to do with– Computing Power– Memory
• But more to do with– Ubiquitous broadband access to the Internet– Low cost of wide area networks
Cloud Computing is about moving seams and changing the nature of the seams
Our Big Computers Our Little Computers
Before Cloud Computing, a seam defined two distinct computing platforms but both were
controlled by the organization.
Seams require security and monitoring. Security and monitoring starts with visibility.
New Seams
Old seams were based oncomputing platforms within anenterprise
New seams are based onapplications between different enterprises
But…
Seams still require visibility
And so emerged the SLA
Question: How do you know if the SLA is being delivered?
Answer: Visibility at the seams
Enterprise- Must know that service is delivered securely as promised- Only way to know is to establish data capture infrastructure at the seam
Cloud Service Provider- Must know that service is delivered securely as promised- Only way to know is to establish data capture infrastructure at the seam
Service Provider Data Capture Infrastructure
EnterpriseData Capture Infrastructure
SEAM SEAM
Question: What Happens If Face Recognition Software Is Served By A Substandard Camera?
Datacom Systems Inc. Confidential 12
Answer: Expensive, Sophisticated Software is Sub-Optimized
?
Rich Schultz/Associated Press
Flights Out of Newark Airport Halted for Possible Security Breach Passengers waited after a security breach shut down a terminal at the Newark Liberty International Airport on Sunday. By SARAH WHEATONPublished: January 3, 2010
Analysis Starts with Proper Data Capture
Newark Airport's Security Cameras Were BrokenAirport Owns the Cameras but Says the TSA is Supposed to Report Them BrokenBy AARON KATERSKYJan. 5, 2010 9 comments
Port Authority installs camera alarms at Newark airport after security breachBy Mike Frassinelli/The Star-LedgerFebruary 25, 2010, 4:00PM
Unfortunately, the importance of data capture is realized after an event
The Same is True in Networking
We tend to be fascinated with and focus on the analysis software….
…but overlook the importance of the data capture infrastructure that feeds the analysis software
Optimal Network Analysis is ….
A division of labor between hardware and software
“The best security is always a combination of hardware and software.”
Paul Otellini, CEO Intel20-Sept. Wall Street Journal, comment on combining Intel hardware with McAfee software
How Data is Captured for AnalysisThe actual data is not captured but rather copied by either:
1. A general-purpose network element or a
2. A purpose-built network element
General-PurposeSpan Port from a RouterSPAN stands for switch port analyzer
Purpose-BuiltTAP
TAP stands for test access port
Data Capture is first about getting a 100% reliable copy of the data.
Data Capture Infrastructure will perform a combination of these three functions:
AggregationData from multiple links aggregated for one tool to analyze
RegenerationData from a single link
is regenerated for multiple tools
FilteringData is reduced to the essential packets for specialized analysis
Data Capture Infrastructure Works in Tandem with Analysis Tools
Production Network Traffic
TAP TAP TAP TAP TAP TAP
Aggregation and Filtering
Analysis Tool
Analysis Tool
Analysis Tool
Data Capture Infrastructure not only copies the traffic but prepares the copied traffic for more efficient performance by the analysis tools
Foundation for Network Security
Data Capture Infrastructure
SPAN vs. TAP
• Easily mis-configured• Consumes a port and CPU• Dropped if the router is stressed• Not scalable• VLAN tags stripped out• Corrupt packets are dropped
• True picture of the traffic including layer 1 and 2• Permanent port that doesn’t affect traffic• Visibility into full duplex links• Every packet delivered in order• Scalable through regeneration and multiple ports• VLAN tags and corrupt packets captured
A TAP can be placed closer to the seam between the enterprise and the cloud service provider
Data Capture Infrastructure
• Should be placed at the seam between the enterprise and cloud service provider
• Is the most reliable way to confirm SLA compliance
• Requires planning as with any other network deployment
• Increases the efficiency of analysis tools