SOFTWARE-BASED NETWORKING & SECURITY

FOR THE CLOUD

Jae Lee, Director of Product Management

2

WHY USE CLOUD SERVICES?WHY USE CLOUD SERVICES?

�No CAPEX, low operational cost

�Fast, flexible, elastic

�You can focus on business

3

WHY OFFER CLOUD SERVICES?WHY OFFER CLOUD SERVICES?

�Significant increase in demand

�Faster time-to-market for new services

�Higher value = greater revenue

4

CLOUD NETWORKING CHALLENGESCLOUD NETWORKING CHALLENGES

�Hardware limitations – cost, inflexibility

�Scale services

�Minimize latency

�Connect securely to DC

�Maintain security policy and compliance

�Decrease complexity

�Automate provisioning

5

STEP 1: VIRTUALIZESTEP 1: VIRTUALIZE

BORDER ROUTER

FIREWALL

VPN

INTRUSION PREVENTION

SWITCH

WEBSERVERS

APPS & STORAGE

DATABASE

10.0.0.0/24

10.3.0.0/24

10.4.0.0/24ENTERPRISE DATACENTER

- UNDER-UTILIZED HARDWARE

- NO AUTOMATION IN NETWORK MAINTENANCE

- EXPENSIVE TO SCALE

- HARD LIMITATIONS FORCE OVERPROVISIONING

6

VIRTUALIZATION STALLVIRTUALIZATION STALL

Hypervisor 1

vSWITCH

VLAN1VLAN2

Web Servers

VLAN1VLAN2

Applications

VLAN1VLAN2

Database

CORE

AGGREGATION

ACCESS

SWITCH

SWITCH

FIREWALL

BORDER ROUTER

Hypervisor 2 Hypervisor 3

LEGACY VIRTUAL DATACENTER

- LATENCY

- NO PROTECTION BETWEEN VLANS

- NOT SCALABLE

- HARDWARE FIREWALL COSTS

- REQUIRES NETWORK ADMIN TO INSTALL / SCALE

System

Network

7

Hypervisor 1

vSWITCH

VLAN1

VLAN2

vNIC

Web Servers

VLAN1 VLAN2

vNIC

Applications

VLAN1 VLAN2

vNIC

Database

10.0.0.0/12

Hypervisor 2 Hypervisor 3

SWITCH

FIREWALL

BORDER ROUTER

AGGREGA

TION

ACCESS

SWITCH

AGGREGA

TION

VIRTUAL DATACENTER W/ VIRTUAL APPLIANCEALL TRAFFIC IS INSPECTED WITHIN HYPERVISOR

- FIREWALL PROTECTS ALL TRAFFIC DIRECTIONS

ELIMINATES LATENCY

INTER-VLAN TRAFFIC INSPECTION

- PER-TENANT DEDICATED NETWORK CONTROLS

PROVISIONED ON DEMAND

ININ--HYPERVISOR NETWORK SECURITYHYPERVISOR NETWORK SECURITY

System

Network

8

APPLICATION ONAPPLICATION ON--BOARDINGBOARDING

Cloud EnvironmentData Center

Vyatta

WAN

DNSActive Directory Vyatta

L2 GRE Tunnel

+

IPSec VPN or OpenVPN (SSL)

VM

Hypervisor

vSwitch

Database Servers

VM

VM

VM

App Servers

VM

VM

VM

Web Servers

VM

VM

VMVM

VM

VM

VM

VM

VM

VM

VM

VM

VM

VDI

VM Management

TestDev

VM

Other Tools

Application

Workload

9

APPLICATION ONAPPLICATION ON--BOARDINGBOARDING

Cloud EnvironmentEnterprise Data Center

Vyatta

WAN

DNSActive Directory Vyatta

L2 GRE Tunnel

+

IPSec VPN or OpenVPN (SSL)

VM

VM

VM

VM

VM

VDI

VM Management

TestDev

VM

Other Tools

Compliance /

Trust Model

Preserved

PhysicalN-Tier

Database Tier

Hypervisor

vSwitch

Application Tier

VM

VM

VM

Web Services Tier

VM

VM

VM

VM

VM

VM

10

LEVERAGING AMAZONLEVERAGING AMAZON

VM VM

VM VM

VMV

M

VPCInternet

Gateway

Public

Private

Web

Ser

vers

Vyatta AMIInternet

VPN

Remote Workers

Enterprise Datacenter

Private or Public Cloud

Dat

abas

e Ser

vers

Cloud Bridge

NAT + Firewall

AGGREGAT

ION

AGGREGAT

ION

VYATTA AMI – COMPLETE NETWORKING IN AMAZON VPC

- NO LIMIT TO # OF VPN TUNNELS

- SECURELY CONNECT INTO MULTIPLE VPCs FROM A SINGLE

- CREATE FULL VPN MESH BETWEEN MULTIPLE VPCs

- SECURELY BRIDGE CLOUD TO CLOUD OR DATACENTER TO CLOUD

- SINGLE INTEGRATED PACKAGE OF FW, VPN, IPS, URL FILTERING, FULL LAYER 3

11

FIREWALL

VPN

IPS

SWITCH

WEBSERVERS

APPS & STORAGE

DATABASE

10.0.0.0/24

10.3.0.0/24

10.4.0.0/24

ROUTER

Vyatta Enterprise With VyattaVyatta Enterprise With Vyatta

APPS & STORAGE

DATABASE

10.3.0.0/24

10.4.0.0/24

VYATTA ENTERPRISE DATACENTERNETWORK EDGE AND LAN COMPRISED OF STANDARD x86-

BASED SYSTEMS and VYATTA SOFTWARE

- LEVERAGE STANDARD x86 SERVER HARDWARE- MODERN QUAD CORE + SYSTEMS DELIVER 10Gbps PERFORMANCE

- SYSTEM SCALABILITY USING STANDARD COMPONENTS - SOFTWARE – BASED UPGRADE PATH- COST A FRACTION OF COMPARABLE CISCO / JNPR GEAR

12