Cloud Security Solution 游源濱 Vince Yu 技術總監 Juniper Networks Oct 2011
JUNIPER 專注於兩個主要市場趨勢 雲端運算 雲端運算預估支出佔 IT 總支出的百分比 行動網際網路 智慧型手機已超越個人電腦 行動體驗也取代桌上系統的體驗模式 120 Million 2013 40% 70% 2015 90 60 資料來源 :Gartner 總金額 :$2.78 兆美元 30 智慧型手機個人電腦 2009 2010 資料來源 :Gartner 2 Copyright 2010 Juniper Networks, Inc. www.juniper.net
我們才剛開始利用這兩個相關連趨勢的潛在力量 雲端運算 行動網際網路 難以想像的龐大商機 例如 : iphone ipad + icloud 大幅降低 IT 的成本結構 巨幅提升 IT 的速度和規模 可從任何地點存取應用程式和服務 3 Copyright 2010 Juniper Networks, Inc. www.juniper.net
服務雲端化的最大疑慮 -- 雲端安全 4 Copyright 2010 Juniper Networks, Inc. www.juniper.net
服務雲端化的最大疑慮 -- 雲端安全 5 Copyright 2010 Juniper Networks, Inc. www.juniper.net
服務雲端化的最大障礙 網路虛擬化 From To RIGID, LEGACY MODEL OF I.T. On- Applications Premise Apps Servers/Com Dedicated Servers pute Dedicated Storage Storage Network Layers of Complexity Software-as-a-service Virtualization and distributed applications Virtualized are transforming workloads every part of the data center. To maximize the potential of virtualization, the network must also transform. Virtualized storage Zeus Kerravala SVP & Distinguished Research Fellow Yankee Group FLEXIBLE, VIRTUALIZED MODEL 6 Copyright 2010 Juniper Networks, Inc. www.juniper.net
服務雲端化的最大疑慮 安全虛擬化 SERVER VIRTUAL MACHINES SERVERS Physical Network Virtual Switch VMware Physical Server is no longer the interesting entity Physical Network Virtual Network has become a new network layer Isolating within physical network doesn t address vnetwork Inter-VM communication is a blind spot for physical tools 7 Copyright 2010 Juniper Networks, Inc. www.juniper.net
CLOUD END TO END SECURITY Clients Global High-Performance Network Data Centers Client to DC Server to Server 8 Copyright 2010 Juniper Networks, Inc. www.juniper.net
JUNIPER CLOUD SECURITY STRATEGY Device Network Application Comprehensive cloud security solution 9 Copyright 2010 Juniper Networks, Inc. www.juniper.net
vgw Secure Cloud Virtualization
THE VGW HYPERVISOR-BASED APPROACH Enterprise-grade VMware VMsafe Certified Protects each VM and the hypervisor Fault-tolerant architecture (i.e. HA) Virtual Center Security Design for VGW VM VM1 VM2 VM3 Virtualization Aware Secure VMotion scales to 1,000+ ESX Partner Server (IDS, SIM, Syslog, Netflow) ESX Host Auto Secure detects/protects new VMs Granular, Tiered Defense Packet Data THE vgw ENGINE VMWARE DVFILTER VMWARE VSWITCH OR CISCO 1000V ESX Kernel Stateful firewall and integrated IDS HYPERVISOR Flexible Policy Enforcement Zone, VM group, VM, Application, Port, Protocol, Security state 11 Copyright 2010 Juniper Networks, Inc. www.juniper.net
SRX Secure Cloud Application
Application Security Botnets targeting services for disruption Server Connection Monitoring Protocol Analysis Bot / Client Classification Attack traffic INTERNET Legitimate traffic Mixture of legitimate and attack traffic SRX Series Cloud Provider / Data Center 13 Copyright 2010 Juniper Networks, Inc. www.juniper.net
EX / MX Cloud Infrastructure Virtualization
以 VPLS 虛擬化延伸跨 CLOUD 的 V-MOTION 15 Copyright 2010 Juniper Networks, Inc. www.juniper.net
Secure Remote Access
MOBILITY SSLVPN Junos Pulse Client Junos Pulse Gateway Corporate Applications (of any type) Dedicated or Virtual Appliance Deployment Datacenter 17 Copyright 2010 Juniper Networks, Inc. www.juniper.net
SECURE CLOUD EVERYWHERE End to End security Securing virtualization, Network, applications, devices and manage it at scale Device Network Application Junos Space Orchestrated OSS / BSS Ecosystem Secure Remote Access VPN Internet STRM MX SA SSL VPN SP owned Services Complex Altor Altor VM VM SRX Corporate Protected vgw VMsafe FW AppSecure SRX SA SSL VPN STRM Enterprise owned Private cloud Altor Altor VM VM vgw VMsafe FW MX VPLS extend vmotion AppSecure 18 Copyright 2010 Juniper Networks, Inc. www.juniper.net