Enviar pesquisa
Carregar
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
•
1 gostou
•
2,213 visualizações
VirtSGR
Seguir
Tecnologia
Educação
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 40
Baixar agora
Baixar para ler offline
Recomendados
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
Juniper and VMware: Taking Data Centre Networks to the Next Level
Juniper and VMware: Taking Data Centre Networks to the Next Level
Juniper Networks
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
Trend Micro (EMEA) Limited
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
Symantec
VMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised security
Arrow ECS UK
Special Projects
Special Projects
Muhammad Ilyas Anjum
Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]
Rishi Sharma
Trend micro deep security
Trend micro deep security
Trend Micro
Recomendados
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
Juniper and VMware: Taking Data Centre Networks to the Next Level
Juniper and VMware: Taking Data Centre Networks to the Next Level
Juniper Networks
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
Trend Micro (EMEA) Limited
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
Symantec
VMware and Trend Micro, partnering to revolutionise virtualised security
VMware and Trend Micro, partnering to revolutionise virtualised security
Arrow ECS UK
Special Projects
Special Projects
Muhammad Ilyas Anjum
Esx Server 3i Presentation[1]
Esx Server 3i Presentation[1]
Rishi Sharma
Trend micro deep security
Trend micro deep security
Trend Micro
VMworld2011 Recap
VMworld2011 Recap
1CloudRoad.com
Virtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation Guide
webhostingguy
E Vm Virtualization
E Vm Virtualization
Arturo Saavedra
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Acrodex
Security Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server Virtualization
rsnarayanan
Trend micro v2
Trend micro v2
JD Sherry
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
vivekbhat
Nexus 1010 Overview and Deployment
Nexus 1010 Overview and Deployment
Sal Lopez
Evolúcia, alebo revolúcia? vSphere 5 update
Evolúcia, alebo revolúcia? vSphere 5 update
ASBIS SK
VMware vSphere
VMware vSphere
零壹科技股份有限公司
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentation
ShapeBlue
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
Symantec
Insecurity in security products v1.5
Insecurity in security products v1.5
DaveEdwards12
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
Symantec
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
Symantec
Campus jueves
Campus jueves
campus party
Virtualization securityv2
Virtualization securityv2
vivekbhat
040711 webcast securing vmachine
040711 webcast securing vmachine
Erin Banks
McAfee MOVE_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
McAfee MOVE_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
Symantec Endpoint Protection_Конкурс продуктов портала VirtualizationSecurity...
Symantec Endpoint Protection_Конкурс продуктов портала VirtualizationSecurity...
VirtSGR
Deep Security_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Deep Security_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
Mais conteúdo relacionado
Mais procurados
VMworld2011 Recap
VMworld2011 Recap
1CloudRoad.com
Virtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation Guide
webhostingguy
E Vm Virtualization
E Vm Virtualization
Arturo Saavedra
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Acrodex
Security Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server Virtualization
rsnarayanan
Trend micro v2
Trend micro v2
JD Sherry
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
vivekbhat
Nexus 1010 Overview and Deployment
Nexus 1010 Overview and Deployment
Sal Lopez
Evolúcia, alebo revolúcia? vSphere 5 update
Evolúcia, alebo revolúcia? vSphere 5 update
ASBIS SK
VMware vSphere
VMware vSphere
零壹科技股份有限公司
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentation
ShapeBlue
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
Symantec
Insecurity in security products v1.5
Insecurity in security products v1.5
DaveEdwards12
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
Symantec
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
Symantec
Campus jueves
Campus jueves
campus party
Virtualization securityv2
Virtualization securityv2
vivekbhat
040711 webcast securing vmachine
040711 webcast securing vmachine
Erin Banks
Mais procurados
(19)
VMworld2011 Recap
VMworld2011 Recap
Virtual Server Security for VMware: Installation Guide
Virtual Server Security for VMware: Installation Guide
E Vm Virtualization
E Vm Virtualization
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Security Best Practices For Hyper V And Server Virtualization
Security Best Practices For Hyper V And Server Virtualization
Trend micro v2
Trend micro v2
CSA Presentation 26th May Virtualization securityv2
CSA Presentation 26th May Virtualization securityv2
Nexus 1010 Overview and Deployment
Nexus 1010 Overview and Deployment
Evolúcia, alebo revolúcia? vSphere 5 update
Evolúcia, alebo revolúcia? vSphere 5 update
VMware vSphere
VMware vSphere
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentation
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
Insecurity in security products v1.5
Insecurity in security products v1.5
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response Team
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
Campus jueves
Campus jueves
Virtualization securityv2
Virtualization securityv2
040711 webcast securing vmachine
040711 webcast securing vmachine
Destaque
McAfee MOVE_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
McAfee MOVE_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
Symantec Endpoint Protection_Конкурс продуктов портала VirtualizationSecurity...
Symantec Endpoint Protection_Конкурс продуктов портала VirtualizationSecurity...
VirtSGR
Deep Security_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Deep Security_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
TippingPoint Virtual Controller +Virtual Firewall_Конкурс продуктов портала V...
TippingPoint Virtual Controller +Virtual Firewall_Конкурс продуктов портала V...
VirtSGR
Аккорд-В_Конкурс продуктов портала VirtualizationSecurityGroup.Ru_продукт пре...
Аккорд-В_Конкурс продуктов портала VirtualizationSecurityGroup.Ru_продукт пре...
VirtSGR
Proventia Virtual Server Protection for VMware_Конкурс VirtualizationSecurity...
Proventia Virtual Server Protection for VMware_Конкурс VirtualizationSecurity...
VirtSGR
vGate R2_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
vGate R2_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
Destaque
(7)
McAfee MOVE_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
McAfee MOVE_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Symantec Endpoint Protection_Конкурс продуктов портала VirtualizationSecurity...
Symantec Endpoint Protection_Конкурс продуктов портала VirtualizationSecurity...
Deep Security_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Deep Security_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
TippingPoint Virtual Controller +Virtual Firewall_Конкурс продуктов портала V...
TippingPoint Virtual Controller +Virtual Firewall_Конкурс продуктов портала V...
Аккорд-В_Конкурс продуктов портала VirtualizationSecurityGroup.Ru_продукт пре...
Аккорд-В_Конкурс продуктов портала VirtualizationSecurityGroup.Ru_продукт пре...
Proventia Virtual Server Protection for VMware_Конкурс VirtualizationSecurity...
Proventia Virtual Server Protection for VMware_Конкурс VirtualizationSecurity...
vGate R2_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
vGate R2_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Semelhante a Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
Ixia
Managing The Impact Of Virtualization Technology On Your Network
Managing The Impact Of Virtualization Technology On Your Network
SolarWinds
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
Graeme Wood
What is a virtual tap?
What is a virtual tap?
LiveAction Next Generation Network Management Software
Cisco nexus 1000v
Cisco nexus 1000v
ikewu83
云计算平台存储架构设计@邓海韬Nicko
云计算平台存储架构设计@邓海韬Nicko
looneyren
Security & Virtualization in the Data Center
Security & Virtualization in the Data Center
Cisco Russia
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS SK
Cisco nexus 1010
Cisco nexus 1010
IT Tech
Vm Ware Presentation Key Note
Vm Ware Presentation Key Note
csharney
Cisco Virtualized Network Services
Cisco Virtualized Network Services
Soumen Chatterjee
Nexus 1000_ver 1.1
Nexus 1000_ver 1.1
Aakash Agarwal
Integrate 3rd party security solution into CloudStack
Integrate 3rd party security solution into CloudStack
mice_xia
Federal VMUG - March - Reflex VMC Overview
Federal VMUG - March - Reflex VMC Overview
langonej
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
Takeshi Nakajima
12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup
Midokura
Whats the weather tomorrow
Whats the weather tomorrow
Learon Dalby
Virtualization presentation
Virtualization presentation
Mangesh Gunjal
Presentation cisco nexus 1010 overview and deployment
Presentation cisco nexus 1010 overview and deployment
xKinAnx
VMWorld 2009 Presentation
VMWorld 2009 Presentation
Ahmed Sallam
Semelhante a Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
(20)
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
Managing The Impact Of Virtualization Technology On Your Network
Managing The Impact Of Virtualization Technology On Your Network
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
What is a virtual tap?
What is a virtual tap?
Cisco nexus 1000v
Cisco nexus 1000v
云计算平台存储架构设计@邓海韬Nicko
云计算平台存储架构设计@邓海韬Nicko
Security & Virtualization in the Data Center
Security & Virtualization in the Data Center
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
Cisco nexus 1010
Cisco nexus 1010
Vm Ware Presentation Key Note
Vm Ware Presentation Key Note
Cisco Virtualized Network Services
Cisco Virtualized Network Services
Nexus 1000_ver 1.1
Nexus 1000_ver 1.1
Integrate 3rd party security solution into CloudStack
Integrate 3rd party security solution into CloudStack
Federal VMUG - March - Reflex VMC Overview
Federal VMUG - March - Reflex VMC Overview
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup MidoNet with scalable virtual router
12th Japan CloudStack User Group Meetup
12th Japan CloudStack User Group Meetup
Whats the weather tomorrow
Whats the weather tomorrow
Virtualization presentation
Virtualization presentation
Presentation cisco nexus 1010 overview and deployment
Presentation cisco nexus 1010 overview and deployment
VMWorld 2009 Presentation
VMWorld 2009 Presentation
Último
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
DianaGray10
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
HarshalMandlekar2
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Pixlogix Infotech
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
Último
(20)
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
1.
Cisco Virtual Security Gateway
(VSG) Скороходов Александр Системный инженер-консультант askorokh@cisco.com
2.
Cisco Nexus 1000V Виртуальный
распределенный программный коммутатор Nexus 1000V - коммутатор Cisco для среды VMWare ESX Реализует функции VN-Link: Управление VM по политикам Функции безопасности, поддержка Server 1 Server 2 Netflow, ERSPAN, мультикаста, etherchannel VM VM VM VM VM VM VM VM VM #1 #2 #3 #4 #1 #5 #5 #6 #7 #8 Мобильность настроек сети, безопасности и мониторинга Сохраняет эксплуатационную VMware vSwitch 1000V Nexus 1000V Nexus 1000V Nexus VMware vSwitch модель VMW ESX VMW ESX Функции безопасности: Списки доступа (ACL) Port Security Nexus 1000V Private VLAN DHCP Snooping Dynamic ARP Inspection VSM Virtual Center IP Source Guard Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
3.
Cisco VSG: решаемая
задача Управление безопасностью трафика между VM Новое «слепое пятно» для средств безопасности Динамическое применение политик с учетом контекста Использование свойств VM VM-to-VM traffic VM-to-VM traffic Работа без опоры на VLAN Защита трафика внутри сегмента Разделение доменов эксплуатации Вычисления App App App App Сеть OS OS OS OS Безопасность Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4.
Эшелонированная
структура безопасности • Политика на уровне зон VM Virtual • Горизонтальное VSG Security масштабирование • Опора на контекст VM • Сегментирование сети ЦОД FWSM Internal • Политика на уровне VLAN Security • Инспекция протоколов • Виртуальные контексты ASA 55xx • Фильтрация внешнего трафика Internet • Расширенная поддержка Edge прикдадных протоколов ASA 55xx • VPN доступ, борьба с внешними угрозами Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
5.
Virtual Security Gateway Защита
приложений в виртуальной среде VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V vPath Distributed Virtual Switch VSG Secure Segmentation Efficient Deployment Dynamic policy-based (VLAN agnostic) (secure multiple hosts) provisioning Transparent Insertion Mobility aware Log/Audit High Availability (topology agnostic) (policies follow vMotion) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
6.
Поддержка многих организаций
Virtual Network Management Center Tenant A Tenant B VDC-1 VDC-2 vApp vApp vPath Nexus 1000V vSphere • Гранулярность в зависимости от требований задачи Tenant, VDC, vApp • Внедрение многих VSG для горизонтального масштабирования Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
7.
Технология vPath
vPath Nexus 1000V- VEM Поддержка vPath встроена в Virtual Ethernet Module (VEM) Nexus 1000V (с версии 1.4) Две основные функции vPath: • Интеллектальное перенаправление трафика на VSG • Разгрузка обработки с VSG на VEM vPath поддерживает совместное размещение сервисов разных организаций Использование vPath повышает производительность за счёт распределённой обработки Может использоваться для других сервисов Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
8.
Virtual Security Gateway Перенаправление
трафика с помощью vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM 4 Nexus 1000V vPath Distributed Virtual Switch VSG Decision Access Log Caching 3 (syslog) Initial Packet 2 Flow Access 1 Flow Control Log/Audit Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. (policy evaluation) Cisco Public 9
9.
Virtual Security Gateway Повышение
производительности с помощью vPath VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V vPath Distributed Virtual Switch VSG ACL offloaded to Nexus 1000V (policy enforcement) Remaining packets from flow Log/Audit Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
10.
VSG: поддержка прикладных
протоколов Пример: FTP VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V vPath Distributed Virtual Switch VSG FTP Control FTP Data Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
11.
VSG: поддержка прикладных
протоколов Пример: FTP VNMC VM VM VM VM VM VM VM VM VM VM VM VM VM Nexus 1000V vPath Distributed Virtual Switch VSG FTP Data Path is Allowed Bi- Directional in the vPath Flow Table FTP Control FTP Data Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
12.
Пример внедрения:
3-уровневая вычислительная архитектура Web Web Client Client Permit Only Port 22 (SSH) to Block all external access to Permit Only Port 80(HTTP) of Web application servers database servers Servers Web Web App App DB DB Web App DB DB server Server Web Server Server App Server server Server Server server server Server Server Web-zone Application-zone Database-zone Only Permit Web servers Only Permit Application servers access to Application servers access to Database servers Tenant A Policy – Content Hosting Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
13.
VSG: архитектура системы
VM VMWare Attributes Virtual Network Virtual Network VMWare VMWare VMWare vCenter vCenter Management Center Management Center vCenter vCenter (VNMC) (VNMC) VM-to-IP Binding Security Profiles VSM VSM VSN VSM VSG Port Profiles Packets Interactions (slow-path) Packets Packets (fast-path) (fast-path) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
14.
VSG: модель
политики безопасности Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
15.
VSG: политики безопасности
Security Policy is applied per Port-Profile (Port Group) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
16.
Составные элементы политики Security
Profile Policy Set Policy Set Policy 1 Policy 1 Policy 2 Policy 2 Policy N Policy N Rule 1 Rule 1 Rule 1 Rule 2 Rule 2 Rule 2 Rule N Rule N Rule N Правило – ACE; политика – аналог ACL Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
17.
Политики VSG: структура
правил Rule Source Destination Action Condition Condition Condition Attribute Type Network VM Custom VM Attributes Network Attributes Operator Operator Instance Name IP Address eq member Guest OS full name Network Port neq Not-member Zone Name gt Contains Parent App Name lt Port Profile Name range Cluster Name Not-in-range Hypervisor Name Prefix Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
18.
Политики VSG: структура
правил Rule Source Destination Action Condition Condition Condition Attribute Type Network VM Custom VM Attributes Network Attributes Operator Operator Instance Name IP Address eq member Guest OS full name Network Port neq Not-member Zone Name gt Contains Parent App Name lt Port Profile Name range Cluster Name Not-in-range Hypervisor Name Prefix Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
19.
VSG – пример
1a Использование сетевых атрибутов Access Policy Network Attributes – Allow Ping Server A Server A Server B Server B 192.168.1.1 VSG 192.168.1.2 Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
20.
Пример 1a: настройка
Rule Leveraging Network Attribute to allow communication between Server A and Server B Source Destination Action Condition Condition Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
21.
VSG – пример
1b Использование атрибутов VM Access Policy VM Attributes– Allow Ping Server A Server A Server B Server B WebServer VSG Database Server Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
22.
Пример 1b: настройка
Rule Leveraging VM Attribute to allow communication between Server A and Server B Source Destination Action Condition Condition Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
23.
Политики: зоны доверия
QA Zone QA Zone Dev Zone Dev Zone HR Zone HR Zone Finance Zone Finance Zone VDI Zone VDI Zone Tenant A Tenant A Классификация по зонам На основании сетевых и VM атрибутов Возможность применения политик к зонам Внешняя безопасность: между внешним миром и зоной Внутренная безопасность: между зонами и внутри зоны Виртуальная машина может принадлежать ко многим зонам Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
24.
VSG – пример
1c Использование зон безопасности Access Policy Zone Based Policy– Allow Ping Server A Server A Server B Server B Server A Server A Server B Server B Web Server VSG Database Server Zone Zone Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
25.
Пример 1c: настройка
зон Zones are defined by a condition leveraging the attributes e.g. Network, VM or Custom Attributes Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
26.
Пример 1c: использование
зон Rule Leveraging Zone to allow communication between Server A and Server B Source Destination Action Condition Condition Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
27.
Пример 2: многоуровневое
приложение Web Web Client Client Permit Only Port 22 (SSH) to Block all external access to Permit Only Port 80(HTTP) of Web application servers database servers Servers Web Web App App DB DB Web App DB DB server Server Web Server Server App Server server Server Server server server Server Server Web-zone Application-zone Database-zone Only Permit Web servers Only Permit Application servers access to Application servers access to Database servers Policy – Content Hosting Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
28.
Пример 2: политики
с использованием зон VM Attribute Example Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
29.
Virtual Network Management Center
(VNMC) Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
30.
Сохранение логики администрирования
vCenter Nexus 1KV VNMC Port Group Port Profile Security Profile Server Admin Network Admin Security Admin Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
31.
VNMC: иерархия организаций Один
клиент может иметь до 3 подуровней иерархии Поддержка пересекающихся адресов между клиентами Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
32.
VNMC: иерархия администррования
VSG Enforcement can be applied any level of the Tenant “tree” Each tenant must have at least one active VSG VSG “CANNOT” manage across tenants Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
33.
VSG: порядок развертывания
34.
VSG: пример порядка
настройки Using VM/Network Using VM/Network vCenter Attributes Attributes VNMC Create Rules Create Rules Define PortGroup based on based on Zones Zones/Network Zones/Network Conditions Conditions Define Policy VSM Put Policy Set in Put Policy Set in Policy the Security Profile the Security Profile Set Port Profile Create Security Protection Profile Bind the Security Bind the Security Assign Profile to Port Profile to Port Tenant Profile Profile VSG Assign Security Assign Security Profile to Tenant Profile to Tenant VSG VSG Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
35.
Обслуживание разных организаций
Tenant A Standby VSG Standby VSG Tenant B Active VSG Active VSG (Tenant A) Web Zone App Zone QA Zone Dev Zone (Tenant B) VM VM VM VM VM VM VM VM Cisco Cisco Cisco Nexus Nexus Nexus 1000V 1000V 1000V VEM vPath vPath vPath VEM VEM vSphere vSphere vSphere Data Center Network 1000V VSM Cisco Virtual Network VMWare vCenter Management Center Server Server Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
36.
Обслуживание разных организаций
Tenant A Standby VSG Standby VSG Tenant B Active VSG Active VSG (Tenant A) Web Zone App Zone QA Zone Dev Zone (Tenant B) VM VM VM VM VM VM VM VM Cisco Cisco Cisco Nexus Nexus Nexus 1000V 1000V 1000V VEM vPath vPath vPath VEM VEM vSphere vSphere vSphere Security Policies Enforced on Shared Compute Environment vPath Multitenant Aware Data Center Network 1000V Active Stand by VSGs on different Physical Host VSM VMWare vCenter Server Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
37.
Внедрение VSG на
отдельных хостах VSGs VSGs A B Tenant A Tenant B A B Web Zone App Zone QA Zone Dev Zone VM VM VM VM VM VM VM VM vPath vPath vPath Data Center Network 1000V VSM Cisco Virtual Network VMWare vCenter Management Center Server Server Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
38.
Решение VSG –
отказоустойчивость Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
39.
Схема демонстрационного стенда Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
40.
Presentation_ID
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Baixar agora