The document discusses Palo Alto Networks firewall orchestration using CloudStack. It provides an overview of the speakers, project objectives to integrate Palo Alto firewalls with CloudStack, and the approach taken. This includes pre-configuring the Palo Alto device, adding it as a service provider in CloudStack, creating network offerings, and demonstrating how firewall, NAT, and forwarding rules are configured on the Palo Alto when networks and VMs are deployed through CloudStack.
4. www.paloaltonetworks.com www.cloudops.com@cloudops_ www.cloudops.com
CloudOps Overview
• CloudOps specializes in building, supporting
and operating cloud computing platforms
(private, public, and hybrid)
• Unique expertise with load balancing built
over 14 years of experience
• Unique expertise with EUEM and APM from
Coradiant background
• Develops best-in-class cloud architectures
and operational models
• Customers in Canada, US and Europe
• Based in Montreal, Canada
5. www.paloaltonetworks.com www.cloudops.com
Palo Alto Networks at a glance
Corporate highlights
Founded in 2005; first customer shipment in 2007
Safely enabling applications
Able to address all network security needs
Exceptional ability to support global customers
Experienced technology and management team
1,000+ employees globally
6. www.paloaltonetworks.com www.cloudops.com
Palo Alto - Safe application enablement
• Identify, control, and safely enable
all applications by user
• Inspect content for known and
unknown threats in real time
• High throughput and performance
• Simplify infrastructure and reduce TCO
• Enable diverse deployment scenarios
Our fundamentally new approach:
8. www.paloaltonetworks.com www.cloudops.com@cloudops_ www.cloudops.com
More Why.
Some clouds have important security
requirements not met by CS-VR
There is often a need for greater visibility
and advanced security services (i.e.
content filtering)
Typical examples: Enterprise private
clouds, PCI compliance for online business,
Enterprise-targeted service providers,
often telecom providers.
9. www.paloaltonetworks.com www.cloudops.com@cloudops_ www.cloudops.com
What?
Project Objectives
• Support of CloudStack advanced network topology.
• Support of multiple Palo Alto Networks firewalls.
• Support of parallel deployment with hardware load-balancer (e.g.:
Netscaler).
• Configuration of connectivity with Palo Alto Networks firewall
through CloudStack UI and persistence of this information.
• Allow the selection of Palo Alto firewall when defining CloudStack
network service offering for:
– Firewall (Ingress & Egress)
– Source NAT
– Static NAT
– Port forwarding
• Communication layer with Palo Alto APIs.
• Mapping of CloudStack APIs to corresponding Palo Alto APIs.
• Proper display of Palo Alto connectivity status in CloudStack UI.
• Functional/Integration testing on PA-3020 platform (version 5.0.0)
• Full documentation of the solution (architecture, design, APIs)
22. www.paloaltonetworks.com www.cloudops.com@cloudops_ www.cloudops.com
FAQ
Q: Is it open source?
A: Yes - will be contributed to CloudStack.
Q: What is it based on?
A: Current dev is based on 4.2 Master branch circa
a few weeks ago
Q: Which release of CS will it be included in
A: Depending on the next steps and funding,
probably 4.3
Q: What’s planned next?
A: Glad you asked