O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Protegendo sua cloud

444 visualizações

Publicada em

Como proteger sua Cloud?

Publicada em: Tecnologia
  • Seja o primeiro a comentar

Protegendo sua cloud

  1. 1. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Protegendo sua Cloud Fabiane Paulino Consulting System Engineer, Security Luis Matos Solutions Architect, Security CCIE x5 #17528
  2. 2. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 •  Cloud Solution Overview •  Cloud Security Design •  Edge Layer Security (Internet / MPLS) Anti DDoS Threat Defense •  Services Layer Security Access Control Security Segmentation - Trustsec •  Virtual Access Customer Security Monitoring •  Network as a Sensor Events Correlation Attacks Proactive Mitigation
  3. 3. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 3 Cloud Solution Overview
  4. 4. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Business  Need   Silo   Silo   Silo   Applica'ons   Servers   Network   Storage   Ethernet,     FC,  IB   Virtualized  Dynamic  Resource  Pool   Business  Need   Virtualiza8on-­‐ Aware  Network   Virtualiza'on-­‐Aware   Network  Infra   Virtualized   Servers   Virtualized   Storage   Automa8on   Applica8ons   Manual   •  Silo  resource  pools   •  Longer  provisioning  'me   Project-­‐ based   Ver'cal   solu'ons   IT  Service   Holis'c  Solu'on   •  Scalable,  Modular  and  Elas'c  
  5. 5. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 5 vLB vFW Storage Array Cloud Servers Vblock POD Virtual Multi-tenant DC Storage vSphere vCenter VMware Infrastructure Orchestration & Provisioning Mgmt Pod Cloud Administration Self-Service Portal Service Catalog Service On-boarding
  6. 6. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 6 BRONZE  SILVER  GOLD   VMFS  LUN/data  store   VMDK   VMDK   VMDK   Block  based  storage   Applica'on  Database   Web   Applica'on  Database   Web   Applica'on   Database   Web   VMFS  LUN/data  store   VMDK   VMDK   VMDK   VMDK   VMDK   VMDK   VMFS  LUN/data  store  
  7. 7. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 7 Cloud Security Design
  8. 8. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Agg/ Access IP/MPLS Aggregation/ Access Services Core Virtual Access / Compute Nexus 7010 Nexus 1000 DNS, Firewall, SLB, ETC… UCS blade chassis Wan/ Edge Virtual Machines Outside VRF Inside VRF 1 2 3
  9. 9. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 IP/MPLS Core Nexus 7010 Wan/ Edge CRS-1 40G40G 1
  10. 10. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Carrier-ClassModular Multi-Service Security Benefits •  Integration of best-of-breed security •  Dynamic service stitching •  Advanced orchestration Features* •  ASA container •  Firepower Threat Defense containers •  NGIPS, AMP, URL, AVC •  3rd Party containers •  Radware DDoS •  Other ecosystem partners Benefits •  Standards and interoperability •  Flexible Architecture Features •  Template driven security •  Secure containerization for customer apps •  Restful/JSON API •  3rd party orchestration/management Benefits •  Industry Leading Performance / RU •  600% Higher Performance •  30% higher port density Features •  Compact, 3RU form factor •  10G/40G I/O; 100G ready •  Terabit backplane •  Low latency, Intelligent fastpath •  NEBS ready Carrier Inspection •  GTPv2, CGNAT, SIP, Diameter, SCTP; * Contact Cisco for services availability
  11. 11. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Agg/ Access IP/MPLS Services Virtual Access / Compute Nexus 7018 Nexus 1000 DNS, Firewall, SLB, ETC… UCS blade chassis UCS 6140 Virtual Machines 40G 40G UPPER LAYERS ASA (Concentrador de VPN) ISE (AuthC+AuthZ+SGT) Local DNS (Name Resolution) 2
  12. 12. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 IP/MPLS Virtual Access / Compute Nexus 1000 UCS blade chassis Virtual Machines UPPER LAYERS FirePower Threat Defense Protection 3
  13. 13. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Agg/ Access Aggregation/ Access Services Core Virtual Access / Compute Nexus 1000 DNS, Firewall, SLB, ETC… UCS blade chassis Wan/ Edge Virtual Machines Flow Collector (Netflow) Sensor (TAP) StealthWatch Console StealthWatch IdentityISE
  15. 15. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  16. 16. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 •  Intercloud Fabric Security •  Application Centric Infrastructure Security
  18. 18. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 18 Q&A
  19. 19. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 19 Thank you !

×