Mais conteúdo relacionado Semelhante a Secure Access – Anywhere by Prisma, PaloAlto (20) Mais de Prime Infoserv (20) Secure Access – Anywhere by Prisma, PaloAlto3. Enabling a Secure Mobile Workforce
3 | © 2020 Palo Alto Networks, Inc. All rights reserved.
“India Lockdown for 3 weeks”
“Teachers need to be prepared to educate remotely”
“We only have capacity to supply remote access to
20% of our workforce”
“We do not have the network capacity to support
over 50% of our users working remotely”
Enabling a secure
mobile workforce
is of primary
concern to
organizations
right now
4. Situation: Remote Access Capacity Challenge
Remote access VPN traffic is backhauled to the data center
PUBLIC CLOUD /
SaaS / INTERNET
DATA CENTER
(PRIVATECLOUD)
MOBILE
USERS
Under-Architected Remote Access
• Finite Scalability: Adding hardware is the only
contingency option
• Deployment Challenges: Procurement,
hardware implementation, connectivity,
location challenges
• User Experience/Internet Connectivity:
Customers may not have Internet capacity to
route all internet traffic through their internet
circuits via datacenter (bi-directional)
4 | © 2020 Palo Alto Networks, Inc. All rights reserved.
5. A Single Platform to Connect and Secure Everything
SaaS
PUBLIC
CLOUD
INTERNET
DATA
CENTER
BRANCH
RETAIL
MOBILE
2019 Palo Alto Networks. All Rights Reserved.
HQ
6. 6 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Scale Remote Access with the Strata Firewall Platform
Same Security - 3 Consumption Models
On-Premise
Expand NGFW scale in
your existing GP
gateways
Add GlobalProtect to
existing NGFWs
Rapid Expansion and
Hybrid
Quickly add scale to your
on-prem gateways
Hybrid Public Cloud/DC
gateways
Cloud-Delivered
The cloud becomes your
distributed head-end
Reduce constraints on
your network
No scale or capacity
planning burden
7. Prisma Access is designed for providing secure cloud access
from anywhere
DATA CENTER
(PRIVATECLOUD)
PUBLIC CLOUD /
SaaS / INTERNET
MOBILE
USERS
Solution: Prisma Access
Scalable Remote Access for
Mobile Users
• Deploy quickly: In the cloud, the internet or
the data center
• Global Reach: Remote Access with
connections to the cloud to over 100
locations
• Dynamic Scale up, Scale down: Leveraging
the cloud to ramp with customer demand
7 | © 2020 Palo Alto Networks, Inc. All rights reserved.
8. 8 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Security as a Service Layer
Network as a Service Layer
SaaS
PUBLIC
CLOUD
INTERNET
HQ/DATA
CENTER
BRANCH
RETAIL
MOBILE
Prisma Access:
The Industry’s Most Comprehensive Secure Access Service Edge
9. Prisma Access
9 | © 2020 Palo Alto Networks, Inc. All rights reserved.
BRANCH
RETAIL
MOBILE
Security as a Service Layer
SSL Decryption CASB Cloud SWGZTNA
DNS
FWaa
S
DLPSandboxing
Network as a Service Layer
SD-WAN IPSec VPN Policy Based Forwarding
Network as a ServiceSSL VPNQoS
SaaS
PUBLIC
CLOUD
INTERNET
HQ/DATA
CENTER
9 | © 2020 Palo Alto Networks, Inc. All rights reserved.
11. Prisma Access - Multi-Tenancy Architecture
Management Plane / Cloud Orchestration / Operations
Single Tenant
Specific Cloud
Instantiated
Data Plane
Multitenant
Management
11 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Customer 1
Tenant
Customer 2
Tenant
Customer 3
Tenant
Tenancy Architecture
Multitenant
management plane
Single tenant data
plane per customer
Avoids performance
and security issues
12. Resilient and Scalable Solution
● Auto-Scaling
○ More intelligent scaling algorithms / approaches - taking multiple inputs
○ Dynamic scaling and different methods
● Monitoring
○ Advanced operational monitoring in place
● Cloud Service Providers partnership
○ Commitments from both GCP and AWS regarding scaling in all regions
13. Situation: Solving the Remote Access Network Capacity Challenge
13 | © 2020 Palo Alto Networks, Inc. All rights reserved.
MOBILE USERS
MOBILE
USERS
MOBILE
USERS
MOBILE
USERS
MOBILE
USERS
MOBILE
USERS
DATA CENTER
DATA CENTER
Limited Internet Circuit
and Gateway Capacity
Public Cloud
SaaS
Web
Inbound remote access user traffic
Internet-bound egress traffic
Cloud fiber network transit traffic
Branch traffic
BRANCH BRANCH
14. Frequent Questions about Cloud-Delivered Remote Access
Q: Are you adding cloud nodes to your data center for this?
A: No, we leverage public cloud services. Just like why you use public cloud, we don’t want to add
boxes to data centers to scale either.
Q: Will other customers using your service impact my performance?
A: No, our platform provides dedicated customer instances (no shared data plane), customers do
not compete with others for resources.
Q: How many locations are included with Prisma Access, and how much does it cost to add
more?
A: All edge locations are available for all customers, there is no additional cost to leverage all of
them.
Q: Are you expanding capacity for new customers?
A: We don’t need to. We have been onboarding new customers daily and there has been no
impact to other customers
14 | © 2020 Palo Alto Networks, Inc. All rights reserved.
15. Prisma Access - Tenancy Architecture
Management Plane / Cloud Orchestration / Operations
Single
Tenant
Specific
Cloud
Instantiated
Data Plane
Multitenant
Management
15 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Customer 2
Tenant
Customer 3
Tenant
Customer 1
Tenant
Tenancy Architecture
Multi-tenant
management plane
Single tenant data
plane per customer
Avoids performance
and security issues
16. 16 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Security as a Service Layer
Network as a Service Layer
SaaS
HQ/DATA
CENTER
PUBLIC
CLOUD
INTERNET
BRANCH
RETAIL
MOBILE
STRATA Firewall Platform
The Industry’s Most Comprehensive Secure Access Service Edge
17. STRATA Firewall Platform
17 | © 2020 Palo Alto Networks, Inc. All rights reserved.
BRANCH
RETAIL
MOBILE
Security as a Service Layer
SSL Decryption CASB Cloud SWGZTNA
DNS
FWaa
S
DLPSandboxing
Network as a Service Layer
SD-WAN IPSec VPN Policy Based Forwarding
Network as a ServiceSSL VPNQoS
SaaS
PUBLIC
CLOUD
INTERNET
HQ/DATA
CENTER
17 | © 2020 Palo Alto Networks, Inc. All rights reserved.
18. Clientless / Browser-based Access
Unmanaged / BYO
Connecting Mobile Users to STRATA
18 | © 2020 Palo Alto Networks, Inc. All rights reserved.
GP client can be installed on home
PC via link provided by admin
Managed
SaaS HQ/DATA
CENTER
INTERNET
PUBLIC
CLOUD
19. Prisma Access
(as a Service)
STRATA: Use Case Flexibility through Firewall as a Platform
19 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Single Policy and
Management
Cortex XDR,
XSOAR for Context
and Automation
NextGen Firewall
(Physical)
VM-Series
(Virtual)
Panorama
20. (Offer 1)
Points of clarification:
● Ensure the network capacity for the additional user traffic has been reviewed
○ If most traffic is internet bound Prisma Access may be more applicable
● Expedited shipping follows standard process
How to:
● Have the customer log into their CSP
● Goto Support -> Assets -> Devices and click the pencil icon in the Actions column
● Click Activate Trial License -> select the licenses they with to test -> click Agree and Submit
If they have previously activated this license and it is expired, then you can email SalesOps with the device serial # and ask them to process a Trial license extension.
20 | © 2020 Palo Alto Networks, Inc. All rights
reserved.
21. Cloud Delivered
Remote access VPN traffic goes through the SASE in the cloud
Remote Access Architecture Options
On-Prem
Remote access VPN traffic is backhauled to the data center
PUBLIC CLOUD /
SaaS / INTERNET
DATA CENTER
(PRIVATECLOUD)
DATA CENTER
(PRIVATECLOUD)
MOBILE
USERS
PUBLIC CLOUD /
SaaS / INTERNET
MOBILE
USERS
22. 22 | © 2020 Palo Alto Networks, Inc. All rights reserved.
(Offer 2)
Points of clarification:
● FREE DEPLOYMENT SERVICES → SKU : PAN-CONSULT-GPCS-ACCEL
○ SoW scope, terms & conditions CANNOT be negotiated
○ Order must be booked within 90 days
● Only applies to Prisma Access Mobile Users in response to COVID-19
● NEW Prisma Access customers = customers that have NOT owned Prisma Access before today
How to:
● AM NSP request to DD and Sales Ops apply 100% discount (with quote comment “COVID-19”)
○ Standard approval process will then execute
○ Standard SoW process will be initiated via this link
○ Signed SoW is required for booking the order (standard process)
23. 23 | © 2020 Palo Alto Networks, Inc. All rights reserved.
(Offer 3)
Points of clarification:
● Prisma Access Mobile Users ONLY…..not Prisma Access Remote Networks
● Spikes are unbounded…..expectation should be 2-3X
● New customers today = EXISTING customers tomorrow
○ New customers that have immediate spikes will be monitored/reported on
How to:
● No action required - customer needs to ignore admin warnings within Panorama
24. Our Commitment to Our Customers:
Solutions to help during this COVID-19 Outbreak
24 | © 2020 Palo Alto Networks, Inc. All rights
Prisma Access
Quickstart Service
GP 90-Day
Subscription
Prisma Access
Additional Licensing
For new Prisma Access
mobile customers, free
accelerated deployment
and onboarding
Free 90-day
GlobalProtect
subscription trial for
existing customers
For existing Prisma
Access customers who
need more capacity, no-
cost spike coverage
25. Our Rapid Response Email
Please direct all COVID-19 related inquiries to:
rapid-response@paloaltonetworks.com
25 | © 2020 Palo Alto Networks, Inc. All rights reserved.
27. Thank you
27
● Thank you for your attendance and kind co-operations
● Please submit your feedback from which you will receive by mail.
● The session video, presentation etc. will be available on Prime YouTube Channel,
Slideshare and Facebook
● There are upcoming interesting sessions in the coming days, if you have not yet
registered, please register soon.
28. Stay Tuned for the upcoming programs
2nd April (4pm - 5.30pm)
Application Delivery - Scaling
Capacity & Availability: Mr.Tarun
Verma, A10 Networks
Webex Link:
https://meetingsapac.webex.com/meet
ingsapac/j.php?MTID=m41f69a4efcf49
01a59479ec0dec96501
Meeting number: 577 492 175
Password: adc@123
3rd April (4pm - 5.30pm)
ONE Platform - Connecting
Everything: Mr.Vivek Srivastava,
Soti
Webex Link:
https://meetingsapac.webex.com/meet
ingsapac/j.php?MTID=m3ffe0d1ccd19
b819dfe80e1d6083bfc9
Meeting number: 576 456 660
Password: soti@123
1st April (4pm - 5.30pm)
Email Security – Everyone is a
Target
-Mr.Ishtiyaq Shah, FireEye
Webex link
:https://meetingsapac.webex.com/meeti
ngsapac/j.php?MTID=mf1556de342a8c
9fc26cbc02b10b48016
Meeting number: 577 927 955
Password: es@123