MMC3066BU How Do You Use Network Insights' SaaS to …...MMC3066BU How Do You Use Network Insights'...
Transcript of MMC3066BU How Do You Use Network Insights' SaaS to …...MMC3066BU How Do You Use Network Insights'...
Anuj Jaiswal Sean O’Dell
MMC3066BU
#VMworld #MMC3066BU
How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Anuj Jaiswal Sean O’Dell
MMC3066BU
#VMworld2017 #MMC3066BU
How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
1 Moving to a Hybrid World
2 The micro-segmentation approach
3Visibility – Key to a successful
micro-segmentation strategy
4Step-by-Step demo: Securing an
application at its core and operating
a micro-segmented environment
#MMC3066BU CONFIDENTIAL 4
VMworld 2017 Content: Not fo
r publication or distri
bution
Consistent InfrastructureVM Infrastructure • Container Infrastructure
Consistent OperationsManagement and Operations • Across Clouds
VMware Cloud Infrastructure Public Cloud IaaS
VISIBILITY OPERATIONS AUTOMATION SECURITY GOVERNANCE
Cloud Management
VMware Cloud Services
Cloud Native AppsTime to market • Innovation • Scale • Differentiation
Existing AppsReduce Costs • Security • Reliability • Control
CONTAINERSVIRTUAL MACHINES
VMware CloudRun, Manage, Connect, Secure Any App on Any Cloud to Any Device
VMware Cloud on AWSfor VMware
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud ServicesManage, Govern and Secure Public and Private Cloud Apps
6
Discovery
Cost Insight
NSX Cloud
Network Insight
AppDefense
Wavefront
ON PREMISES DATA CENTER
Visibility into apps and resources they consume. Analyze usage and utilization across clouds.
Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.
Secure networks with micro-segmentationCreate private networks within or across clouds.
Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.
Metrics-driven monitoring and real-time analytics.
Governance for running workloads.VMworld 2017 Content: Not fo
r publication or distri
bution
7
Public Cloud
East-West
>80%
North-South
DATA CENTER PERIMETER
• What are my apps? Where are they?
• How are they communicating?
• Who is talking to whom?
• What’s protected, what’s not?
• Is it changing?
A shift towards SDDC and Hybrid Applications
VMworld 2017 Content: Not fo
r publication or distri
bution
8
DATA CENTER
DATA CENTER PERIMETER
Low priority systems are often targeted first.
Attackers can move freely within the data center or VPC
Attackers then gather andexfiltrate the valuable data.
AWS
Our security realitiesWhen threats breach the perimeter, it’s hard to stop lateral spread
VMworld 2017 Content: Not fo
r publication or distri
bution
99
Every VM/Instance can have:
Individual security policies
Individual firewalls
Protect every piece of communication
AWS
DATA CENTER
DATA CENTER PERIMETER
What if you could…Enforce security at the most granular level
VMworld 2017 Content: Not fo
r publication or distri
bution
1010
DB
Web
App
Granular threat containment
Logical policy grouping
Simplified security policy
What if you could…Apply that level of security across an entire application
AWS
VMworld 2017 Content: Not fo
r publication or distri
bution
11
3600 Visibility & Analytics,
Problem Detection,
Change Tracking
Ensure Best Practices,
Health and Availability of
NSX
Analyze Application
Behavior, Plan Micro-
segmentation, Ensure
Compliance
Network InsightPervasive Visibility, Micro-segmentation Automation, Continuous
Ops
VMworld 2017 Content: Not fo
r publication or distri
bution
12
Continuous
Operations
Real-time Search
& Analytics
Converged
Visibility
SecurityFirewall Compute
NetworkWorkloads
Physical
Flows
Built for Next Gen Visibility & Operations to SDDC & Cloud
Troubleshooting ComplianceAlertingPlanning Automation
Virtual Cloud
Network Insight Platform
Applications, Security Policies, Network Connectivity
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware
Cloud on AWS
Getting ready for a hybrid world
CONFIDENTIAL
Private DC
AWS Direct
Connect
NSX
Customer’s
VMC/AWS Instance
VMware Cloud
on AWS
WebWeb
DB App
Flows & Triffic
NSX
Gateway • Connectivity• Bandwidth
• Firewall Rules
Private Cloud
App
Cloud Assessment / Migration Planning
• Discover On-Premise/Brown-field Apps -Network Dependencies and Flows
• Bandwidth Modeling - How much Traffic will Flow across WAN/Direct Connect Link
• Security Assessment - Firewall Ports that need to be opened for connectivity between VMC and On-Premise
13
VMworld 2017 Content: Not fo
r publication or distri
bution
Securing AWS Workloads
AWS (Native) Visibility and Security
• Discovery of VPCs, VMs, Tags, SG
• Dynamic Flow Analysis, security planning and micro-seg views for AWS workloads (using VPC Flow Logs). Who is talking to whom
• Security Troubleshooting & Operations – SG and firewall dashboards. Troubleshooting connectivity & misconfiguration of FW. Who can talk to whom
• Flow correlation back to on-premise vSphere/NSX. Hybrid topology views
CONFIDENTIAL
Private Cloud AWS Cloud
Gateway
14
VMworld 2017 Content: Not fo
r publication or distri
bution
Network InsightDemo
VMworld 2017 Content: Not fo
r publication or distri
bution
Request Access @ cloud.vmware.com
VMworld 2017 Content: Not fo
r publication or distri
bution
17
MMC1464QU How to Use Cloud Formations in vRealize Automation to Build Hybrid Applications That Span and Reside On-Premises & on VMware Cloud on AWS and AWS Cloud Quick Talk Vijay Raghavan, Manu Prasanna
MMC1532BU Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads: Part 2 Breakout Session Amol Tipnis, Percy Wadia
MMC2046BU Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads: Part 1 Breakout Session Amol Tipnis, Percy Wadia
MMC2210BU Best Practices: How the City of New York Has Configured AWS for the Best vRealize Automation Integration Breakout Session Stefan Andrieux
MMC2256BU Watching the Clouds: Challenges with Monitoring Hybrid Cloud Environments Breakout Session Craig Lee, John Dias
MMC2455BU On-Demand Disaster Recovery for Enterprise Applications with the VMware Cloud on AWS Breakout Session GS Khalsa, Mohan Potheri, Potheri Mohan
MMC2623BU Integrated Multicloud Management for Automating Standardized Security and Governance in Federal Agencies Breakout Session Kris Ostergard, Sean VanDruff, Douglas Bourgeois
MMC2820BU Deploying Applications into AWS EC2 with VMware Cross-Cloud Services Breakout Session Bahubali Shetti, Bill shetti
MMC2877BU Deep Dive into Cost Insight: Understand, Analyze, and Optimize Your Cloud Expenses (Cross-Cloud Service) Breakout Session Kumar Gaurav, Kameswaran Subramanian
MMC2884GU Manage Cross-Cloud Applications Using vRealize Operations Insight Group Discussion Karl Fultz, Manish Bhaskar
MMC2888GU How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check Group Discussion Burt Toma
MMC3062BU How Customer XYZ Secures and Monitors On-Premises Software-Defined Data Center Virtual and Physical Networks Using Network Insight SaaS Breakout Session Sean O'Dell, Manish Bhaskar
MMC3066BU How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native? Breakout Session Sean O'Dell, Anuj Jaiswal
MMC3074BU 3 ways to use VMware’s new Cross-Cloud SaaS Services to efficiently run workloads across AWS, Azure and vSphere: VMware and Customer technical session Breakout Session Jason Walker, Burt Toma
MMC3110PU How IT Can Enable Development Teams to Build Apps on AWS, Azure, and VMware Without Compromising on Costs and Security Panel Discussion Mark Leake, Ben Mitchell
MMC3112BU Customer Story: Monitoring Costs and Rightsizing Workloads in AWS, Azure, and VMware-Based Clouds Breakout Session Nikhil Girdhar
MMC3164BU How Data Science is Transforming Operations: The Wavefront Story Breakout Session Dev Nag
MMC3165BU Becoming a DevOps Superhero: Introduction to Wavefront for Optimizing Cloud-Native Applications Breakout Session Stela Udovicic, Demetri Mouratis
MMC3321BUS Move, Manage, Use: The New Hybrid IT Breakout Session Donald Foster, Don Foster, Deepak Verma
MMC3406BUS Cloudy Days Ahead!! Leverage F5 to provide application continuity and consistent security policy provisioning and enforcement in an intercloud world. Breakout Session Kent Munson
MMC3424SU VMware Cloud Services and how you can leverage SaaS for your vSphere data center or the public cloud. Spotlight Session Guido Appenzeller
Sessions, Booth and Theatre Presentations for VMware Cloud Services
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution