Container and OpenStack clouds often co-exist in data centers. Monitoring both environments require views into the underlay and overlay infrastructure, but infrastructure monitoring alone is no longer sufficient and needs to be paired with security policy views as containers and microservices are constantly reshaping data center traffic and flow patterns. A visualization GUI that correlates containers and VMs with security policy views provide a powerful tool for any operations team to detect security flow violations in real-time. Enterprises and cloud providers are adopting visualization and monitoring platforms in addition to OpenStack Horizon to keep their infrastructure running with 100% uptime. New tools that help with proactive remediation of issues are being deployed to quickly bring back the system to healthy conditions.

1. OpenStack Summit | Barcelona, Spain
Monitoring Security Policies for
Container and OpenStack Clouds

2. Copyright © PLUMgrid, Inc. 2011-2016
Introduction
Speaker
2
Solutions Architect,
PLUMgrid
Arif
Jamal
Part of the OpenStack community for 3+ years, and over the years have worked with various enterprises,
telcos and service providers to develop their OpenStack based cloud infrastructures and SDN strategy &
architecture. A self-motivated and passionate professional having 7+ years of experience in data center
technologies, telecommunications, virtualization and software defined networking.

3. Copyright © PLUMgrid, Inc. 2011-2016
Cloud Infrastructure Trends
3
2003 2010 2017
• Routers, switches, compute
• Usual hardware suspects
• Static architecture
• Private/Hybrid
• Reduced cost of Infra
• Self hosted and controlled env
• OS & Containers
• Flexible, scalable, elastic
• Dynamic, agile, self-service
• Cloud-Native app Dev

4. Copyright © PLUMgrid, Inc. 2011-2016
Virtual & Physical Network Infrastructure
4
Micro-segmentation, VNFs, Security Policies for OpenStack and Containers
4
Physical Network Infrastructure
• QoS, Bandwidth & Latency
• Multicast
• Capacity
• Connectivity
Virtual Network Infrastructure
• Rich set of Network Functions
• Isolation & Micro-segmentation
• Policy-based security/filtering
• Advanced Analytics
• Portable across any platform
Virtual Domain C
Overlay Network Abstraction

5. Copyright © PLUMgrid, Inc. 2011-2016
“Overlay-based” Networking Model
• Multi-tenancy achieved by “overlaying” MAC-in-IP ‘Tunnels’ onto the physical switch fabric (underlay,
transport network)
• Encapsulation header (VXLAN, NVGRE, STT) convey tenant network ID to enable full isolation and
overlapping IP Address spaces support
• Software layers to implement routing / switching operations within and across tenant networks

6. Copyright © PLUMgrid, Inc. 2011-2016
• Text heavy, rows of data
• Individual components
• Weak virtual & physical view
• Not intuitive
• Limited accuracy
• Not real-time data
Traditional tools won’t cut it

7. Copyright © PLUMgrid, Inc. 2011-2016
PLUMgrid CloudApexTM
7
Zero Day Operations
Bridges gap in expertise in
Enterprises for private cloud
environments
Problem Isolation
Effectively pinpoints issues
across virtual/physical
infrastructure
Configurable and
Extensible
From PLUMgrid, to cloud and
3rd party components
Cloud Visualization platform displaying real-time status of virtual and
physical resources in an private data center environment

8. Copyright © PLUMgrid, Inc. 2011-2016
PLUMgrid CloudApex™ Highlights
8

9. DEMO
9

10. Copyright © PLUMgrid, Inc. 2011-2016
Demo: PLUMgrid CloudApex
10
Overview
Visualization of SDN Layer in an Private
Cloud Deployment
Use Case
Enable Operational Teams supporting
Private/Public Cloud environments
What to expect
Dynamic rendering of virt/phys resources
Dynamic rendering of heatmap functionality
Environment

11. Visit Us @Booth B37
THANK YOU!
www.plumgrid.com