Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Protegendo sua cloud

445 Aufrufe

Veröffentlicht am

Como proteger sua Cloud?

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Protegendo sua cloud

  1. 1. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Protegendo sua Cloud Fabiane Paulino Consulting System Engineer, Security Luis Matos Solutions Architect, Security CCIE x5 #17528
  2. 2. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 •  Cloud Solution Overview •  Cloud Security Design •  Edge Layer Security (Internet / MPLS) Anti DDoS Threat Defense •  Services Layer Security Access Control Security Segmentation - Trustsec •  Virtual Access Customer Security Monitoring •  Network as a Sensor Events Correlation Attacks Proactive Mitigation
  3. 3. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 3 Cloud Solution Overview
  4. 4. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Business  Need   Silo   Silo   Silo   Applica'ons   Servers   Network   Storage   Ethernet,     FC,  IB   Virtualized  Dynamic  Resource  Pool   Business  Need   Virtualiza8on-­‐ Aware  Network   Virtualiza'on-­‐Aware   Network  Infra   Virtualized   Servers   Virtualized   Storage   Automa8on   Applica8ons   Manual   •  Silo  resource  pools   •  Longer  provisioning  'me   Project-­‐ based   Ver'cal   solu'ons   IT  Service   Holis'c  Solu'on   •  Scalable,  Modular  and  Elas'c  
  5. 5. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 5 vLB vFW Storage Array Cloud Servers Vblock POD Virtual Multi-tenant DC Storage vSphere vCenter VMware Infrastructure Orchestration & Provisioning Mgmt Pod Cloud Administration Self-Service Portal Service Catalog Service On-boarding
  6. 6. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 6 BRONZE  SILVER  GOLD   VMFS  LUN/data  store   VMDK   VMDK   VMDK   Block  based  storage   Applica'on  Database   Web   Applica'on  Database   Web   Applica'on   Database   Web   VMFS  LUN/data  store   VMDK   VMDK   VMDK   VMDK   VMDK   VMDK   VMFS  LUN/data  store  
  7. 7. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 7 Cloud Security Design
  8. 8. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Agg/ Access IP/MPLS Aggregation/ Access Services Core Virtual Access / Compute Nexus 7010 Nexus 1000 DNS, Firewall, SLB, ETC… UCS blade chassis Wan/ Edge Virtual Machines Outside VRF Inside VRF 1 2 3
  9. 9. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 IP/MPLS Core Nexus 7010 Wan/ Edge CRS-1 40G40G 1
  10. 10. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Carrier-ClassModular Multi-Service Security Benefits •  Integration of best-of-breed security •  Dynamic service stitching •  Advanced orchestration Features* •  ASA container •  Firepower Threat Defense containers •  NGIPS, AMP, URL, AVC •  3rd Party containers •  Radware DDoS •  Other ecosystem partners Benefits •  Standards and interoperability •  Flexible Architecture Features •  Template driven security •  Secure containerization for customer apps •  Restful/JSON API •  3rd party orchestration/management Benefits •  Industry Leading Performance / RU •  600% Higher Performance •  30% higher port density Features •  Compact, 3RU form factor •  10G/40G I/O; 100G ready •  Terabit backplane •  Low latency, Intelligent fastpath •  NEBS ready Carrier Inspection •  GTPv2, CGNAT, SIP, Diameter, SCTP; * Contact Cisco for services availability
  11. 11. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Agg/ Access IP/MPLS Services Virtual Access / Compute Nexus 7018 Nexus 1000 DNS, Firewall, SLB, ETC… UCS blade chassis UCS 6140 Virtual Machines 40G 40G UPPER LAYERS ASA (Concentrador de VPN) ISE (AuthC+AuthZ+SGT) Local DNS (Name Resolution) 2
  12. 12. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 IP/MPLS Virtual Access / Compute Nexus 1000 UCS blade chassis Virtual Machines UPPER LAYERS FirePower Threat Defense Protection 3
  13. 13. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Agg/ Access Aggregation/ Access Services Core Virtual Access / Compute Nexus 1000 DNS, Firewall, SLB, ETC… UCS blade chassis Wan/ Edge Virtual Machines Flow Collector (Netflow) Sensor (TAP) StealthWatch Console StealthWatch IdentityISE
  15. 15. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  16. 16. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 •  Intercloud Fabric Security •  Application Centric Infrastructure Security
  18. 18. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 18 Q&A
  19. 19. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 19 Thank you !

×