• Home

  • Documents

  • FORTINET AND CLOUDIFY SECURITY SOLUTION · FORTINET AND CLOUDIFY SECURITY SOLUTION Comprehensive...
2
SOLUTION BRIEF FORTINET AND CLOUDIFY SECURITY SOLUTION Comprehensive Security supported by Advanced NFV Orchestration Network Function Virtualization (NFV) is hitting the mainstream in the IT industry. Network functions are being decoupled from hardware and are shipped and delivered as virtual functions in the form of virtual appliances. While this brings with it a lot of flexibility and new opportunities, it comes with its own set of new challenges - mostly related to effective management of virtual functions. Installation and configuration of a physical appliance is a process which is fully controlled: logistics, delivery, installation, and configuration. The person who installs it needs to know cabinet wiring, and even ensure that a proper site survey is conducted in advance. There are a number of steps which can be check-points. In a virtual world, we need proper software assistance to control this process - because, today with software-driven network functions, we can instantiate hundreds of firewalls with a single click of a button. Therefore, in an NFV era, there is a critical need for software-assisted orchestration and configuration. Cloudify and Fortinet recently established a technology partnership to address the above challenges in order to help organizations rapidly and effectively provision and deploy new services and secure their deployments. SOLUTION DESCRIPTION Cloudify, coupled with Fortinet’s best of breed security technology, enables customers to receive a fully tested and validated solution with a layer of dynamic services on top to be able to leverage the promise of the cloud. The Fortinet FortiGate virtualized appliance is orchestrated by Cloudify Manager, where Cloudify is able to fulfill the roles of VNFM and NFVO in the context of ETSI MANO, providing full lifecycle automation - scale, heal, and rollback. By serving as the VNFM, Cloudify translates the TOSCA-based VNFD (VNF Descriptor) template into a set of actions which help instantiate the FortiGate VNF on top of any VIM/NFVI. Once the VNF is instantiated, services can be provisioned, and this is performed by the NFVO function. A unique benefit for customers is being able to have both the VNFM and NFVO leverage the same TOSCA modeling paradigms through the Cloudify Manager. The award-winning Fortinet FortiGate network security platform integrates into the Cloudify TOSCA orchestration platform to provide comprehensive security protection. FortiGate firewalls offer protection from a diversity of threats, with support for all of the security and networking services offered by the FortiOS operating system. FortiGate provides high performance, layered security services and granular visibility for end to end protection across the entire network. FortiGate is a key part of the Fortinet Security Fabric, which enables security components to collect and share intelligence between devices, systems and partners, support unified management, and synchronize and automate responses to threats. The open, end-to-end fabric of security solutions – woven together to scale and adapt as business demands change – enables organizations to address the full spectrum of challenges they currently face across the expanding attack surface. The FortiGate platform also leverages global threat intelligence to protect individual customers, by using Fortinet’s FortiGuard Security Subscription Services to enable visibility and control for next- generation protection against advanced threats, including zero-day attacks. Cloudify Manager is an open source cloud orchestration platform, native to NFV, that is model- driven and based on the TOSCA (Topology and Orchestration Specification for Cloud Applications) standard and built to automate the entire application lifecycle. Developers model their topology once, using a standard-based service modeling language (in YAML format), describing the desired SOLUTION BENEFITS n Comprehensive security n Standards-based integration, using TOSCA-based orchestration n VNFM & NFVO functionality supported by single platform: Cloudify Manager n Leverage the industry’s best validated security protection offered by Fortinet’s award-winning FortiGate network security platform to protect against sophisticated cyber-threats.

FORTINET AND CLOUDIFY SECURITY SOLUTION · FORTINET AND CLOUDIFY SECURITY SOLUTION Comprehensive Security supported by Advanced NFV Orchestration Network Function Virtualization (NFV)

  • Upload
    buidat

  • View
    283

  • Download
    0

Embed Size (px)

Citation preview

Page 1: FORTINET AND CLOUDIFY SECURITY SOLUTION · FORTINET AND CLOUDIFY SECURITY SOLUTION Comprehensive Security supported by Advanced NFV Orchestration Network Function Virtualization (NFV)

SOLUTION BRIEF

FORTINET AND CLOUDIFY SECURITY SOLUTIONComprehensive Security supported by Advanced NFV Orchestration

Network Function Virtualization (NFV) is hitting the mainstream in the IT industry. Network functions are being decoupled from hardware and are shipped and delivered as virtual functions in the form of virtual appliances. While this brings with it a lot of flexibility and new opportunities, it comes with its own set of new challenges - mostly related to effective management of virtual functions. Installation and configuration of a physical appliance is a process which is fully controlled: logistics, delivery, installation, and configuration. The person who installs it needs to know cabinet wiring, and even ensure that a proper site survey is conducted in advance. There are a number of steps which can be check-points. In a virtual world, we need proper software assistance to control this process - because, today with software-driven network functions, we can instantiate hundreds of firewalls with a single click of a button.

Therefore, in an NFV era, there is a critical need for software-assisted orchestration and configuration.

Cloudify and Fortinet recently established a technology partnership to address the above challenges in order to help organizations rapidly and effectively provision and deploy new services and secure their deployments.

SOLUTION DESCRIPTION

Cloudify, coupled with Fortinet’s best of breed security technology, enables customers to receive a fully tested and validated solution with a layer of dynamic services on top to be able to leverage the promise of the cloud. The Fortinet FortiGate virtualized appliance is orchestrated by Cloudify Manager, where Cloudify is able to fulfill the roles of VNFM and NFVO in the context of ETSI MANO, providing full lifecycle automation - scale, heal, and rollback. By serving as the VNFM, Cloudify translates the TOSCA-based VNFD (VNF Descriptor) template into a set of actions which help instantiate the FortiGate VNF on top of any VIM/NFVI.

Once the VNF is instantiated, services can be provisioned, and this is performed by the NFVO function. A unique benefit for customers is being able to have both the VNFM and NFVO leverage the same TOSCA modeling paradigms through the Cloudify Manager.

The award-winning Fortinet FortiGate network security platform integrates into the Cloudify TOSCA orchestration platform to provide comprehensive security protection. FortiGate firewalls offer protection from a diversity of threats, with support for all of the security and networking services offered by the FortiOS operating system. FortiGate provides high performance, layered security services and granular visibility for end to end protection across the entire network.

FortiGate is a key part of the Fortinet Security Fabric, which enables security components to collect and share intelligence between devices, systems and partners, support unified management, and synchronize and automate responses to threats. The open, end-to-end fabric of security solutions – woven together to scale and adapt as business demands change – enables organizations to address the full spectrum of challenges they currently face across the expanding attack surface. The FortiGate platform also leverages global threat intelligence to protect individual customers, by using Fortinet’s FortiGuard Security Subscription Services to enable visibility and control for next-generation protection against advanced threats, including zero-day attacks.

Cloudify Manager is an open source cloud orchestration platform, native to NFV, that is model-driven and based on the TOSCA (Topology and Orchestration Specification for Cloud Applications) standard and built to automate the entire application lifecycle. Developers model their topology once, using a standard-based service modeling language (in YAML format), describing the desired

SOLUTION BENEFITS

nn Comprehensive security

nn Standards-based integration, using TOSCA-based orchestration

nn VNFM & NFVO functionality supported by single platform: Cloudify Manager

nn Leverage the industry’s best validated security protection offered by Fortinet’s award-winning FortiGate network security platform to protect against sophisticated cyber-threats.

Page 2: FORTINET AND CLOUDIFY SECURITY SOLUTION · FORTINET AND CLOUDIFY SECURITY SOLUTION Comprehensive Security supported by Advanced NFV Orchestration Network Function Virtualization (NFV)

SOLUTION BRIEF: FORTINET AND CLOUDIFY SECURITY SOLUTION

Copyright © 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales

EMEA SALES OFFICE905 rue Albert Einstein06560 ValbonneFranceTel: +33.4.8987.0500

APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730

LATIN AMERICA HEADQUARTERSSawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430Sunrise, FL 33323Tel: +1.954.368.9990

March 13, 2018 3:13 PM

Mac:Users:susiehwang:Desktop:Egnyte:Egnyte:Shared:Creative Services:Team:Susie-Hwang:Egnyte:Shared:CREATIVE SERVICES:Team:Susie-Hwang:SB-Fortinet-Cloudify:sb-fortinet-cloudify

state of the service. The Cloudify orchestrator is responsible for mapping the desired state into a set of execution workflows to interact with the underlying services and infrastructure, which includes instantiation of the network, machines, and software installation on those machines once they have been instantiated in the order defined in the service model.

Cloudify can be leveraged as both the NFVO and VNFM, in the context of the ETSI MANO architecture, and is able to interact with multiple VIMs, containers, as well as external and non-virtualized infrastructure and devices, and OSS and BSS in a brownfield environment, all through a single pane of glass. VNF providers, Telcos, and operators alike can realize the benefits of the cloud with Cloudify’s assistance in the transition from non-virtualized appliances to virtualized cloud-native network functions, with full lifecycle management and orchestration from the deployment phases, through intelligent placement awareness, service function chaining during runtime, and all the way through Day 2 operations of management, monitoring, self-healing, scaling, and tear down.

The functionality of the joint solution is summarized in the illustration below.

INTEGRATION FEATURES

The Cloudify integration with Fortinet FortiGate also provides out of the box auto-scale, auto-heal, rollback and update capabilities on any virtualized environment. It also contains definitions for all infrastructure-related items alongside test environments.

SCALE & HEAL CAPABILITIES

To provide scale and heal capabilities, the Cloudify blueprint uses a policy mechanism included in the Cloudify Manager that defines events or proactive actions which should be triggered based on pre-defined criteria. Criteria are defined based of performance metrics of given VM collected by the Cloudify agent installed on this VM. To provide FortiGate performance metrics a proxy approach is implemented as per the diagram.

ABOUT CLOUDIFY

Cloudify is an open source TOSCA-based cloud management platform, built on orchestration-first, and model-driven principles. Cloudify is revolutionizing the way modern IT can be delivered, by getting IT and developers working together on a single platform, managing and automating the entire application lifecycle, from start to finish. Learn more at http://cloudify.co/

http://cloudify.co/

Building hybrid cloud with cloudify (public)

Building hybrid cloud with cloudify (public)

Technology
Cloudify workshop at CCCEU 2014

Cloudify workshop at CCCEU 2014

Technology
Fortinet and Tufin Integrated Security Solution · PDF file 1 Fortinet and Tufin Integrated Security Solution Network Security Policy Orchestration for Fortinet Firewalls Fortinet

Fortinet and Tufin Integrated Security Solution · PDF file 1 Fortinet and Tufin Integrated Security Solution Network Security Policy Orchestration for Fortinet Firewalls Fortinet

Documents
Cloudify 4.2 Webinar - Agility & Control

Cloudify 4.2 Webinar - Agility & Control

Software
Multi-Cloud Orchestration for Kubernetes with Cloudify

Multi-Cloud Orchestration for Kubernetes with Cloudify

Technology
GigaSpaces Cloudify Any App, On Any Cloud, Your Way February 2012 Using Groovy in Cloudify The why, the where and the how Barak Merimovich Cloudify Team

GigaSpaces Cloudify Any App, On Any Cloud, Your Way February 2012 Using Groovy in Cloudify The why, the where and the how Barak Merimovich Cloudify Team

Documents
Cloudify 4.0 - Harness the Power of Orchestration

Cloudify 4.0 - Harness the Power of Orchestration

Software
Cloudify summit2012 pub

Cloudify summit2012 pub

Technology
Security Without Compromise with Unprecedented Agility · PDF fileSOLUTION RIEF FORTINET VMWARE READY™ FOR NFV SOLUTION Security Without Compromise with Unprecedented Agility INTRODUCTION

Security Without Compromise with Unprecedented Agility · PDF fileSOLUTION RIEF FORTINET VMWARE READY™ FOR NFV SOLUTION Security Without Compromise with Unprecedented Agility INTRODUCTION

Documents
Deployment Automation on OpenStack with TOSCA and Cloudify

Deployment Automation on OpenStack with TOSCA and Cloudify

Technology
Intro to Cloudify

Intro to Cloudify

Technology
Introduction to Cloudify for OpenStack users

Introduction to Cloudify for OpenStack users

Technology
Cloudify Orchestration for Chef Users

Cloudify Orchestration for Chef Users

Technology
NFV and Connection Tracking OpenStack NFV: …openvswitch.org/support/boston2017/1100-dpdk-performance-nfv-ct.pdf · OpenStack NFV: Performance with OvS-DPDK for NFV and Connection

NFV and Connection Tracking OpenStack NFV: …openvswitch.org/support/boston2017/1100-dpdk-performance-nfv-ct.pdf · OpenStack NFV: Performance with OvS-DPDK for NFV and Connection

Documents
Manual Fortinet

Manual Fortinet

Documents
TOSCA and Cloudify

TOSCA and Cloudify

Software
Multi-Cloud Services on Kubernetes* with Cloudify* Orchestration … · 2019-11-14 · White Paper | Multi-Cloud Services on Kubernetes* with Cloudify* Orchestration and F5 Networks*

Multi-Cloud Services on Kubernetes* with Cloudify* Orchestration … · 2019-11-14 · White Paper | Multi-Cloud Services on Kubernetes* with Cloudify* Orchestration and F5 Networks*

Documents
ONAP, ETSI, and TOSCA Deconstructed The Cloudify Open NFV ...wp.cloudify.co/wp-content/uploads/2017/09/The-Cloudify-Open-NFV... · The Cloudify Open NFV Roadmap ONAP, ETSI, and TOSCA

ONAP, ETSI, and TOSCA Deconstructed The Cloudify Open NFV ...wp.cloudify.co/wp-content/uploads/2017/09/The-Cloudify-Open-NFV... · The Cloudify Open NFV Roadmap ONAP, ETSI, and TOSCA

Documents
How Cloudify uses Chef as a Foundation for PaaS

How Cloudify uses Chef as a Foundation for PaaS

Technology
Cloudify Payroll webinar

Cloudify Payroll webinar

Business
CLOUDIFY INTRO July 2013 Dotan Horovits, Director, Customer Services

CLOUDIFY INTRO July 2013 Dotan Horovits, Director, Customer Services

Documents
Fortinet Product Life Cycle Information - ERC · Fortinet Product Life Cycle Information Fortinet suggests that customers familiarize themselves with the Fortinet Product Life Cycle

Fortinet Product Life Cycle Information - ERC · Fortinet Product Life Cycle Information Fortinet suggests that customers familiarize themselves with the Fortinet Product Life Cycle

Documents
DEFINING NFV NFV Network Function Virtualization

DEFINING NFV NFV Network Function Virtualization

Documents
FORTINET VMX WITH VMWARE NSX - Fortinet | Enhancing … · Network Functions Virtualization (NFV) ... • FortiGate-VMX Service Manager not only registers the security service definitions

FORTINET VMX WITH VMWARE NSX - Fortinet | Enhancing … · Network Functions Virtualization (NFV) ... • FortiGate-VMX Service Manager not only registers the security service definitions

Documents
Fortinet broch

Fortinet broch

Technology
Fortinet FortiGate 100D - MicroAge · Fortinet FortiCare support offerings provide comprehensive global support for all Fortinet products and services. You can rest assured your Fortinet

Fortinet FortiGate 100D - MicroAge · Fortinet FortiCare support offerings provide comprehensive global support for all Fortinet products and services. You can rest assured your Fortinet

Documents
Cloudify Open PaaS Stack for DevOps

Cloudify Open PaaS Stack for DevOps

Technology
1 Fortinet Confidential September 11, 2015 Fortinet An Introduction

1 Fortinet Confidential September 11, 2015 Fortinet An Introduction

Documents
2.NFV(17)000251r1 ETSI NFV Concepts and MANO details - NFV ...17)000251r1_ETSI_NFV_Conce… · NFV/IFA0073 NFV/SOL0033(API) NFV/IFA008 NFV/SOL0023(API) ETSI3GSNFV /IFA011 VNF’Package’&’VNFD

2.NFV(17)000251r1 ETSI NFV Concepts and MANO details - NFV ...17)000251r1_ETSI_NFV_Conce… · NFV/IFA0073 NFV/SOL0033(API) NFV/IFA008 NFV/SOL0023(API) ETSI3GSNFV /IFA011 VNF’Package’&’VNFD

Documents
Automating Cloud Orchestration with Puppet and Cloudify

Automating Cloud Orchestration with Puppet and Cloudify

Technology