CohesiveFT and IBM joint EMEA Webinar - 20Jun13

@cohesiveft#CFTWebinars

CohesiveFT -Need to control and secure your applications in the Cloud?

1

Copyright CohesiveFT - 14 Jun 2013

Welcome to the webinar

2

Sam MitchellSenior Solution Architect

Sam leads the technical elements of the sales cycle. He runs demos, technical qualification, technical account management, proof of concepts, technical and competitive positioning, RFI/RFP responses & proposals.

Before CohesiveFT, Sam was a Cloud Solution Architect at Platform Computing, recently acquired by IBM, and Lead Architect at SITA.

Your Presenters

Chris PurringtonGlobal Sales Director

As Global Sales Director at CohesiveFT and Managing Director of CohesiveFT UK, Chris is responsible for worldwide sales. With over 20 years in the software industry. Chris has extensive experience in leading ISVs to success in EMEA, this includes 9+ years at Application Lifecycle Management company Borland where he was UK MD and VP UK, Ireland and Africa.


Agenda

• Cloud and SDN Market Overview • What is cloud networking?• Working with cloud networks• Security & control solutions• Hybrid cloud solutions• Federated cloud solutions• Cloud networking customer use cases• Wrap up & questions

3



About CohesiveFT

4

What We DoWho We Are• Cohesive Flexible Technologies Corp.

(CohesiveFT)

• Founded in 2006 by IT and capital markets professionals with years of experience in operations, enterprise software and client-facing services

• Customers have 50M+ virtual device hours in public, private, & hybrid clouds secured by VNS3

• First product launched in 2007 with followup products in 2008 and 2011

• Offices in Chicago, London, Belo Horizonte and Palo Alto

• Enable enterprises to run business systems in the cloud

• Our solutions help migrate, transform and extend both customer facing systems and internal operational platforms

• Provide more application-centric SDN for cloud than all competition combined

• Only company to promote comprehensive cloud container solution for migration, deployment and control

• Cloud, vendor, and standards neutral for greater customization and control


Customers

5

ISV SaaS Integrators Self Service Enterprise

VNS3 has helped secure 50M+ virtual device hours in public, private, & hybrid clouds


Use

r C

ontr

olPr

ovid

er C

ontr

ol

Compute Storage NetworkHardware Ownership

Layer

Virtualization Layer

Web Server Runtime

IaaS

PaaS

Layer 0

Layer 4

Layer 3

Layer 2

Layer 1

Layer 5

Layer 7

Layer 6

Limits of access, control, & visibility Developer Tools

Application-layer : above provider control & access

6

Application Layer


Phys

ical

Lay

er

SDN Market can be divided into 2 segments1. Application Controlled

• CohesiveFT VNS3• Cisco Cloud Service Router• Citrix CloudBridge

2. Provider Controlled• Nicira/VMware• Open vSwitch• Cisco Nexus 1000v

• IBM• Cisco• Juniper

Software Defined Network - Market Segments

7

Vir

tual

Lay

erA

pplic

atio

n La

yerCloud Instance

OS

App Stack

Prov

ider

Con

trol

led

Hypervisor

Hardware

ComputeStorage

Network

Multiplexed access to:

App

Con

trol

led

} OpenFlow

Layer 0

Layer 4

Layer 3

Layer 2

Layer 1

Layer 5

Layer 7

Layer 6

Perimeter of access, control, & visibility


Overlay networks can solve common pain points:

8


Attest to data in motion encryption

Capacity expansion into public cloud

Cloud WAN / connect to customer & partner networks

Federate common, shared infrastructure

Legacy Migration and Integration

Disaster recovery / readiness


Overlay SDN (Software Defined Network)

gives control in the cloud of:

• IP Addressing• Protocols• Network Topology• Security

• Separate network identity from location•Configure in a mesh for high availability •Overlay across multiple clouds for geographic

distribution, & cloud federation•Rest API or UI

Extend Your Network Across the Clouds with VNS3

9


VNS3 is a combination of 6 device types:

Firewall

Dynamic & Scriptable SDNProtocol RedistributorIPsec/SSL VPN

concentrator

Router Switch

VNS3

Hybrid virtual device able to

extend to multiple sites

10

Leading Overlay SDN (Software Defined Network) Appliance •Allows control, mobility & agility by separating network location and network identity •Control over IP addressing and topology


Security lattice: layers of control & access

11

Cloud networks combine with user & provider firewalls and isolation features to create a “security lattice” with layers of security.

Some key security elements must be controlled by the customer but separate from the provider.

Provider Owned/Provider ControlledProvider Owned/User ControlledVNS3 - User Owned/User ControlledUser Owned/User Controlled

Copyright CohesiveFT - 14 Jun 2013 12

Technical Use Cases


A technical use case preview

13


Other Cloud 2 Singapore

Other Cloud 1New Jersey, USA

Other Clouds


Security & control: customer networking setup

14


App-layer security: Firewalls & IPsec devices

Control: users already control and manage everything

below this layer


Security & control: IPsec connections

15


Security: IPsec tunnels with encrypted data-in-

motion

Control: only provide access to certain endpoints; separate

customers and partners


Security & control: connection into cloud VMs

16


Control: peering and failover for disaster recovery / readiness

Security: Points of presence &

backup, without vendor lock-in

Other Cloud 2 Singapore

Other Cloud 1New Jersey, USA

Other Clouds


Cloud Address Control

17

VNS3 Solution:

• Control static addressing of your cloud servers

• Local Area Network (LAN) address extension to the cloud

• Servers and Topologies behave as though the are running locally

• Application centric network is portable

Problem: Public Cloud addressing schemes don’t match your data center addressing.


Cloud Protocol Control: Multicast

18

Problem:

• Enterprise software uses multicast protocols for service election and service discovery.

• Many public cloud providers block multicast protocols at the user layer.

VNS3 Solution:

• Send multicast traffic via VNS3 overlay network before it is rejected by underlying network infrastructure.

• Control all your protocols with VNS3.


Cloud Security Control: IPsec Tunneling

19

VNS3 Solution:

• Extend your network with industry standard IPsec.

• Use your existing network security appliances (Cisco, Juniper, Netscreen, SonicWall).

• Use your existing secure communication methods/practices the same as you currently connect offices, data centers or partners/customers.

Problem: Public cloud is accessed via public internet.


Cloud Security Control: Multiple IPsec

20

Problem: Cloud providers limit the number of IPsec connections.

VNS3 Solution:

• VNS3 Manager enables multiple IPsec connections to a cloud-based overlay network segment.

• Serves as user-controlled, virtualized switch/router (uSwitch) inside the provider cloud.

• Cloud deployed servers can communicate with multiple IPsec gateways via endpoint-to-endpoint encrypted connections.


Regional Cloud Federation

21

VNS3 Solution:

• Leverage cloud points of presence without sacrificing security and control.

• Link multiple clouds for one logical group of resources.

• Extend connectivity between multiple public and private cloud environments.

Problem: Production cloud deployments require geo distribution for DR and points of presence.


Use Existing Monitoring Tools

22

VNS3 Solution:

• Use your existing monitoring tools for cloud deployments.

• VNS3 allows you to use your existing NOC to monitor and manage devices in the data center and the cloud.

Problem: Cloud deployments cannot be connected to existing network operations center.


Customer-Partner and Branch Networks in Public Cloud

23

VNS3 Solution:

• Industry standard secure connectivity to isolated servers in public cloud

• Data in motion in the public cloud is encrypted.

Problem: Securely connect customers, partners or branches to specific servers in shared infrastructure.


VNS3 Summary

24

Firewall

Dynamic & Scriptable SDNProtocol Redistributor

IPsec/SSL VPN concentrator

Router Switch

VNS3

Hybrid virtual device able to

extend to multiple sites

Leading Overlay SDN (Software Defined Network) Appliance • Allows control, mobility & agility by separating network location and network identity • Control over end to end encryption, IP addressing and network topology


CohesiveFT EuropeLondon, UK [email protected] +44 208 144 0156

CohesiveFT AmericasChicago, IL [email protected] +1 888.444.3962

Contact Details

25

Follow us for news and updates: blog.cohesiveft.com @cohesiveft

Get in touch:Chris Purrington, Global Sales Director

- [email protected] +44 7962 452661

Sam Mitchell, Senior Solution Architect - [email protected] +44 7917 630020


Appendix 1 - VNS3 LicensesSKU License Parameters Cost

VNS3 Free 1 VNS3 Manager, 1 IPsec Endpoint, 5 Client Packs

Free (no time limit)

VNS3 Lite Edition Cloud Only

1 VNS3 Manager, 0 IPsec Endpoint, 25 Client Packs

$150 per month

VNS3 Lite Edition Data Center Connect

1 VNS3 Manager, 2 IPsec Endpoint, 10 Client Packs

$150 per month

VNS3 SME Edition 1 VNS3 Manager, 1 IPsec Endpoint, 5 Client Packs

$350 per month

VNS3 Enterprise 1 VNS3 Manager, 1 IPsec Endpoint, 5 Client Packs

$750 per month

Larger Licenses additional Managers, IPsec endpoints and client packs can be added to the SME and Enterprise Editions

Contact CohesiveFT [email protected]


Appendix 2Business Use Cases


Large mutual fund securely bursts into public cloud to extend their HPC grid

Highlights

Automatically flex existing HPC solution up and down by bursting into public cloud.

Configure and contextualize nodes between data center and cloud.

Used existing workload manager / grid engine software / vendor to extend their grid.

Significantly reduced infrastructure costs, while increasing flexibility and responsiveness.

Challenge: Fund needed to extend their existing grid on the same IP network with security.

Traditional high performance computing (HPC) environments are expensive to own and to operate. Growing demand for faster results and equally strong push to reduce costs pointed to public cloud, but could not provide security and control.

Security & Compliance ChallengesCloud IaaS and multi-tenant solutions still cannot provide the security of a physical grid.

SolutionSeamlessly extended the grid with an overlay network.

The fund’s cloud grid compute nodes connected securely with a pair of highly available VNS3 managers.

Fund bursts into public cloud to extend HPC

28

Public Cloud

Node

Private Data Center

NodeNode

Node

IPse

c co

nnec

tion


Scalable, pay as you go solution to connect cloud-based apps to partner networks.

Highlights

Had to connect to telco partners with partners’ exact IP addresses

Concerns over keeping customer and partner traffic separate and secure

Needed to quickly scale up and down, with a price package to match

Overlay network segmented partners to take control of security, addressing, and connection

The Situation: Telco with mobile app needed to connect cloud-based app servers to APAC partners on the partners’ exact IP addresses.

Developed a segmented overlay network capable of running in multiple geographic regions and separating customer and partner data with encrypted connections.

Solution used:• Overlay network• Instance-based solution using pay-as-

you-go virtual appliances• Customer-defined address pools• Guarantee encryption for all data in

motion, including customer session tokens and payment information

Mobile app developer connects on overlay

29

Public Cloud

Virtual

Netw

ork

IPsec

conn

ectio

n

Customer Site

Part

ner S

ite

Customer Site

IPsec connection

IPse

c co

nnec

tion


European clothing designer wanted creativity and capacity without the hardware.

Highlights

Created a fashion social networking site with security and cloud-based capacity

Wanted to scale and control capacity.

Access and reliability will remain to be key aspects of the infrastructure.

Secure, encrypted data in motion and access to data center with VNS3

The Situation: European fashion designer and wholesaler wanted to extend fashion brand by:• Creating first ever fashion-focused

social site• Scaling up and down with demand• Keeping security standards high

The industry, enterprise and infrastructure created hurdles for traditional physical computing.

VNS3 overlay network offered control over addressing and topology for customer-controlled hybrid device.

Solution included:• Overlay network to public cloud• Encryption for all data in motion• End-to-end encryption from data

center to apps• Easy internal approvals for the

corporate “network police”• Perpetual license to accommodate

scaling needs

Capacity expansion: fashion brand grows in cloud

30

Public Cloud

Private Data Center

Hyb

rid

Clo

ud


Customer Site

BPMS-as-a-SaaS without traditional complexity

31

Business process SaaS vendor reaches customers without on-site data centers or physical networks.

Highlights

Large independent logistics firm wanted to provide SaaS as subscription model without burdening clients.

Hoped to scale cloud containers for more customized solutions.

Removed complexity of migrating and need to change the business model, operations.

Solved end client’s issues with on-site data centers and large software clients.

The international BPM and CRM software vendor wanted to provide a SaaS offering to move customers to subscription revenue model.

Challenges:• Limited multi-tenant environments for

customers that pass industry tests• Required connectivity without the

hurdles of traditional networks, data centers and enterprise rules

• Connecting apps across different public and private clouds

• End customer security concerns

Solution created:• Access as if it is a subnet on their

network• Guaranteed encryption for all data in

motion and at rest• Overlay network that can deploy to

any public cloud provider• Firm can connect their clients’

software to cloud-based data centers without up-front, capital intense processes

Public Cloud

Customer SaaS deployment 2

IPse

c co

nnec

tion

Customer Site

IPsec connection

Customer SaaS deployment 1


Threat protection firm extended offerings with global cloud points of presence.

Highlights

Global reach for products and global redundancy for security.

Needed secure connections to existing data centers and networks.

Access critical infrastructure “in region” without delays or capital of physical resources.

Offered global redundancy at dramatically lower cost than traditional infrastructure.

A global end point threat prevention company wanted to have global reach for their cloud-based threat protection and virus scanning system.

Additionally, they wanted to ensure global redundancy using multiple cloud data centers with the potential for connected multiple cloud providers.

Challenges:• Working with multiple cloud

providers and cloud regions• Connections across clouds and down

to existing physical data centers and networks

Solution featured:• Guaranteed encryption for all data in

motion and at rest• Overlay network to federate across

any public cloud provider

End customers can access critical resources without waiting for inter-continental lag times, at much lower costs.

Data Center 2

Cloud WAN for global reach and redundancy

32

EU Public Cloud

IPse

c co

nnec

tion

Existing Data Center

IPsec connection

US Public Cloud

Federated Multi-Cloud Network

Failover


Cloud WAN connectivity without the expensive assets or contracts.

Highlights

Global reach for products and global redundancy for security.

Needed secure connections to existing data centers and networks.

Access critical infrastructure “in region” without phsyical resources.

Offered global redundancy at dramatically lower cost.

A pharmaceutical information systems firm wanted to integrate US-based offices together and to integrate offices to their cloud infrastructure.

Challenges:Offices had different hardware and software, networks and data needs. The firm did not want to invest in assets or long term contracts with vendors.

Solution featured:• Guaranteed encryption for all data in

motion and at rest• Overlay network to federate across

any public cloud provider• IPsec and data in motion encryption

Customer created a true Cloud WAN with overlays and cloud provider.

Each office connected to the cloud-based systems and also connected to each other using VNS3 and the cloud as the network backbone. Medical Data

Center

Pharmaceutical system federates infrastructure

33

Hospital Offices

Medical Office

Public Cloud Region 2

IPsec connection

Public Cloud Region 1

WA

N N

etw

ork

IPse

c co

nnec

tion

IPse

c co

nnec

tion


Coalescence: Services for the Cloud Container

• Cloud migration framework• Automate your application migration to save time and money • No need to re-instal servers if cloud provider infrastructure fails or upgrades

• Proven methodologies to take planned topologies to the cloud through a set of logical steps

• Experience-informed services:• Cloud strategy / advisory• HPC in the cloud• Cloud training• Cloud / virtualization support• VNS3 design and implementation• Cloud deployment and security audit• Cloud active directory

34

Analyze Requested

Topology

Packaging & Bundling Unit Implementation Cluster Definition &

Contextualization Cluster Mastering Multi Cluster Launch

Technology

CohesiveFT and IBM joint EMEA Webinar - 20Jun13