Upload
netmagic-solutions-pvt-ltd
View
111
Download
1
Embed Size (px)
Citation preview
Network Virtualization improves security in
4 different ways
Virtualization has created a new meaning for organizations and the way they provision IT. From
server consolidation to the cloud, virtualization has today become the dominant computing
platform globally. Virtualization not only expands computing capabilities but can be used as a
tool to increase network security.
How Network Virtualization Improves Security
Application workloads in a cloud data center can be provisioned, migrated and decommissioned
when required or as the need may be. The cloud management software allocates compute,
storage and network capacity on demand. By adding network virtualization to this dynamic
environment changes the network operations model completely. Network virtualizations packs
several built in network security advantages like isolation and multi tenancy, segmentation,
distribution firewalling, service insertion and chaining. Combining these features with other
security features, network virtualization platforms help in streamlining security operations in a
software-defined data center
Isolation And Multi Tenancy
Isolation is one of the core features of network virtualization. It is the underlying basis for
network security for compliance, containment or for keeping the development, test, and
production environments from interacting. Virtual networks are isolated from other virtual
networks and from the underlying physical network by default.
An isolated virtual network can be made up of workloads distributed anywhere in the data
center. Workloads in the same virtual network or those residing on multiple isolated virtual
networks can reside on the same hypervisor. Isolation between virtual networks allows for
overlapping IP addresses, making it possible to have isolated development, test, and production
virtual networks, each with different application versions, but with the same IP addresses, all
operating at the same time on the same underlying physical infrastructure.
Virtual networks are also isolated from the underlying physical infrastructure. Since traffic
between hypervisors is encapsulated, physical network devices operate in a completely different
address space than the workloads connected to the virtual networks. For example, a virtual
network could support IPv6 application workloads on top of an IPv4 physical network. This
isolation protects the underlying physical infrastructure from any possible attack initiated by
workloads in any virtual network.
Make Segmentation Simple
Segmentation is interconnected with isolation but is applied within a multi tier network.
Usually, network segmentation is a function of a physical firewall or router designed to allow or
deny traffic between network segments or tiers. Conventional processes for defining and
configuring segmentation are usually prone to human error and is time consuming leading to a
high incidence of security breaches. Implementation requires deep and specific expertise in
device configuration syntax, network addressing, application ports, and protocols.
Like isolation, network segmentation is a principal capability of network virtualization. A virtual
network can support a multi tier network environment consisting of multiple L2 segments with
L3 segmentation or micro segmentation on a single L2 segment using distributed firewall rules.
These could represent a Web tier, an application tier, and a database tier. Physical firewalls and
access control lists deliver a proven segmentation function, trusted by network security teams
and compliance auditors.
This approach has been more than often subject to breaches, attacks and downtime due to
human error or outdated manual network security provisioning or change management.
Network virtualization enables network services (provisioned with a workload) to be
programmatically created and distributed to the hypervisor vSwitch. Network services,
including L3 segmentation and firewalling, are enforced at the virtual interface. Communication
within a virtual network never leaves the virtual environment, thus removing the requirement
for network segmentation to be configured and maintained in the physical network or firewall.
Advanced Security Service Insertion, Chaining, And
Steering
Usually, the foundation or the base of a network virtualization platform provides firewalling
features to deliver segmentation within virtual networks. For some environments advanced
network security capabilities are required. In such instances, the network virtualization platform
can be leveraged to distribute, enable, and enforce advanced network security services in a
virtualized network environment.
Network services are distributed through network virtualization platforms into the vSwitch to
form a logical pipeline of services applied to virtual network traffic. Third-party network services
can be inserted into this logical pipeline, allowing physical or virtual services to be consumed in
the logical pipeline.
A powerful benefit of the network virtualization approach is its ability to build policies that
leverage service insertion, chaining, and steering to drive service execution in the logical services
pipeline based on the result of other services, making it possible to coordinate otherwise
completely unrelated network security services from multiple vendors.
Consistent Security Models Across Physical And Virtual
Infrastructure
Network virtualization provides a platform that allows automated provisioning and context
sharing across virtual and physical security platforms. Partner services traditionally deployed in
a physical network environment are easily provisioned and enforced in a virtual network
environment, which delivers a consistent model of visibility and security across applications
residing on either physical or virtual workloads.
Traditionally, this level of network security would have forced network and security teams to
choose between performance and features. Leveraging the ability to distribute and enforce the
advanced feature set at the application's virtual interface delivers the best of both.
The infrastructure maintains policy, allowing workloads to be placed and moved anywhere in
the data center without manual intervention. Pre-approved application security policies can be
applied programmatically, enabling self-service deployment of even complex network security
services.
As more data centers adopt network virtualization and move toward the software-defined data
center, the industry will see a broad range of traditional security solutions that leverage the
unique position of the network virtualization platform in the hypervisor. Detailed knowledge of
VMs and application process owners, combined with automated provisioning speed and
operational efficiency, is the foundation for an exciting new approach to some very old
challenges.
About NTT Communications Corporation
NTT Communications provides consultancy, architecture, security and cloud services to
optimize the information and communications technology (ICT) environments of enterprises.
These offerings are backed by the company’s worldwide infrastructure, including the leading
global tier-1 IP network, the Arcstar Universal One™ VPN network reaching 196
countries/regions, and 140 secure data centers worldwide. NTT Communications’ solutions
leverage the global resources of NTT Group companies including Dimension Data, NTT
DOCOMO and NTT DATA.
www.ntt.com | Twitter@NTT Com | Facebook@NTT Com | LinkedIn@NTT Com
About Netmagic Solutions (An NTT Communications Company)
Netmagic, an NTT Communications company, is India’s leading Managed Hosting and Cloud
Service Provider, with 9 carrier-neutral, state-of-the-art data centers and serving more than
1500 enterprises globally. A pioneer in the Indian IT Infrastructure services space - it was the
first to launch services such as Cloud Computing, Managed Security, Disaster Recovery-as-a-
Service and Software-Defined Storage. Netmagic, also delivers Remote Infrastructure
Management services to NTT Communications’ customers across Americas, Europe and Asia-
Pacific region. Recipient of several industry accolades, Netmagic was recently chosen by Frost &
Sullivan for both Third Party Data Center Service Provider of the year and Infrastructure as a
Service Provider of the year at India ICT Awards 2015.
Netmagic is the first cloud service provider in India and in the world, to receive the CSA STAR
certification for Cloud Capability Maturity Model (CCM) version 3.0.1, an industry benchmark
for the specific security requirements of multi-tenant service providers. Besides this, Netmagic
is also empanelled as an IT Security Auditing Organization with CERT-In (Indian Computer
Emergency Response Team).
NTT Communications, world’s largest data center company, has over 140 data centers globally.
NTT Communications is a part of NTT Corporation, Japan – which is ranked 53rd on Fortune
Global 500 list (2014) with annual turnover of USD 112 Bn. With 240,000 professionals in 79
countries, NTT Corporation is the only global partner that supports clients with an integrated
perspective across applications, infrastructure and network.
www.netmagicsolutions.com | Twitter@Netmagic | Linkedin@Netmagic | YouTube@Ne
tmagic