Copyright 2013 Alcatel-Lucent. All rights reserved. CONFIDENTIAL - SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW

PROPRIETARY – USE PURSUANT TO COMPANY INSTRUCTION Nuage Networks

Securely Dynamic Networks: the “other: SDN

Wim Henderickx Director Consulting Engineering/PLM EMEA wim@nuagenetworks.net; @WHenderickx

April, 2016

Nuage Networks Overview

Nuage is based in Silicon Valley with a team around the world

An Alcatel-Lucent/Nokia venture focused on data center and branch office network

evolution for the cloud era

Leverage Nokia infrastructure and key technologies

Creation of an Abstraction & Automation layer between networking features and

hardware equipment

Policy-driven networking design reflecting business directives, not network protocols

May 1, 2014

3

Compute

Storage

☐ Network X

Virtualized, instantly available, easily consumable

Dat

ace

nte

r In

fras

tru

ctu

re

Cumbersome, constrained & inefficient

DYNAMICALYY AUTOMATED SERVICES SCORECARD

STATIC MANUAL NETWORKS HIGHLY AUTOMATED NETWORKS

AUTOMATION ABSTRACTION

CONTROL VISIBILITY

✓

✓ ✓

✓ The SDN Framework For Highly Automated

Networks

CUSTOM COMPLEX

COSTLY CLOSED

The Networking Shift

Management Plane

Control Plane

Data Plane VRS

VSD

VSC

HYPERVISOR

HYPERVISOR

HYPERVISOR

Virtualized Services Directory (VSD)

Virtualized Services Controller (VSC)

Virtual Routing & Switching (VRS)

Nuage Networks Virtualized Services Platform (VSP)

IP Fabric

HYPERVISOR

HYPERVISOR

HYPERVISOR

Nuage Networks Overview

Network Automation through Policy

Application Orchestration

Service velocity is not hindered by manual network process

Compute Management

Networking

Security/ Compliance

Policy Templates

Nuage Networks VSP

Auto-instantiation

Compute request completed in minutes

IP address

WAN interconnect

Policy / Security Zones

L2 /L3 Service AD

Service chaining

Policy Instantiation • IP address 10.x.y.z • VLAN configuration • WAN configuration • Security / FW settings • QoS parameters • …

Network change completed automatically

00:01

00:01

Integrated solution combining VSP and Fortinet

Management Plane

Control Plane

Data Plane VRS

VSD

VSC

HYPERVISOR

HYPERVISOR

HYPERVISOR

Virtualized Services Directory (VSD)

Virtualized Services Controller (VSC)

Virtual Routing & Switching (VRS)

Nuage Networks Virtualized Services Platform (VSP)

IP Fabric

ReST APIs

HYPERVISOR

HYPERVISOR

HYPERVISOR

Certified with Fortinet

Nuage Networks & Fortinet Overview: Network & Security Automation

FortiManager

FortiGate FortiGate

Deployments

Physical or Virtual

Central or distributed

Perimeter security or micro-segmentation

Nuage & Fortinet Deployment Models

May 1, 2014

8

HYPERVISOR

VSD

VSC

API calls Event & Policy Synchronization

VRS VSG

HYPERVISOR

VRS-G

Hypervisors Supported: KVM, XEN, ESXi, Hyper-V Containers

Fort

iMan

age

r

FortiGate FortiGate VPX VPX

Control Center

Any cloud management system

Automated Perimeter Security

May 1, 2014

9

Internal

Network

External

Network

App01 Web

Servers

FortiGate

App01

Load

Balancer

FortiGate

App02

Load

Balancer

VIP App01 172.16.2.100

App02 Web

Servers

App 01 Client

App 02 Client synchronization

TCP 80 iPerf

FWD Rule

TCP 80

Fortin

et

Firew

all

VSD Controller Fort

iMan

ager

X

Automated Perimeter Security

May 1, 2014

10

Internal

Network

External

Network

App01 Web

Servers

FortiGate

App01

Load

Balancer

FortiGate

App02

Load

Balancer

VIP App01 172.16.2.100

App02 Web

Servers

App 01 Client

App 02 Client synchronization

TCP 80 iPerf

FWD Rule

TCP 80

Fortin

et

Firew

all

VSD Controller Fort

iMan

ager

X

Micro-Segmentation Prevents Lateral Movement of Malware

Micro-Segmentation contains security breaches to smaller set of servers / fault domains

VLAN / Subnet

Ap

p 1

Ap

p 2

DB

2

Web

1

Web

2

DB

1

Micro-segmentation

FortiGate FortiGate

VRS

FortiGate

App VM

Actual Business Results – Large Bank Case Study

50% Reduction in Operational Expense

10x Improvement in turn-up response time, Reduction in configuration errors

40% Increase in asset utilization & flexibility

Source: Alcatel-Lucent Analysis, customer survey feedback 2013-2014

Deployment Example: MSPP

Extensions of MPLS VPN network using Security Services

Next-generation Firewall

Application Visibility

Modern malware protection

IPS, DOS/DDOS attack protection and Anti-virus

Dynamic instantiation and automation of security service instantiation through self service Web portal

Virtual and physical appliances

MPLS

VPN

Branch

Branch

Branch VSP

Nuage VSP

FortiManager

FortiGate

FortiGate

FortiGate

FortiGate

7750 SR

7750 SR

7750 SR

7750 SR

Goal:

From a manual and constrained DC to an automated and agile DC

Perimeter security and micro-segmentation with advanced security fucntionality

Physical and virtual workloads across multiple datacenters

Private DC interworking with public clouds

Multiple Hypervisors: ESXi, KVM, Hyper-V and moving to containers

Deployment Example: DC Consolidation

May 1, 2014

14

DCI BGP-

EVPN/Optical-IP

Bare Metal workloads

SW Workloads Multi-HV: ESXi, KVM, Hyper-V,

etc PaaS:

Kube/openshift

Bare Metal workloads

SW Workloads Multi-HV: ESXi, KVM, Hyper-V,

etc PaaS:

Kube/openshift

WAN: MPLS VPN, Internet

WAN GW DCI GW DC GW WAN GW

VSP VSP

FortiManager

FortiManager

FortiGate FortiGate

FortiGate FortiGate

Deployment Example: DC Consolidation

May 1, 2014

15

VSD

Virtual Networks Compute, storage

F5 BigIQ

Load-balancing Firewalls

IPAM/ DNS/ DHCP

DC Fabric

vCenter

SW VTEP

HW VTEP

Infr

astr

uct

ure

Res

ou

rces

VSC

API

API

OVSDB

FortiGate

FortiManager

FortiGate

We can leverage information gathered from end-points (Forti-Client/Forti-gate/VRS) to isolate the source of the attack

Allows to prevent and isolate thread sources automatically by leveraging network intelligence to the policy framework

Next Steps/Evolution: Dynamic Thread Protection

May 1, 2014

16

Endpoint Analytics

Nuage VSP

FortiManager

FortiGate VRS

FortiClient

Besides the DC, Nuage also has a SD-WAN solution.

With the BW growth and evolution of SaaS application, guest-WIFI we need to protect the branch in a more advanced way

Fortinet + Nuage Networks are ideal to resolve this.

Next Steps/Evolution: Branch Protection

May 1, 2014

17

INTERNET MPLS VPN

INTERNET

3G/4G

Headquarters

LAN

DC

Headquarters

LAN

DC Branch

Branch

Branch

BYOD hardware

SW Image = OS

SW Image = VM

BYOD hardware

Physical Appliance

NUAGE hardware

Physical Appliance

NUAGE hardware

Physical Appliance

NUAGE hardware

Nuage VSP

In Conclusion

Integrated & certified joined solutions between

Nuage Networks and Fortinet providing automated

network and security services

Enabling Private/Public/Hybrid Clouds with

Virtual or Physical appliances

Perimeter Security

Micro-segmentation

Reduce OPEX, Faster deployment & optimized CAPEX

4/20/2016

19

www.nuagenetworks.com @nuagenetworks

THANK YOU

www.fortinet.com @Fortinet