security vulnerabilities or distribution - rainfocus · application flow analysis and...

Manish Bhaskar, Ilan Koyshman, Anuj Jaiswal

MMC3112BU

#VMworld #MMC3112BU

Identify Application Security Vulnerabilities and Troubleshoot Network Issues Across AWS EC2 and vSphere VMs– Fox Media Story

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2#MMC3112BU CONFIDENTIAL



bution

Agenda

1 VMware Cloud Services Overview

2 Network Insight Service Overview

3 Fox Media story

4 Demo

5 Q&A




bution

Cloud Adoption

PUBLIC

CLOUD

ADOPTIO

N

50% of workloads will

be in the public

cloud by 2030

48% already using

multiple clouds

Source: Dimensional Research, Feb 2016

Organizations are now adopting multiple clouds at scale




bution

VMware Cloud Services



bution

VMware Cloud Services

Manage, Govern and Secure Public and Private Cloud Apps

7

Discovery

Cost Insight

NSX Cloud

Network Insight

AppDefense

Wavefront

ON PREMISES DATA CENTER

Visibility into apps and resources they consume. Analyze usage and utilization across clouds.

Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.

Secure networks with micro-segmentationCreate private networks within or across clouds.

Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.

Metrics-driven monitoring and real-time analytics.

Governance for running workloads.

#MMC3112BU CONFIDENTIAL



bution

Network Insight Service



bution

Virtual Network

Operations

Visibility and Trouble

ShootingSecurity and Planning

Visualize | Plan | Secure | Operate | Troubleshoot

9

Converged 360 Network

Visibility & Analytics

Ensure health and availability of

NSX deploymentsApplication Flow Analysis and

Micro-Segmentation

On-premises data center

• Analyze application behavior and dependencies

• Plan micro-segmentation

• Ensure security compliance

• Discover vSphere, NSX, AWS VPC, security groups, physical infra

• Troubleshoot network connectivity between VMs

• Change tracking with alerts

• Visualization, topology and health at scale

• Configuration deployment support and ensure best practices

• Quick NSX issue resolution




bution

Expansive Data Source Support

• VMware virtualization

• Public Clouds

• Firewall Infrastructure

• Physical Networking

• Converged Infrastructure




bution

Data Collection Requirements

11

Private CloudData Collector

• Data Center to Cloud

communication (one way)

• Appliance installed as a

OVF

• One time secret key for

security

• AWS API access via

access/secret key

• VPC flow logs via log

group

Network Insight Service




bution

Fox Media Use Case



bution

Fox Media Company

Fox

Global Mass Media company in 51+ countries

Create and distribute media content

Film, Television, Cable, News, Sports

• Global mass media company

– 51 countries

– 170 offices in 107 cities

– 91K+ networked devices

• Create and distribute media content

• Film, Television, Cable, News, Sports




bution

Business Context

Fox




Business Context–

• Over 6 Million active assets

• 7+ Petabytes of data

• 7000+ Active users in 85+ countries

• ~200,000 asset downloads monthly

• 10TB of new content being added daily

• Expanding infrastructure with new services

0

1,000,000

2,000,000

3,000,000

4,000,000

5,000,000

6,000,000

7,000,000

2002 2005 2008 2011 2014 2017

1+ Million

assets added

yearly




bution

A Shift Towards SDDC and Hybrid Applications

• 2 primary Data Centers – Los Angeles and Las Vegas

• Hybrid cloud

– vSphere

– AWS & Azure … Extensions to Data Center

• 3+ Levels of firewall security –

– Public Cloud (Security groups)

– Physical

– Application layers and Micro segmentation using NSX

• Need to expand micro segmentation to all applications and hosting environment

Public Cloud East-West

North-South

DATA CENTER PERIMETER

Vision – 50%+

in Public Cloud

Today - 95% of

Applications

reside in vSphere

Today - 90%

East-West

Traffic

Growing North-

South Traffic




bution

Multi-Cloud Architecture Overview

• Multi-cloud – Multi-Region availability

– vSphere Private Cloud – 3000+ VMs

– AWS EC2/PAAS/SAS – 300+ VMs and services

– Azure IAAS/SAS – 50+ VMs and services

– VMware on AWS – Future

• Asset availability closest to the customer

• Utilizing Micro-Segmentation security

– Enabling security for each Application and each VM/service

• Security, Monitoring and Visibility




bution

Challenges

• Development teams are flying blind

– Lack of requirements for deployment of new services

(like ports and source/destination IP etc..)

– Ensure delivery Speed and Security?

• Too many tools !!, How do gain visibility to the network in a Single Pane of Glass

• How do we migrate services across clouds and secure them?

• Handling expanding infrastructure and adding new services

Fox







bution

Perspective on Network Insight & VMware Cloud Services

• Fits Fox strategy of “Cloud First”

• Assist with security creation for Micro-Segmentation in NSX and AWS/Security Groups

• Visibility of Private and Public cloud systems in a single view

• Ability to scale as Fox adds services




bution

Demo



bution

Request Access @ cloud.vmware.com

Visit Cloud.vmware.com




bution

Sessions, Booth and Theatre Presentations forVMware Cloud Services

21

Session # Session Title Type Speakers

MMC1464QUHow to Use CloudFormations in vRealize Automation to Build Hybrid Applications That

Span and Reside On-Premises & on VMware Cloud on AWS and AWS Cloud Quick Talk Vijay Raghavan, Manu Prasanna

MMC1532BUUsing VMware NSX for Enhanced Networking and Security for AWS Native Workloads:

Part 2 Breakout Session Amol Tipnis, Percy Wadia

MMC2046BUUsing VMware NSX for Enhanced Networking and Security for AWS Native Workloads:

Part 1 Breakout Session Amol Tipnis, Percy Wadia

MMC2820BU Deploying Applications into AWS EC2 with VMware Cross-Cloud Services Breakout Session Bahubali Shetti, Dan Illson

MMC2877BUDeep Dive into Cost Insight: Understand, Analyze, and Optimize Your Cloud Expenses

(Cross-Cloud Service) Breakout Session Kumar Gaurav, Kameswaran Subramanian

MMC2884GULive Demo: Search driven log analytics SaaS for troubleshooting vSphere, VSAN and

NSX issues using machine learning algorithms Group Discussion Karl Fultz, Manish Bhaskar, Steven Flanders

MMC2888GU How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check Group Discussion Burt Toma

MMC3062BUMigrating applications to AWS ? Understand application, network and security

dependencies with Network Insight Service: Cardinal Health story and demo Breakout Session Sean O'Dell, Manish Bhaskar

MMC3066BUHow Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on

vSphere, VMware Cloud on AWS, and AWS Native? Breakout Session Sean O'Dell, Anuj Jaiswal

MMC3074BU3 ways to use VMware’s new Cross-Cloud SaaS Services to efficiently run workloads

across AWS, Azure and vSphere: VMware and Customer technical session Breakout Session Jason Walker, Burt Toma

MMC3110PUHow IT Can Enable Development Teams to Build Apps on AWS, Azure, and VMware

Without Compromising on Costs and Security Panel Discussion Mark Leake, Ben Mitchell




bution



bution

security vulnerabilities or distribution - rainfocus · application flow analysis and...

Documents