Downloaded 117 times
![2
Industry Validation for Fortinet’s Data Center Strategy
“Fortinet moves into second
due to its strong position
and price/ performance,
and [should] gain some
ground at the very high end
of the market.”
Data Center Security Products, Biannnual Market Share, Size & Forecast, Oct 2014
Data Center Security Appliance Market Share
2015 Enterprise Firewall MQ – Fortinet Strengths:
“-In addition to enterprise NGFW deployments, Fortinet is well-suited to
deployments in carriers, data centers, service providers and distributed
enterprises (for example, retail and franchises).
-Fortinet has a well-articulated strategy regarding virtualization, public
cloud and SDN, and has a promising partnership with VMware NSX.”](https://image.slidesharecdn.com/software-definedsecurityframeworkfinal-150915080011-lva1-app6892/85/Software-defined-security-framework_final-2-320.jpg)
![2
Industry Validation for Fortinet’s Data Center Strategy
“Fortinet moves into second
due to its strong position
and price/ performance,
and [should] gain some
ground at the very high end
of the market.”
Data Center Security Products, Biannnual Market Share, Size & Forecast, Oct 2014
Data Center Security Appliance Market Share
2015 Enterprise Firewall MQ – Fortinet Strengths:
“-In addition to enterprise NGFW deployments, Fortinet is well-suited to
deployments in carriers, data centers, service providers and distributed
enterprises (for example, retail and franchises).
-Fortinet has a well-articulated strategy regarding virtualization, public
cloud and SDN, and has a promising partnership with VMware NSX.”](https://image.slidesharecdn.com/software-definedsecurityframeworkfinal-150915080011-lva1-app6892/75/Software-defined-security-framework_final-2-2048.jpg)
Uploaded byLan & Wan Solutions
Software defined security-framework_final
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management. 2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds. 3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
More Related Content
Similar to Software defined security-framework_final
More from Lan & Wan Solutions
Software defined security-framework_final
- 1. © Copyright FortinetInc. All rights reserved. Software-Defined Security Framework Agile Cloud & SDN Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali & Geografiche
- 2. 2 Industry Validation forFortinet’s Data Center Strategy “Fortinet moves into second due to its strong position and price/ performance, and [should] gain some ground at the very high end of the market.” Data Center Security Products, Biannnual Market Share, Size & Forecast, Oct 2014 Data Center Security Appliance Market Share 2015 Enterprise Firewall MQ – Fortinet Strengths: “-In addition to enterprise NGFW deployments, Fortinet is well-suited to deployments in carriers, data centers, service providers and distributed enterprises (for example, retail and franchises). -Fortinet has a well-articulated strategy regarding virtualization, public cloud and SDN, and has a promising partnership with VMware NSX.”
- 3. 3 Data Center Trends BYOD,Mobility & SaaS Anytime, anywhere access User-centric apps & services Customer/client responsiveness Big Data & Internet of Things Billions of connected devices Continuous data aggregation Warehousing of petabytes of confidential data Network Impact Higher core throughput & scalability Higher port density Increased small/mixed packet traffic Low user latency IPv4 to IPv6 migration Increased east-west traffic Data Center Transformation Server & network virtualization Multi-tenant public clouds Elasticity & agility
- 4. 4 Data Center Consolidationand SDN Evolution Data Center Firewalls Deployments Data center edge Top of rack Virtual machine protection SDN orchestration Drivers Data center consolidation Migration 10G to 100G Network segmentation Securing East West traffic virtualization and SDN EAST WEST NORTH SOUTH Data Center/SDN VM & SDN Solution FortiGate VM Series VMware (NSX) Cisco ACI OpenStack AWS Azure KVM Hyper V DC FW Solution FortiGate High End Series with 100G+ throughput in an Appliance
- 5. 5 Software-Defined Security Vision Physical &Virtual Security Appliances FortiGate FortiManagerFortiSandbox FortiAnalyzer FortiWeb FortiADC Virtualization SDN Cloud (IaaS) Cloud (SaaS) vSphere XenServer Hyper-V NSX FortiMail 1. Security must integrate with & support underlying SDx Infrastructure, i.e. cloud & SDN IaaS platforms 2. Security is itself fundamental infrastructure that can and should become agile and elastic, i.e. Software-Defined, independent of other SDx transformation
- 6. 6 Fortinet’s Software-Defined SecurityFramework Virtual x86 Containers Hardware-Based Platforms Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management Software-Defined Security Framework Data Plane Control Plane Management Plane PlatformExtensibility
- 7. 7 Virtual Appliances/Services Virtual Appliances& VDOM’s Provide Scale-Out Elasticity Scale-Out Performance Boundary Benefits Scale-Up Elastic Firewall Capacity East-West Traffic Visibility Deployable in Public Clouds vSphere XenServer Hyper-V
- 8. 8 Platform Orchestration &Automation Auto-Scaling Firewall & Rule Provisioning SDN Flow Visibility (dynamic flow control, overlay/ underlay traffic) Dynamic Policies (follow logical port, IP, MAC) Benefits VM VM VM VMware Control Plane Fortinet Service VM Control Plane Orchestration Network Visibility Elastic provisioning Distributed Object-based policy Agility Through Control Plane Integration NSX ACI
- 9. 9 Single Pane-of-Glass Management ConsistentPolicies and Posture Across the Hybrid Cloud Public Cloud Physical Networks Virtualization Centralized Management and Policy VM VM VM VMware VM Management & Policy Logging & Analysis SaaS-Based Portal
- 10. 10 Software-Defined Security UseCases Auto-Scale/Auto-Provision Protection for Elastic Workloads Hypervisor Hypervisor Requirements Solution Auto-scale virtual firewall capacity to new virtualization hosts FortiGate-VMX Auto-provision firewall rules to new workload VM instances FortiGate-VMX, FortiGate for Cisco ACI Orchestrate firewall service insertion, service chaining (via SDN flow control) FortiGate-VMX, FortiGate for Cisco ACI Orchestrate physical and virtual firewalls FortiGate for Cisco ACI Distributed firewall rules across cluster or data center FortiGate-VMX, FortiGate for Cisco ACI Scale web apps and social media to connect virally with customers, partners, users at cloud speed, while transparently ensuring data privacy & compliance IaaS
- 11. 11 Centralized Policy and Logging/Reporting Software-DefinedSecurity Use Cases Secure Inter-VM Traffic in Virtual Environments FortiAnalyzer North-South Data Center Edge East-West Hypervisor Hypervisor FortiManager Requirements Solution Inter-VM traffic visibility FortiGate-VM or FortiGate-VMX Stateful firewall session during live VM migration (e.g. vMotion) FortiGate-VMX Distributed firewall across cluster (policies follow VM independent of logical IP/MAC) FortiGate-VMX Distributed firewall rules across distributed virtual switch FortiGate-VMX Inspect VXLAN encapsulated traffic FortiGate-VMX Centralized management across physical and virtual firewalls FortiManager, FortiAnalyzer Virtual Machine Firewall (East West) Data Center Firewall (North South) Overcome visibility and enforcement challenges with inter-VM traffic and logical networks
- 12. 12 Software-Defined Security Micro-Segmentation inConsolidated Data Centers Mitigate increasing concentration of data and risk in consolidated and multi-tenant data centers Declarative, whitelist-based policy model Fine-grained honeycomb based on users, roles, other metadata Deploy into flat, open networks without disrupting network and infrastructure Leaf nodes Cisco APIC Spine nodes
- 13. 13 Platform Extensibility &Ecosystem Integration Virtual x86 Containers Hardware-Based Platforms Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management Software-Defined Security Framework Data Plane Control Plane Management Plane PlatformExtensibility Cloud/SDN Ecosystem XML JSO N Other Interfaces Logging/ Event SDN Controllers Programmable Switches Cloud Management Centralized Policy & Analytics Orchestration Platforms Mgmt API’s CLI/ Scripting
- 14. 14 Fortinet Programmable NetworkingPartnership Ecosystem ORCHESTRATION PLATFORMS PROGRAMMABLE SWITCHING • ACI announced • vCNS certified • NSX program CENTRALIZED POLICY & ANALYTICS PlatformExtensibility Software-DefinedSecurityFramework SDN CONTROLLERS API’s
- 15. Fortinet Solutions Lan &Wan Solutions Innovare la tua Azienda. La nostra sfida
- 16. 16 Fortinet Virtual AppliancePlatform Support VMware Citrix Open Source Amazon Microsoft Virtual Appliance vSphere v4.0/v4.1 vSphere v5.0 vSphere v5.1 vSphere v5.5 Xen Server v5.6 SP2 Xen Server v6.0+ Xen KVM AWS Hyper-V 2008 R2 Hyper-V 2012 FortiGate-VM ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔* ✔ ✔ FortiManager-VM ✔ ✔ ✔ ✔ ✔ ✔ ✔ FortiAnalyzer-VM ✔ ✔ ✔ ✔ ✔ ✔ ✔ FortiWeb-VM ✔ ✔ ✔ ✔ ✔ ✔ ✔* ✔ FortiMail-VM ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ FortiSandbox-VM ✔ ✔ FortiAuthenticator-VM ✔ ✔ ✔ ✔ ✔ ✔ FortiADC-VM ✔ ✔ ✔ FortiCache-VM ✔ ✔ ✔ ✔ FortiVoice-VM ✔ ✔ ✔ ✔ ✔ ✔ FortiRecorder-VM ✔ ✔ ✔ ✔ ✔ ✔ FortiGate-VMX ✔
- 17. 17 Fortinet FortiGate-VMX • TheChallenge » Tight integration with virtualization/network platform • VMware Network Extensibility APIs (NetX) » Shared object database for easy creation of security policies » Automated deployment of security services and policy enforcement » Easily support live migration(s) of applications within clustered environments » Dynamic security policy updates for newly created services without normal time lag paper trail requests Q4 2014Q3 2014January 2014 2015
- 18. 18 VMware Kernel VMwareKernel vDistributed Switch 1. Initiate communication with vCenter Server 2. Register Fortinet as security service with vCNS Manager 3.Auto-deployFortiGate-VMXtoallhostsinsecuritycluster 4.FortiGate-VMXconnectswithFortiGate- VMXServiceManager 5. License verification and configuration synchronization with FortiGate-VMX 6.Kernelagentcreationanddefaultre-directionrulesforeach hostincluster 7. Real-time updates of object database 8.PushpolicysynchronizationtoallFortiGate- VMXdeployedincluster Fortinet FortiGate-VMX
- 19. 19 Cisco ACI Partnership Source:Infonetics Technology collaboration with Cisco to bring Fortinet’s data center security to #1 SDN platform sought by enterprise customers Joint PR and demo at RSA Conference »Integration of FortiGate into Cisco ACI deployment Joint demo at Interop (April 2015) Product launch targeted late Q2 2015
- 20. 20 Cisco ACI (ApplicationCentric Infrastructure) Overview Spine nodes Leaf nodes ACI Fabric in Datacenter APIC VM VM VMVM VM VM External Internal NET-a NET-b PoC shows FortiGate service insertion and orchestration in Cisco APIC » APIC (Application Policy Infrastructure Controller) is SDN controller » FortiGate device package contains XML metadata » Customer benefits vary with use case, e.g. auto-provision new workloads in multi-tenant clouds
- 21. 21 OpenStack Integration Efforts Service Providers – Open Source OpenStack » With open source through extensible mgmt API » In production in NEC and other provider clouds Enterprise – Supportable OpenStack distro » HP Helion OpenStack emerging as frontrunner – need out- of-box integration » Fortinet announced HP AllianceOne partnership » FG-VM certified HP Helion Ready VM VM VM Hypervisor
- 22. Software-Defined Security forService Providers Lan & Wan Solutions Innovare la tua Azienda. La nostra sfida
- 23. 23 Software-Defined Security FrameworkExtensions for Service Providers Virtual x86 Containers Hardware-Based Platforms PlatformExtensibility Virtual Appliances/ Services Platform Orchestration & Automation Single Pane-of-Glass Management Software-Defined Security Framework Cloud/SDN Ecosystem XML JSON Other Interfaces Logging/ Event SDN Controllers Programmable Switches Cloud Management Centralized Policy & Analytics Orchestration Platforms Mgmt API’s CLI/ Scripting Data Plane Control Plane Management Plane SaaS Multi-Tenancy On-Demand Self-Service Network Function Virtualization Service Provider Extensions
- 24. 24 Network Function Virtualization FirewallVNF Service Chaining – Modular, Interoperable, Scalable ETSI Multi-Vendor PoC on D-NFV (CPE) D-NFV Alliance – Commercialized Offering on RAD Hardware
- 25. 25 Orchestration Deployment and instantation Service Insertion into virtual network On-Demand Self-Service – Utility-Based Pricing/Metering Benefits Pricing Options Hourly/Annual (per-instance) Five different instance sizes Bundled support subscription Utility-based Consumption Licensing Provisioning Metering Billing Protection On-Demand Pay-as-you-Go User/Tenant Self-Service
- 26. 26 SaaS Multi-Tenancy -FortiPrivateCloud
- 27. Lan & WanSolutions Innovare la tua Azienda. La nostra sfida
Editor's Notes
- #8 -Encapsulate firewall, other network security in VM -Can handle both east-west and north-south traffic -Bridged on the virtual switch to get inline -Deployable in public clouds where HW not allowed
- #9 New FortiGate-VM for VMware’s Software-Defined Data Center (Networking, Compute, Storage) Phase I (2014) – Interoperates with vSphere, vCloud and NSX Visibility and enforcement of all virtual network traffic – Transparent to network topology Orchestration - Auto deployment and provisioning of FortiGate virtual appliances and software-defined network configuration Automation - Instant-on protection of new VM instances Distributed firewall - Object-based rules follow VM’s across data center VM-based rules follow IP address, port changes (e.g. due to failover or site recovery) Session state maintained across vMotion (live migration) events Phase II (2015 planning) – Direct NSX integration enhancements (only works with NSX) Potentially higher L2/L3 firewall performance Service-based – SLA-driven orchestration, policies Richer event-based workflows
- #11 Customer are not for products and Security Appliances, they are looking for Security Alliances to their specific Network. FortiGate the widest range of Security Appliances from the 30D all the way to a Blade FortiOS is the most flexible Network Operating systems allowing different personalities such as Firewall, VPN, SWG, NGFW, ATP and UTM with This makes FortiGate suitable for deployment in the Enterprise Campus (Edge) Branch Office Data Center Distributed Enterprise Cloud Access
- #12 Customer are not for products and Security Appliances, they are looking for Security Alliances to their specific Network. FortiGate the widest range of Security Appliances from the 30D all the way to a Blade FortiOS is the most flexible Network Operating systems allowing different personalities such as Firewall, VPN, SWG, NGFW, ATP and UTM with This makes FortiGate suitable for deployment in the Enterprise Campus (Edge) Branch Office Data Center Distributed Enterprise Cloud Access
- #13 Hardware appliances can lose visibility to East-West virtual swtich traffic SDN/SDDC network virtualization can exacerbate challenges (e.g. VXLAN overlays) Logical ports, IP’s, MAC can break static policy rules