hyper-v optimizations & security for private clouds - · pdf filehyper-v optimizations...

Hyper-V Optimizations &

Security for Private Cloudsfrom Nutanix & 5nine Software

Robert Corradini Symon Perriman

Microsoft Solutions Architect VP of Business Development

Nutanix 5nine Software

@netwatch @SymonPerriman

• Nutanix– Invisible Infrastructure & Web-Scale Design Points

– Building Simple & Secure Cloud Environments

• 5nine Cloud Security– Azure Pack (WAP) Extension

– System Center VMM Plugin

• Summary & Discussion

Agenda

Nutanix Enterprise Cloud Infrastructure

Robert Corradini

Microsoft Solutions Architect, Technical Alliances

4

About Nutanix

2100+ customers

Over 70 countries

6 continents

Making datacenter infrastructure invisible, elevating IT to focus on applications and services

Founded in 2009

1,300+ employees

5

Gartner Magic QuadrantIntegrated Systems 2015

StrengthsNutanix is a complete infrastructure solutions

company, providing its customers flexibility in their

choice of hypervisors and cloud usage

Nutanix has gained market credibility and

established a worldwide presence

The Acropolis scale-out architecture, along with the

ability to scale compute and storage independently,

enables users to grow Nutanix deployments

incrementally to meet application needs.

6

TAC Centers

NBD Depots

Bangalore

San JoseDurham

Amsterdam

Tokyo

Sydney

Global Support Overview

24x7x365 50+Spare Parts Depots

+90Net Promoter Score

70+Countries

Languages

6WW Support

Centers

“Follow the Sun” support

7

Education Services Consulting Services Customer Advocacy

Administration, Troubleshooting and

Management Courses

Comprehensive Curriculum

Global Delivery

Value-based Services

Highly Skilled Nutanix Experts

Workload Migration, Cloud Automation,

VDI Deployment

Strategy and Deployment Assistance

Technical Relationship Manager, Nutanix

Executive Sponsor

Maximize Value from Investment

Innovative Learning

9.8/10 CSAT Score

Trusted Advisor

Nutanix Global Services OfferingsA unique approach to customer education, consulting, & advocacy

8

The Best IT Infrastructure Is

You Can’t See

9

Challenges With Existing Datacenter Architecture

1. Inherent Complexity

2. Inefficient Silos

3. Unpredictable Scaling

10

You Must Have Infrastructure That…

Invisib

le

11

Enterprise-grade Engineering

Consumer-grade Design

Ingredients of Invisible Infrastructure

12

Web-Scale: Design Point for Invisible Infrastructure

Design Principles

• Unbranded x86 servers: fail-fast systems

• No special purpose appliances

• All intelligence and services in software

• Extensive automation and rich analytics

• Distributed everything

Benefits

• Linear, predictable scale-out

• Always-on systems

• Fast innovation in software

• Operational simplicity

• Lower TCO

13

The Solution: Hyperconverged Infrastructure

Integrated, scale-out compute and storage

Virtualization

App App

Virtualization

App App

Storage

Controller

Storage

Controller

Storage

Controller

Storage

Controller

Server Server

Storage

Controller

Storage

Controller

14

Nutanix Web-Scale Architecture

Eliminates

SAN and NAS

arrays

Tier 1 Workloads(running on all nodes)

Nutanix Controller VM(one per node)

Node 2

VM VM VM CVM

X86

Node N

VM VM VM CVM

X86

Node 1

VM VM VM CVM

X86

Local + Remote(Flash + HDD)

Distributed Storage Fabric

intelligent tiering, VM-centric management and more…

Snapshots Clones Compression Deduplication

ESXi

Acropolis App Mobility Fabric

AHVHyper

-VESXi AHV

Hyper

-VESXi AHV

Hyper

-V

Workload

Mobility and

Hypervisor

Choice

Request a Demo: http://www.nutanix.com/demo/

15

Any Application at Any Scale

VDI

Branch

Office

Data Protection & Disaster

Recovery

Big Data

Private &

Hybrid Clouds

Collaboration and

UC

Enterprise

Applications

16

Today and Tomorrow’s App Can Live on Nutanix

Staging DPDRProductionDev/Test

Hybrid App Lifecycle

On-Premise On-PremiseCloud & On-

Premise

Cloud & On-

Premise

Nutanix’s Holistic Approach to Security

Robert Corradini

Microsoft Solutions Architect, Technical Alliances

18

Nutanix’s Native Security FeaturesEnsure security without compromise

*Q2CY16

Custom Security Technical Implementation Guide (STIG)

Nutanix has developed its own comprehensive STIG written

in open XCCDF.xml format to support the Security Content

Automation Protocol (SCAP) standard.

19

Built-in Security + Partner EcosystemNutanix’s holistic approach to security

End-PointSecurity Anti-Virus,Anti-Malware

Built-in Host Security

STIG Hardening, SecDLSelf-Healing, TPM*

DataSecurity Encryption

NetworkSecurity Micro-Segmentation,Firewall

*Q2CY16

20

Built-in Security + Security Partner EcosystemNutanix’s holistic approach to security

*Q2CY16

✓ Improve your Security and Compliance with a Unified Solution Designed for Hyper-V

✓ Maximize your Performance with the Fastest and Least Disruptive Security Solution

✓ Increase your VM density by up to 30%

✓ Automate Protection for Virtual Machines, Networks and Storage

✓ Hide Security from your Virtual Machines and Users with Agentless Protection

Request a Demo: http://www.nutanix.com/demo/

5nine Cloud Security

A Unified Security and Compliance

Solution Designed for Hyper-V

www.5nine.com/Security

5nine Software

• Founded in 2009

• Headquartered in Chicago, with staff in 24 regions worldwide, including 18 Microsoft MVPs

• 80,000 Hyper-V users globally, representing companies and datacenters of all sizes

• The leading solutions provider of security & management applications for Hyper-V– 5nine Cloud Security – A unified security and compliance solution designed for Hyper-V

– 5nine Manager – Easy, centralized and affordable management and monitoring for Hyper-V

– 5nine V2V Easy Converter – Fast and easy migration of VMware virtual machines to Microsoft Hyper-V

• Visit www.5nine.com or email Info@5nine.com for more info

18x

5nine’s Global PresenceHeadquarters

Chicago

AmericasBuenos Aires

CalgaryNew Jersey

OttawaSeattle

Europe & MEAAbu Dhabi

AthensBasel

BrusselsDublinMilan

MoscowMunich

NiceStockholm

St. PetersburgZagrebZurich

Asia PacificBangkokBrisbaneColombo

Kuala LumpurMelbourne

Perth

5nine Cloud SecurityA Unified Security and Compliance Solution Designed for Hyper-V

• Address every Hyper-V vulnerability across every virtual resource

– Virtual firewall

– Agentless antivirus & antimalware

– Network intrusion detection (IDS) & analysis

– Security as a Service (SECaaS) with Azure Pack (WAP)

– System Center Virtual Machine Manager (SCVMM) Plugin

• Avoid gaps in protection from legacy endpoint security solutions

• Automatically and immediately protect every virtual machine

• Industry’s leading security and compliance solution

• For Hyper-V users of all sizes without needing to be a security specialist

• Agentless design and fastest scans in the industry

• More information: http://www.5nine.com/CloudSecurity

© 2016 Snort and the Snort Pig are registered trademarks of Cisco. All rights reserved.

How a Threat Reaches a VM

Security using the Hyper-V Extensible Switch

• No security component is required to run inside the VM– User never sees it

– User never has to update

– User can never disable it

– Users will not even notice that they are being protected

• Administrators no longer need access to every VM– Centralized management of policies and definitions

– Increase security and compliance

– Ideal for service providers to ensure tenant privacy

– Simplify VDI management

• Enable genuine private multi-tenant environments and VM isolation

• Patent-pending agentless design for Hyper-V

Hide Security with Agentless Protection

Multiple Layers of Security

1. Virtual Firewall

2. AV Detection on the Network

3. AV Scan on the Disk

4. Network Intrusion Detection

5. Network Anomaly Analysis

6. Extensible to Analytics Systems

©2016 Snort and the Snort Pig are registered trademarks of Cisco. All rights reserved.

• Intercept network traffic before it even gets to the VM

• Manage traffic at the network protocol level

– TCP, UDP, GRE, ICMP, IGMP, etc.

• Single solution for every guest OS supported by Hyper-V

Security Layer 1 – Virtual Firewall

Server• Windows Server 2016• Windows Server 2012 R2• Windows Server 2012• Windows Server 2008 R2• Home Server 2011• Small Business Server 2011• Windows Server 2003

Client• Windows 10• Windows 8.1• Windows 8• Windows 7• Windows Vista• Windows XP

Linux & UNIX• CentOS• Debian• FreeBSD• Oracle Linux• Red Hat RHEL• SUSE• Ubuntu

Security Layer 2 – AV Detection on the Network

• Protection for all virtual networks

• Active detection for immediate threat notification– Unencrypted HTTP traffic (more coming soon)

• Automatically alert admins– Email, PowerShell, Event Logs

Security Layer 3 – AV Security on the Disk

• No more “scanning storms”– Increase VM performance

– Increase VM density by up to 30%

• 5nine uses a patent-pending

Change Block Tracking (CBT) driver– Scan only blocks on the disk that have changed

– Scan up to 70x faster

Security Layer 4 – Network Intrusion Detection

Hyper-V Hosts

Database

5nine Cloud Security Management Server

Public Internet

©2016 Snort and the Snort Pig are registered trademarks of Cisco. All rights reserved.

Security Layer 5 – Network Anomaly Analysis

Hyper-V Hosts

Database

5nine Cloud Security Management Server

Public Internet

0

10

20

30

40

50

60

70

80

90

100

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

Normal Traffic

0

10

20

30

40

50

60

70

80

90

100

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

Unusual Traffic

Security Layer 6 – Extensible to Analytics Systems

Hyper-V Hosts

Database

5nine Cloud Security Management Server

Public Internet

On-Premises Analytics

Cloud-Based Analytics

• Virtual environments are dynamic and change regularly– Legacy “endpoint” security is impractical and unsafe

• Automatically and immediately protect the entire virtualized infrastructure

and software-defined networks (SDNs)

• Guarantee higher levels of business continuity and reliability

• Built-in automation tools

• Script custom security policies with PowerShell

• Save time and free up valuable operational resources

• Reduce the risk of misconfigured security policies

Automate Protection for VMs, Networks & Storage

Hyper-V Hosts & Clusters SQL Server

5nine Cloud Security Management Server

Redundant Management Group

SQL Server

SQL Cluster

Branch Office

SQL Server

5nine Sync

5nine Cloud Security Management5nine Console | 5nine PowerShell

Azure Pack (WAP) ExtensionSystem Center Virtual Machine Manager (SCVMM) Plugin

Enterprise High-Availability for Security

System Center Virtual Machine Manager PluginCentralized Security Management through System Center to Protect your Hyper-V Infrastructure and VMs

• Easy-to-use extension of 5nine Cloud Security

• Integrate into your existing management system

• Protect all Windows Server, Windows and Linux VMs

• Agentless design for easy management

• Fastest security scans in the industry

• Meet industry compliance & regulation requirements

• Scales to protect the largest enterprises running

System Center and the Microsoft Cloud Platform

• Free add-on for 5nine Cloud Security

Windows Azure Pack & Microsoft Azure Stack

Security

Azure Pack (WAP) Extension

Security as a Service (SECaaS) to Protect your Datacenter, your Customers, and their Clouds

• The only Security as a Service (SECaaS) solution for Azure Pack

• Free add-on to 5nine Cloud Security

• Enable tenants to easily manage their own Windows and Linux security policies through self-service

• Hosting and service providers can secure multi-tenant environments and VMs

• Users can easily configure firewalls, intrusion detection, and more

• Generate revenue by offering Security as a Service (SECaaS)

• Differentiate yourself through achieving

increased security and compliance

Azure Pack (WAP) allows you to run Azure services in your datacenter on your hardware, it is not a part of the Microsoft Azure public cloud

Administrator Portal

• Add SECaaS to plans

• Protect hosts, VMs & tenants

• Global firewall templates

• View user action logs

• Notifications

• Billing & chargeback– Via Cloud Cruiser or Cloud Assert

Tenant Portal• Protect a VM through self-service

– Virtual Firewall

– Antivirus & Antimalware

– Intrusion Detection

– Network Traffic Scanner

– Network Anomaly Scanner

• VM Groups

• Firewall templates

• View user action logs

• Notifications

Azure Pack SECaaS Feature Set

Generate New Revenue through SECaaS

• Only Security as a Service solution for Azure Pack

• Make premium security the default offering

• Provide tenants with simple SECaaS features– Virtual firewall, intrusion detection, security templates

• Stand out from your competition and public clouds

• Attract new customers

• Generate additional revenue from existing clients

• Also improve security for your infrastructure and users

Meet Compliance & Regulation Requirements

• Virtualization infrastructure is being targeted by hackers

• Meet expected compliance and regulation standards

• Meet customer’s guidelines to operate in new markets

• Support more regulation requirements

• Increase your own potential customer base

5nine Cloud Security

Demo

www.5nine.com/Security

Summary & Discussion

• Nutanix– Nutanix website: http://www.nutanix.com

– Nutanix security page: http://www.nutanix.com/products/features/security/

– Nutanix security certifications: http://www.nutanix.com/products/features/security/certifications/

– Robert Corradini, contact: Robert.Corradi@Nutanix.com

– Request a Nutanix Demo: http://www.nutanix.com/demo)

• 5nine Software– 5nine website: http://www.5nine.com

– 5nine videos: https://www.youtube.com/user/5NineSoftware

– 5nine Cloud Security: http://www.5nine.com/Security

• Azure Pack (WAP) Extension: http://www.5nine.com/WAP

• System Center VMM Plugin: http://www.5nine.com/SCVMM

– Symon Perriman, contact Symon@5nine.com Info@5nine.com or Sales@5nine.com

Resources

Q&A

Symon@5nine.com Robert.Corradini@Nutanix.com@SymonPerriman @netwatch