virtual ization
Post on 16-Oct-2015
77 Views
Preview:
TRANSCRIPT
-
1 Fortinet Confidential Copyright 2013 Fortinet Inc. All rights reserved.
Fortinet Virtualized Security Solutions Jason Bandouveres Senior Product Manager Cloud & Virtualization Solutions
-
2 Fortinet Confidential
This document contains confidential material proprietary to Fortinet, Inc.
This document and information and ideas herein may not be disclosed, copied, reproduced or distributed to anyone outside Fortinet, Inc. without prior written consent of Fortinet, Inc.
This information is pre-release and forward looking and therefore is subject to change without notice.
The purpose of this document is to provide a statement of the current direction of Fortinets product strategy and product marketing efforts.
Please note that this Product Roadmap is neither intended to bind Fortinet to any particular course of product marketing and development nor to constitute a part of the license agreement or any contractual agreement with Fortinet or its subsidiaries or affiliates.
D I S C L A I M E R
-
3 Fortinet Confidential
Data Center FW - Virtualization and SDN Integration
Unified Network Access
Secure WiFi & Switching Unified Communication
Systems
Authentication
Core Firewall Platform
Sclabale ASIC Driven Architecture + Virtualization Flexible FOS (FW Personalities NGFW, DCFW,
UTM, Carrier)
Advanced Security Updates
Application Delivery Network
Application Delivery Controllers Web Applicaton Firewalls Distrbuted Denial of Service
Core Network
Data Center
Access Network
Global Management
Platform
SDN/NSX Virtualization Orchestration
Logging, Analytics & Reporting
Multi Platform Policy Object Manager Operations APIs
-
4 Fortinet Confidential
VMware NSX Integation Network Extensibility (NetX) API Integration
Platforms & The Cloud
Availability of all Major Virtualization Platforms
Fortinet Virtualized Solutions
Widest breadth of Security Solutions in the Marketplace
Agenda
-
5 Fortinet Confidential
Virtualization of Security Controls Is Happening Quickly
-
6 Fortinet Confidential
Gartner Hype Cycle Cloud Security
-
7 Fortinet Confidential
Fortinet Virtualized Solution Strategy
Widest breadth of security virtual appliances
Single Pane-of-Glass Management
Hypervisors & Cloud FortiGate-VMX Integrated Solutions
-
8 Fortinet Confidential
Fortinet Virtualized Solutions - Diagram
-
9 Fortinet Confidential
Use Case 1: Dedicated Resources
Dedicated physical compute, network and storage resources.
Dedicated security gateways.
No need to route outside of virtual infrastructure.
Reduce stress on physical network links and eliminates unnecessary latency in application tiers.
FortiGate-VM
Internet
Web Servers Application Servers Database Servers Customer Hosted Application Secured by FortiGate-VM
vSwitch APP
Hypervisor
vSwitch DB vSwitch WEB
vSwitch External
-
10 Fortinet Confidential
Use Case 2: Dedicated Security Physical and Virtualized
Take advantage of FortiGates ASIC acceleration technology for enhance performance.
FortiGate-VM secures each trust zone so the application doesnt need to route out to the physical network.
Ensures minimal latency and maximum performance.
Fortigate HW secures vDatacenter against threats.
FortiGate-VM
FortiGate HW Appliance
Internet
Web Servers Application Servers Database Servers Customer Hosted Application Secured by FortiGate & FortiGate-VM
Hypervisor
vSwitch APP vSwitch DB vSwitch WEB
vSwitch External
-
11 Fortinet Confidential
Use Case 3: Dedicated FortiGate-VM per tenant
FortiGate-VM will secure all traffic in and out of customers environment
Ability to deploy multiple FortiGate-VMs per virtualization host
Protect individual depain multi-tenant environments
Common scenario in Enterprise space
Customer Alpha Customer Bravo
Port Group External (VLAN 100)
Virtual Switch Architecture
Internet
VLAN 1010
VLAN 1020
Connectivity VLAN (VLAN 100)
Port Group Alpha (VLAN 1010)
Port Group Beta (VLAN 1020)
FortiGate-VM
Hypervisor
FortiGate-VM
-
12 Fortinet Confidential
Use Case 4: FortiGate-VM with VDOMs
Utilize Virtual Domains (VDOMs) within FortiGate-VM
1 VDOM: 1 tenant
Segregate customers or business organizations in multi-tenant environments (private and/or public clouds)
Customer Alpha Customer Bravo
Port Group External (VLAN 100)
Virtual Switch Architecture
Internet
VLAN 1010
VLAN 1020
Connectivity VLAN (VLAN 100)
Port Group Alpha (VLAN 1010)
Port Group Beta (VLAN 1020)
VDOM Bravo VDOM Alpha
Hypervisor
-
13 Fortinet Confidential
vSwitch Fabric
vSwitch Bravo 1-n Inter-VM
Use Case 5: Inter-Zone and Inter-VM Security
All Inter-VM traffic in Bravo Zones are subject to full UTM scan through L2 VDOM. Inter-Zone traffic subject to full Next Gen Firewall and UTM scan by L3 VDOM. Alpha Zone VMs can all talk to each other freely.
Alpha Zones
VLAN trunk to L2 VDOM
Bravo 1 Port Gr VLAN 102{1-n}
VLAN trunk to L2 VDOM
vSwitch Inter-ZONE
To L3 VDOM
Bravo 1
vSwitch Alpha
Bravo 2 Port Gr VLAN 103{1-n}
For0Gate-VM
VLAN 1021
1022
VLAN 1031
1032
Hypervisor
Alpha Port Group (VLAN 101)
Bravo 2
-
14 Fortinet Confidential
Use Case 5:Inter-Zone and Inter-VM Security A closer look inside the FortiGate-VM
ZONE 2 192.168.1.x
For0Gate-VM
VM1
VM2
VM3,4
VM5 VM7,8
VM6
NGFW/UTM
NGFW/UTM
NGFW/UTM
ZONE 1 192.168.2.x
ZONE 1 to 2
Zones: Web/DB/App Tenant1,2,3 HR/Finance/QA
Secure Inter-VM traffic in same broadcast domain Transparent VDOM to bridge VLANs Inter-Zone L3 VDOM within FortiGate-VM instance (not vSwitch) No hypervisor API dependency
Hypervisor Layer
-
15 Fortinet Confidential
Deployment Scenario: Single Pain of Glass Management of Physical and Virtual Security Appliances
Centrally manage physical and virtualized Fortinet security appliances
No limits on virtual hardware so adding memory and CPU is a matter of editing the FortiManager-VM virtual appliance
Ability to grow as your environment grows no need to swap out hardware
Same central management infrastructure you are already familiar with Internet
Web Servers Application Servers Database Servers
Hypervisor
vSwitch External
vSwitch MGMT vSwitch App vSwitch DB vSwitch Web
FMG-VM
-
16 Fortinet Confidential
Deployment Scenario: Collect and Analyze Logs from Both Physical and Virtual Security Appliances
Centrally gather logs and run analytics from virtualized and physical Fortinet appliances
Deploy fully tiered environment with multiple collectors gathering logs for a central analyzer
No limits on virtual hardware so adding memory and CPU is a matter of editing the FortiAnalyzer-VM virtual appliance
Ability to grow as your environment grows no need to swap out hardware
HR Finance Engineering
Internet
FAZ-VM FMG-VM FAZ-VM Collector
FAZ-VM Collector
Local FAZ Collector
Hypervisor
vSwitch External
vSwitch MGMT vSwitch Collector
Finance Dev HR
Local FAZ Collector
-
17 Fortinet Confidential
VMware NSX Integation
Network Extensibility (NetX) API Integration
Platforms & The Cloud
Availability of all Major Virtualization Platforms
Fortinet Virtualized Solutions
Widest breadth of Security Solutions in the Marketplace
Agenda
-
18 Fortinet Confidential
Fortinet Virtual Appliance Platform Support
VMware Citrix Open Source Amazon Microsoft
Virtual Appliance vSphere v4.0 vSphere
v4.1 vSphere
v5.0 vSphere
v5.1
Xen Server
v5.6 SP2
Xen Server v6.0
Xen KVM AWS Hyper-V 2008 R2 Hyper-V
2012
FortiGate-VM Q1
FortiManager-VM 1H 1H 1H
FortiAnalyzer-VM 1H 1H 1H
FortiWeb-VM
FortiMail-VM
FortiScan-VM
FortiAuthenticator-VM
FortiADC-VM
FortiCache-VM
FortiVoice-VM
FortiRecorder-VM
-
19 Fortinet Confidential
VMware NSX Integation
Network Extensibility (NetX) API Integration
Platforms & The Cloud
Availability of all Major Virtualization Platforms
Fortinet Virtualized Solutions
Widest breadth of Security Solutions in the Marketplace
Agenda
-
20 Fortinet Confidential
NSX Integrated Partners Integration Points
NSX Controller
NSX API
Partner Extensions
Network Gateway Services
Network Security
Platforms Application
Delivery IDS/IPS
+
Cloud MGT Platforms
AV/FIM Vulnerability Management
Security Services
VMware NSX network virtualization platform provides security across virtual and physical infrastructures Similar to virtual machines for compute, virtual networks are programmatically provisioned and managed independent of underlying networking hardware
-
21 Fortinet Confidential
VMware Network Extensibility (NetX)
Program provides tools and resources to help partners develop and certify network security and network services solutions that are integrated into VMwares cloud infrastructure suite
Service Virtual Machine (FortiGate-VMX) is automatically deployed using the vShield Manager/NetX REST APIs
Set rules about what sort of packets are accepted, rejected, sent or copied to it for examination, based on IP address, MAC address and port number Inserts virtual filter between vNIC of the protected VM and the virtual switch (i.e. hypervisor-based security)
-
22 Fortinet Confidential
Fortinet Service Manager integrates with vShield Manager
Fortinet Service Manager integrates with FortiGlobal via JSON API
Service Manager registers solution with VMware environment
Service Manager is updated with all vCenter dbase objects
Service Manager deploys security service VMs
FortiGlobal pushes policies to security service VMs
Fortinet Integration
VMware vSphere
FortiGate-VMX FortiGate-VMX FortiGate-VMX
VMware vSphere VMware vSphere
vDistributed Switch
VMware vCenter Server VMware vShield Manager
Fortinet Service Manager JSON
FortiGlobal-VM
-
23 Fortinet Confidential
Q & A
top related