hyper-v optimizations & security for private clouds - · pdf filehyper-v optimizations...
TRANSCRIPT
Hyper-V Optimizations &
Security for Private Cloudsfrom Nutanix & 5nine Software
Robert Corradini Symon Perriman
Microsoft Solutions Architect VP of Business Development
Nutanix 5nine Software
@netwatch @SymonPerriman
• Nutanix– Invisible Infrastructure & Web-Scale Design Points
– Building Simple & Secure Cloud Environments
• 5nine Cloud Security– Azure Pack (WAP) Extension
– System Center VMM Plugin
• Summary & Discussion
Agenda
Nutanix Enterprise Cloud Infrastructure
Robert Corradini
Microsoft Solutions Architect, Technical Alliances
4
About Nutanix
2100+ customers
Over 70 countries
6 continents
Making datacenter infrastructure invisible, elevating IT to focus on applications and services
Founded in 2009
1,300+ employees
5
Gartner Magic QuadrantIntegrated Systems 2015
StrengthsNutanix is a complete infrastructure solutions
company, providing its customers flexibility in their
choice of hypervisors and cloud usage
Nutanix has gained market credibility and
established a worldwide presence
The Acropolis scale-out architecture, along with the
ability to scale compute and storage independently,
enables users to grow Nutanix deployments
incrementally to meet application needs.
6
TAC Centers
NBD Depots
Bangalore
San JoseDurham
Amsterdam
Tokyo
Sydney
Global Support Overview
24x7x365 50+Spare Parts Depots
+90Net Promoter Score
70+Countries
Languages
6WW Support
Centers
“Follow the Sun” support
7
Education Services Consulting Services Customer Advocacy
Administration, Troubleshooting and
Management Courses
Comprehensive Curriculum
Global Delivery
Value-based Services
Highly Skilled Nutanix Experts
Workload Migration, Cloud Automation,
VDI Deployment
Strategy and Deployment Assistance
Technical Relationship Manager, Nutanix
Executive Sponsor
Maximize Value from Investment
Innovative Learning
9.8/10 CSAT Score
Trusted Advisor
Nutanix Global Services OfferingsA unique approach to customer education, consulting, & advocacy
8
The Best IT Infrastructure Is
You Can’t See
9
Challenges With Existing Datacenter Architecture
1. Inherent Complexity
2. Inefficient Silos
3. Unpredictable Scaling
10
You Must Have Infrastructure That…
Invisib
le
11
Enterprise-grade Engineering
Consumer-grade Design
Ingredients of Invisible Infrastructure
12
Web-Scale: Design Point for Invisible Infrastructure
Design Principles
• Unbranded x86 servers: fail-fast systems
• No special purpose appliances
• All intelligence and services in software
• Extensive automation and rich analytics
• Distributed everything
Benefits
• Linear, predictable scale-out
• Always-on systems
• Fast innovation in software
• Operational simplicity
• Lower TCO
13
The Solution: Hyperconverged Infrastructure
Integrated, scale-out compute and storage
Virtualization
App App
Virtualization
App App
Storage
Controller
Storage
Controller
Storage
Controller
Storage
Controller
Server Server
Storage
Controller
Storage
Controller
14
Nutanix Web-Scale Architecture
Eliminates
SAN and NAS
arrays
Tier 1 Workloads(running on all nodes)
Nutanix Controller VM(one per node)
Node 2
VM VM VM CVM
X86
Node N
VM VM VM CVM
X86
Node 1
VM VM VM CVM
X86
Local + Remote(Flash + HDD)
Distributed Storage Fabric
intelligent tiering, VM-centric management and more…
Snapshots Clones Compression Deduplication
ESXi
Acropolis App Mobility Fabric
AHVHyper
-VESXi AHV
Hyper
-VESXi AHV
Hyper
-V
Workload
Mobility and
Hypervisor
Choice
Request a Demo: http://www.nutanix.com/demo/
15
Any Application at Any Scale
VDI
Branch
Office
Data Protection & Disaster
Recovery
Big Data
Private &
Hybrid Clouds
Collaboration and
UC
Enterprise
Applications
16
Today and Tomorrow’s App Can Live on Nutanix
Staging DPDRProductionDev/Test
Hybrid App Lifecycle
On-Premise On-PremiseCloud & On-
Premise
Cloud & On-
Premise
Nutanix’s Holistic Approach to Security
Robert Corradini
Microsoft Solutions Architect, Technical Alliances
18
Nutanix’s Native Security FeaturesEnsure security without compromise
*Q2CY16
Custom Security Technical Implementation Guide (STIG)
Nutanix has developed its own comprehensive STIG written
in open XCCDF.xml format to support the Security Content
Automation Protocol (SCAP) standard.
19
Built-in Security + Partner EcosystemNutanix’s holistic approach to security
End-PointSecurity Anti-Virus,Anti-Malware
Built-in Host Security
STIG Hardening, SecDLSelf-Healing, TPM*
DataSecurity Encryption
NetworkSecurity Micro-Segmentation,Firewall
*Q2CY16
20
Built-in Security + Security Partner EcosystemNutanix’s holistic approach to security
*Q2CY16
✓ Improve your Security and Compliance with a Unified Solution Designed for Hyper-V
✓ Maximize your Performance with the Fastest and Least Disruptive Security Solution
✓ Increase your VM density by up to 30%
✓ Automate Protection for Virtual Machines, Networks and Storage
✓ Hide Security from your Virtual Machines and Users with Agentless Protection
Request a Demo: http://www.nutanix.com/demo/
5nine Cloud Security
A Unified Security and Compliance
Solution Designed for Hyper-V
www.5nine.com/Security
5nine Software
• Founded in 2009
• Headquartered in Chicago, with staff in 24 regions worldwide, including 18 Microsoft MVPs
• 80,000 Hyper-V users globally, representing companies and datacenters of all sizes
• The leading solutions provider of security & management applications for Hyper-V– 5nine Cloud Security – A unified security and compliance solution designed for Hyper-V
– 5nine Manager – Easy, centralized and affordable management and monitoring for Hyper-V
– 5nine V2V Easy Converter – Fast and easy migration of VMware virtual machines to Microsoft Hyper-V
• Visit www.5nine.com or email [email protected] for more info
18x
5nine’s Global PresenceHeadquarters
Chicago
AmericasBuenos Aires
CalgaryNew Jersey
OttawaSeattle
Europe & MEAAbu Dhabi
AthensBasel
BrusselsDublinMilan
MoscowMunich
NiceStockholm
St. PetersburgZagrebZurich
Asia PacificBangkokBrisbaneColombo
Kuala LumpurMelbourne
Perth
5nine Cloud SecurityA Unified Security and Compliance Solution Designed for Hyper-V
• Address every Hyper-V vulnerability across every virtual resource
– Virtual firewall
– Agentless antivirus & antimalware
– Network intrusion detection (IDS) & analysis
– Security as a Service (SECaaS) with Azure Pack (WAP)
– System Center Virtual Machine Manager (SCVMM) Plugin
• Avoid gaps in protection from legacy endpoint security solutions
• Automatically and immediately protect every virtual machine
• Industry’s leading security and compliance solution
• For Hyper-V users of all sizes without needing to be a security specialist
• Agentless design and fastest scans in the industry
• More information: http://www.5nine.com/CloudSecurity
© 2016 Snort and the Snort Pig are registered trademarks of Cisco. All rights reserved.
How a Threat Reaches a VM
Security using the Hyper-V Extensible Switch
• No security component is required to run inside the VM– User never sees it
– User never has to update
– User can never disable it
– Users will not even notice that they are being protected
• Administrators no longer need access to every VM– Centralized management of policies and definitions
– Increase security and compliance
– Ideal for service providers to ensure tenant privacy
– Simplify VDI management
• Enable genuine private multi-tenant environments and VM isolation
• Patent-pending agentless design for Hyper-V
Hide Security with Agentless Protection
Multiple Layers of Security
1. Virtual Firewall
2. AV Detection on the Network
3. AV Scan on the Disk
4. Network Intrusion Detection
5. Network Anomaly Analysis
6. Extensible to Analytics Systems
©2016 Snort and the Snort Pig are registered trademarks of Cisco. All rights reserved.
• Intercept network traffic before it even gets to the VM
• Manage traffic at the network protocol level
– TCP, UDP, GRE, ICMP, IGMP, etc.
• Single solution for every guest OS supported by Hyper-V
Security Layer 1 – Virtual Firewall
Server• Windows Server 2016• Windows Server 2012 R2• Windows Server 2012• Windows Server 2008 R2• Home Server 2011• Small Business Server 2011• Windows Server 2003
Client• Windows 10• Windows 8.1• Windows 8• Windows 7• Windows Vista• Windows XP
Linux & UNIX• CentOS• Debian• FreeBSD• Oracle Linux• Red Hat RHEL• SUSE• Ubuntu
Security Layer 2 – AV Detection on the Network
• Protection for all virtual networks
• Active detection for immediate threat notification– Unencrypted HTTP traffic (more coming soon)
• Automatically alert admins– Email, PowerShell, Event Logs
Security Layer 3 – AV Security on the Disk
• No more “scanning storms”– Increase VM performance
– Increase VM density by up to 30%
• 5nine uses a patent-pending
Change Block Tracking (CBT) driver– Scan only blocks on the disk that have changed
– Scan up to 70x faster
Security Layer 4 – Network Intrusion Detection
Hyper-V Hosts
Database
5nine Cloud Security Management Server
Public Internet
©2016 Snort and the Snort Pig are registered trademarks of Cisco. All rights reserved.
Security Layer 5 – Network Anomaly Analysis
Hyper-V Hosts
Database
5nine Cloud Security Management Server
Public Internet
0
10
20
30
40
50
60
70
80
90
100
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Normal Traffic
0
10
20
30
40
50
60
70
80
90
100
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
Unusual Traffic
Security Layer 6 – Extensible to Analytics Systems
Hyper-V Hosts
Database
5nine Cloud Security Management Server
Public Internet
On-Premises Analytics
Cloud-Based Analytics
• Virtual environments are dynamic and change regularly– Legacy “endpoint” security is impractical and unsafe
• Automatically and immediately protect the entire virtualized infrastructure
and software-defined networks (SDNs)
• Guarantee higher levels of business continuity and reliability
• Built-in automation tools
• Script custom security policies with PowerShell
• Save time and free up valuable operational resources
• Reduce the risk of misconfigured security policies
Automate Protection for VMs, Networks & Storage
Hyper-V Hosts & Clusters SQL Server
5nine Cloud Security Management Server
Redundant Management Group
SQL Server
SQL Cluster
Branch Office
SQL Server
5nine Sync
5nine Cloud Security Management5nine Console | 5nine PowerShell
Azure Pack (WAP) ExtensionSystem Center Virtual Machine Manager (SCVMM) Plugin
Enterprise High-Availability for Security
System Center Virtual Machine Manager PluginCentralized Security Management through System Center to Protect your Hyper-V Infrastructure and VMs
• Easy-to-use extension of 5nine Cloud Security
• Integrate into your existing management system
• Protect all Windows Server, Windows and Linux VMs
• Agentless design for easy management
• Fastest security scans in the industry
• Meet industry compliance & regulation requirements
• Scales to protect the largest enterprises running
System Center and the Microsoft Cloud Platform
• Free add-on for 5nine Cloud Security
Windows Azure Pack & Microsoft Azure Stack
Security
Azure Pack (WAP) Extension
Security as a Service (SECaaS) to Protect your Datacenter, your Customers, and their Clouds
• The only Security as a Service (SECaaS) solution for Azure Pack
• Free add-on to 5nine Cloud Security
• Enable tenants to easily manage their own Windows and Linux security policies through self-service
• Hosting and service providers can secure multi-tenant environments and VMs
• Users can easily configure firewalls, intrusion detection, and more
• Generate revenue by offering Security as a Service (SECaaS)
• Differentiate yourself through achieving
increased security and compliance
Azure Pack (WAP) allows you to run Azure services in your datacenter on your hardware, it is not a part of the Microsoft Azure public cloud
Administrator Portal
• Add SECaaS to plans
• Protect hosts, VMs & tenants
• Global firewall templates
• View user action logs
• Notifications
• Billing & chargeback– Via Cloud Cruiser or Cloud Assert
Tenant Portal• Protect a VM through self-service
– Virtual Firewall
– Antivirus & Antimalware
– Intrusion Detection
– Network Traffic Scanner
– Network Anomaly Scanner
• VM Groups
• Firewall templates
• View user action logs
• Notifications
Azure Pack SECaaS Feature Set
Generate New Revenue through SECaaS
• Only Security as a Service solution for Azure Pack
• Make premium security the default offering
• Provide tenants with simple SECaaS features– Virtual firewall, intrusion detection, security templates
• Stand out from your competition and public clouds
• Attract new customers
• Generate additional revenue from existing clients
• Also improve security for your infrastructure and users
Meet Compliance & Regulation Requirements
• Virtualization infrastructure is being targeted by hackers
• Meet expected compliance and regulation standards
• Meet customer’s guidelines to operate in new markets
• Support more regulation requirements
• Increase your own potential customer base
5nine Cloud Security
Demo
www.5nine.com/Security
Summary & Discussion
• Nutanix– Nutanix website: http://www.nutanix.com
– Nutanix security page: http://www.nutanix.com/products/features/security/
– Nutanix security certifications: http://www.nutanix.com/products/features/security/certifications/
– Robert Corradini, contact: [email protected]
– Request a Nutanix Demo: http://www.nutanix.com/demo)
• 5nine Software– 5nine website: http://www.5nine.com
– 5nine videos: https://www.youtube.com/user/5NineSoftware
– 5nine Cloud Security: http://www.5nine.com/Security
• Azure Pack (WAP) Extension: http://www.5nine.com/WAP
• System Center VMM Plugin: http://www.5nine.com/SCVMM
– Symon Perriman, contact [email protected] [email protected] or [email protected]
Resources
Q&A
[email protected] [email protected]@SymonPerriman @netwatch