Hello, my name is Charles Stroller, in today's computing environment. Most companies are using cloud technologies. The cloud allows data to be shared with anyone, anywhere in the world. Therefore, the data center has to be protected against internal and external threats. My topic today is implementing security and data centers. The following approach to security and the evolving data center, from traditional three tier architectures to virtualized data centers and to the cloud. Aligns with practical realities, such as the need to leverage existing best practices and technology investments. And the likelihood that most organizations will likely transform their data centers. Incrementally, this approach consists of four phases, phase 1, consolidating service within trust levels, organizations often consolidated servers within the same trust level into a single virtual computing environment. Either one physical host or cluster of physical hosts. Intra host communications are generally minimal, and inconsequential as a matter of routine. Most traffic is directed off box, to users and systems resigning at different trust levels. When intra host communications do take place. the absence of protective safeguards between these virtualized systems, is also consistent with the organization's security posture. For non virtualized systems, live migration features are typically used to enable transfer of VMS only to host supporting workloads within the same subject. Security solutions should incorporate a robust virtual systems capability, in which a single instance of the associated countermeasures can be partitioned into multiple local instances. Each with its own policy, management, and event domains. This enables a single physical device to be used to simultaneously meet the unique requirements of multiple VMS or group of theorems. Controlling and protecting inter host traffic, with physical network security appliances that are properly positioned and configured is the primary security focus. Phase 2, consolidating servers across trust levels. Workloads with different trust levels, often coexist on the same physical host or cluster of physical hosts. Intra host communications are limited, and live migration features are used to enable transfer of VMS only to host it on the same seven it. And there are configured identically with regard to routing VM to VM traffic. Intra host communication path are intentionally not configured between VMS with different trust levels. Instead, all traffic is focused off box through a default gateway, such as a physical network security appliance, before being allowed to proceed to the destination VM. Typically, this can be accomplished by configuring separate virtual switches, with separate physical network interface cards for the VMS at each distinct trust level. As a best practice for virtualization, combining workloads with different trust levels, on the same server should be minimized. Additionally, live migrations of VM should be restricted to service supporting workloads within the same trust levels, and within the same subject over time. And in particular as workloads move to the cloud, maintaining segmentation based on trust levels becomes more challenging. Phase 3, selective network security virtualization. Intra host communications and live migrations are architecture at this phase. All intra host communication path are strictly controlled, to ensure that traffic between VMS at different trust levels, is inter mediated either by an on box virtual security appliance or by an off box physical security appliance. Long distance live migrations, for example, between data centers, are enabled by combining native live migration features with external solutions that address associated network and performance challenges. The intense processing requirements of solutions such as next generation firewall. Virtual appliances, will ensure that the purpose built physical appliances continue to play a key role in the virtualized data center. However, virtual instances our dearly suited for scenarios where countermeasures need to migrate along with the workloads they control and protect. In the 4th and final phase, dynamic computing fabric. Conventional static computing environments are transformed in the dynamic fabrics, private or hybrid clouds. We're underlying resources such as network devices, storage and servers can be fluidly engaged in whatever combination best meets the needs of the organization at any given point in time. Intra host communication and live migrations are unrestricted. This phase requires network and security solutions that are not only capable of being virtualized. But are also virtualization aware and can dynamically adjust as necessary to address communication and protection requirements, respectively. Classification, inspection and control mechanisms in virtualization, aware of security solutions, must not be dependent on physical or fixed layer architecture. In general, higher layer attributes such as application, user and content identification are the basis not only for how countermeasures deliver protection. But also for how they dynamically adjust to account for whatever combination of workloads and computing resources exist in their sphere of influence. Associated security management applications also need to be capable of orchestrating the activities of physical and virtual instances of countermeasures first with each other and subject subsequently with other infrastructure components. This is necessary to ensure that adequate protection is optimally delivered in situations where workloads are frequently migrating across data center hopes. Thank you for taking the time to learn about implementing data center security.
