Brocade Software Networking Presentation at Interface 2016

Editor's Notes

1. Today I’ll talk about the Brocade Software Networking Solutions that leverage SDN and NFV technologies. These technologies from Brocade deliver an Open and an Agile solution architecture that further improves economics.
2. In 2000 we started with consolation server farms Later virtualization was introduced to bring efficientices with the hardware and physical space Convergence with intergrated systems and improved deployment times Then Cloud as a service to help control operation and hardware costs and improve agility What is the new IP?
3. Brocade New IP focuses on transforming the network to precisely achieve the flexibility and agility that is needed to meet the SLAs. The 4 key tenets of New IP are to deliver innovative technologies that are Open, .Software-based, Ecosystem driven but at the same time enabling the customers to adapt to these new transformative innovations at their own pace. This enables a new way of doing business ie. now it is the business that drives IT and not the IT limitations chaining the business growth. So thereby Unleash the Power of Network Today, in order to be Future Ready!
4. Let’s talk about SDN and NFV at a very high level. Many of you may already know about it.
5. So what is SDN – Software Defined Network? SDN is a programmable network that enables the customer to design, build and manage their own network. It decouples the Data Plane from the Control Plane on a physical network device. The advantages of doing so are: Logically centralized view of the overall network Improved interoperability and manageability Enable users to develop and deploy unique capabilities for their network needs
6. What is NFV – Network Functions Virtualization? In order to make the network more flexible and agile, one of the best software technologies is NFV. It essentially virtualizes the hardware network devices like router, ADC, firewall, VPN. The advantages of this are: Virtualize the network devices to create multiple virtual functions for various network appliances ie. Layer 3 to Layer 7 Enable service innovations and meet service SLAs Reduce CAPEX/OPEX
7. Brocade SDN Controller is a leading open source solution based on OpenDaylight. We are a commercial version of the opendaylight sdn controller. We bring our experience and support to help customers embrace SDN and limit any switch costs. It is a vendor-agnostic solution as it is- Designed for an open, multivendor world Each layer can be selected independently No platform or northbound dependencies Simple on-ramp to SDN Low-risk investment protection Smooth installation and maintenance Collaborative innovation Joint and custom app development Bridge to OpenDaylight community
8. Brocade vRouter is the first virtual router that has the ability to provide advanced networking and security in software. It delivers the following benefits: High ROI and Efficiency Proven high VNF density of vRouters in single server Low CPU consumption provides headroom for other VNFs Delivers breakthrough performance 80Gbps line rate on single vRouter Advanced enhancements with Intel DPDK High Versatility Single product, multiple functions for Cloud and SP like router, VPN, Firewall Cloud network segmentation, Secure gateway services and Workload and Subscriber firewall Brocade vRouter has more than 100M+ production hours deployed at customer sites.
9. Brocade Virtual Application Delivery Controller (vADC) solutions help ensure predictable high-performance for applications whenever and wherever they are deployed. Purpose-built for the Cloud Deploy in any Hybrid Cloud architectures On-demand application delivery - ADCaaS Established CSP partnerships – Azure, AWS, Rackspace, Joyent etc Intel DPDK – Explain the benefits Process automation Easy, consistent deployment of Service templates (LBaaS) and service isolation with centralized management Usage visibility – metering and billing capabilities for chargeback Integration with key orchestration tools – OpenStack, VMware NSX and Brocade SDN Controller Hyperscale and Performance on Demand Highest Layer 7 throughput for software (50GB/node) Unique web application security solution
10. There are four parts to the vADC story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service” First, the core ADC platform is known as Brocade Traffic Manager: this provides core Layer 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript. And we will see in a moment, Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization. Second, Brocade Web Application Firewall is a Layer-7 web application firewall, which is designed to protect applications from external application-level attacks. While a network firewall ensures that only certain types of traffic are permitted or denied, a web application firewall works with the business logic to decide whether to allow the request to be processed, checking for targeted attacks such as SQL Injection and Cross-Site scripting, and preventing data leakage. Third, to accerate your web application convent we have the Web Accelerator which compress and caches web app content to improve bandwidth used, load times, lowers requests, best CDN Enterprise services on load times and number of requests Finally, Brocade Services Controller gives a framework to manage on-demand provisioning, by automating the deployment, licensing and metering of ADC services across a virtual or cloud framework. When linked to a service orchestration framework, we call this ability to create and manage on-demand application delivery services “ADC-as-a-Service” and it transforms the way ADC services are consumed by enterprises and service providers to a much more fluid capacity-based model.
11. See Slide 27 for detailed explanation to help you talk through this slide with a customer. Financial and time benefits of going with us In traditional models each ADC has specific capacity allocated to it that cannot be shared with other ADCs With Brocade customers purchase capacity to fill their ‘bucket’, that capacity can then be distributed and redistributed between ADCs as needed in unlimited numbers.
12. Whether for services providers or enterprises, we provide a complete set of tools to manage the inventory of ADC instances, so you know how resource pools are being used, and to plan ahead for how to re-allocate resources between different applications and groups. Usage reports can be created for business units and individual clients, making it easy to implement charge-back and billing for cost allocation across the business.
13. Each app has its own vTM = address scale and availability – need to make sure it looks virtual – animation There are FOUR parts to the vADC story, which together provide a comprehensive on-demand solution, and build up to the concept we call “Application Delivery as a Service” or “ADC-as-a-Service” First, the core ADC platform is known as Brocade Traffic Manager: this provides core Layer 4 to 7 services, including load balancing, caching and SSL offload, and a powerful scripting tool, called TrafficScript. And we will see in a moment, Traffic Manager also acts as the platform on which we build higher-level services for security and content optimization. Second, Brocade Web Accelerator provides automatic HTML optimization, to reduce page load times. Traffic Manager includes a number of powerful tools to accelerate applications and services, but Web Accelerator gives an extra boost for some types of applications. Third, Brocade Web Application Firewall is a Layer-7 web application firewall, which is designed to protect applications from external application-level attacks. While a network firewall ensures that only certain types of traffic are permitted or denied, a web application firewall works with the business logic to decide whether to allow the request to be processed, checking for targeted attacks such as SQL Injection and Cross-Site scripting, and preventing data leakage. Finally, Brocade Services Controller gives a framework to manage on-demand provisioning, by automating the deployment, licensing and metering of ADC services across a virtual or cloud framework. When linked to a service orchestration framework, we call this ability to create and manage on-demand application delivery services “ADC-as-a-Service” and it transforms the way ADC services are consumed by enterprises and service providers to a much more fluid capacity-based model.
14. A Web Application Firewall is a security add on module to the Traffic manager, which focuses on fixing the vulnerabilities found in Web Applications. It is designed to secure known and unknown vulnerabilities and block attacks by implementing a rich set of security features.
15. The Web Application Firewall can meet the most demanding application-level security requirements, helping compliance with regulations such as PCI DSS and HIPAA. Lets take a look at our layers of security and understand that there is no one stop shop solution for total IT security *Click* Traditional firewalls focus on and network-level security, I ensuring that only the right kind of traffic and destinations are permitted access to the application. A "regular" firewall typically looks at layers 3 and 4 of the OSI model. For instance, to allow TCP port 80, allow UDP port 53 from only specific IP addresses, or deny TCP port 25. *Click* Next, the more sophisticated next-generation firewalls look at patterns in traffic and may be able to identify users and application signatures in the traffic – but they still do not meet the requirements of PCI DSS, which requires full content inspection and parameter validation. Reverse proxies, IDSs and IPSs: Link packets into streams Limited view of business logic Fail PCI DSS requirement Next Gen Firewalls: • Designed to be a primary firewall, identifying and controlling applications users and content traversing the network. • App-ID: Identifies and controls more than 900 applications of all types, irrespective of port, protocol, SSL encryption or evasive tactic. • User-ID: Leverages user data in Active Directory (as opposed to IP addresses) for policy creation, logging and reporting. • Content-ID: Blocks a wide range of malware, controls web activity and detects data patterns (SSN, CC#) traversing the network. *Click* Lastly, Web Application Firewall looks above these levels, and works closely with the application itself, WAFs exists because organizations have lots of custom written (web) applications, that won't be included in the "well known applications and protocols” protected by Next Gen Firewalls. A WAF and can provide proactive security tools such as form virtualisation, cookie and URL encryption, and complete control over parameter validation to detect SQL injection, cross-site scripting attacks directory traversal, or brute-force authentication attempts. . WAF is designed to compensate for insecure coding and “virtually patch” vulnerabilities • Business logic inspection • Proactive application security (log/alert suspicious requests and suggest protection measures) • Looks specifically for flaws in the application itself • Highly customized for each security environment – looking at how the web application is supposed to act and acting on any odd behavior. • Does not address the performance requirements of a primary firewall. While these different security device may have slight functional overlaps, none can claim to be a complete security solution for any enterprise. The Web Application Firewall focuses on Application security and defends in conjunction of other complementing security solutions in the layered security model Attacks can be carried out against any of these layers. As network firewalling has become commodity, the trend has been to move to application layer attacks. Example attacks: IP layer: ping of death (DoS) TCP layer: SYN flood (dDoS) HTTP layer: forceful browsing (accessing hidden but unprotected assets) Business Logic layer: logic flaws (e.g. logging in as one user, but then doing some action in the name of another)
16. A scalable, application-aware Layer 7 security solution Offers highest protection and performance in web and cloud application security. The vWAF identifies and stops attacks that would typically be missed by a network firewall protecting valuable data. Web Application Firewalls allow customers to mitigate web application security threats in a scalable manner.
17. Shown here is a list of optimizations dynamically applied by the Web Accelerator. Most of these optimizations are well documented and most web applications developers are aware of them and their benefit In fact, Google PageSpeed and Yahoo ySlow are two well known grading tools that score your web performance based on how many optimizations best practices are applied your webpages. Having a high score in any of these benchmarks will not only ensure you have a light and fast loading webpage but also a highly SEO score as all the main search engines (Google, yahoo, Bing, etc.) all take into account the speed of your website in consideration when returning search engine results Although well documented, applying these best practices in a consistent manner is a different story. As you can imagine every time you push out new iterations of web designs and code you need to ensure all these best practices are followed, this takes time to test and implement, often taking time out of development to dedicate time to fix and optimize design and code and not all organizations have resources to do so. Think of Web Accelerator as a tool for your development team not a replacement – Web Accelerator automates these best practices at runtime and each time new content is pushed A website’s Google PageSpeed and Yahoo ySlow score instantly is improved Google PageSpeed: https://developers.google.com/speed/docs/insights/about YSlow: http://yslow.org/faq/