Server Virtualization and Cloud

Problem

While enterprises have fully embraced server virtualization, the true promise of an agile, flexible and extensible cloud remains elusive. One of the barriers to fully embracing cloud computing is network security. Existing network security devices within physical, virtualized, and cloud environments are blind to the applications running across the network—and rogue or unknown applications are often used as common mediums for threats and attacks.

Thanks to virtualization, virtual machines (VMs) can communicate with other VMs on the same hypervisor, creating an assortment of applications and services with different risk classifications and confidential data—all on the same host server. The problem with this flexibility is the challenge in segmenting and enforcing security for ‘East-West’ traffic communications between these applications. Furthermore, when VMs are created or moved from hypervisor to hypervisor, rack to rack, or datacenter to datacenter—it’s difficult trying to apply static security policies to the individual virtual machines.

As you evolve your datacenter towards a cloud-based architecture, you begin orchestrating the automated tasks for provisioning workloads (compute, storage, network). Unfortunately, securing these workloads with today’s existing network security appliances is a manual, time-consuming process. Security teams simply cannot keep up with how quickly these workloads are being provisioned by the virtual infrastructure teams.

Solution

Palo Alto Networks builds a next-generation security platform including physical models that allow you to segment your datacenter network, and a virtual form factor, our VM-Series, for segmentation within a virtualized server. Both physical and virtual form factors run the same PAN-OSTM operating system. Working together, these next-generation security platforms safely enable the ‘North-South’ and ‘East-West’ traffic throughout your physical, virtualized and cloud environments.  This gives you complete visibility into the applications being used, knowledge of the users accessing those applications, and protection against known and unknown threats.  Integration with the VMware NSX network virtualization platform enables automated provisioning and distribution of Palo Alto Networks next-generation security services and delivery of dynamic context-based security policies.

Automated Deployment and Provisioning

Palo Alto Networks security platforms feature a REST-based API, permitting integration with 3rd party cloud orchestration solutions.  These cloud-ready capabilities enable you to deploy and configure security on-demand, in lock step with your virtualized workloads.

Within a software defined data center, our integration with the VMware NSX network virtualization platform enables Palo Alto Networks next-generation network security services to be automatically deployed and transparently inserted within data center workflows. 

Apply Dynamic, Contextual Policies to all Your VMS

Dynamic Address Groups allows you to create security policies using one or multiple qualifiers, or tags, representing your virtual machines, instead of making you manually track hundreds or thousands of IP addresses.  This industry-unique capability supports context from virtualization elements including VMware NSX, making it incredibly easy to apply next-generation security to all of your VMs when they are created or spun up, and whenever they are moved across your network.  Virtual machine attributes can also be collected as tags via our VM-Monitoring feature that can poll and monitor VMware ESXi and vCenter environments.

Using Palo Alto Networks VM-Series, administrators can craft dynamic security policies based on application, user, and virtual machine “container”, as well as using Content-ID and WildFire technologies to continually inspect traffic for known and unknown threats.

Centrally Manage All Security Policies

Panorama is a management platform that provides the ability to manage security policies for all Palo Alto Networks network security platforms – regardless of whether they are virtual or physical – from a centralized location.  Panorama provides compliance through consistent enforcement of policy across your entire datacenter network, as well as rich centralized logging and reporting capabilities.

Resources

NSX Solution Brief
This solution brief provides details of the Palo Alto Networks integration with VMware NSX. VMware NSX is an extensible network virtualization platform that enables the delivery of Palo Alto Networks next-generation security services.

VM-Series Technical Whitepaper
This technical document provides details of the VMware NSX and Palo Alto Networks integration, including descriptions of the components of the solution, and key use cases..

VM-Series Specsheet
Palo Alto Networks VM-Series extends secure application enablement into the virtualized environment of your datacenter while addressing the key challenges with server virtualization.

PA-7050 Series Specsheet
Palo Alto Networks PA-7050 delivers the scalability and performance your datacenter demands while protecting against known and unknown threats.

Videos and Podcasts

Packetpushers Show on Palo Alto Networks in the Datacenter

Next-Generation Security for Your Next-Generation Datacenter (video and demo)

VMWorld TV interview with Palo Alto Networks on the VMWare NSX Integration

Video on VMWare NSX Integration

聊天
有问题吗?
与我们沟通寻求答案。
立即聊天