Industry Solutions and Trends
Technology is more than just networking and Juniper experts share their views on all the trends affecting IT
Russell_Skingsley

Security in the age of cloud

by Juniper Employee on ‎04-13-2012 03:27 AM

At the recent Cloud Computing and Security World Conference in Hanoi I was asked to present on “security solutions in the age of cloud”.  This task reminded me of a conversation from my early days of consulting as part of a network integrator in Vietnam.  I remember one of my customers presenting me with the idea of a firewall for every server in his data centre.  Whilst I was able to sympathise with his desire for such control, the truth was that this was not really feasible from a performance, management or budgetary point of view.  Stateful security is a high touch process and scaling to thousands of ports is an expensive proposition and a management headache.

 

Fast-forward to 2012 and we have a vastly different world.  The world is inevitably adopting virtualised workloads and looking for a solution to the “problem” of virtualised security.  The challenges are considerable.  How do we enforce policy in a world where traffic may not touch a network-based firewall?  How would we even scale physical firewall assets to accommodate thousands of 10 Gigabit ports anyway?

 

As it turns out, whilst we have these new challenges we also have a wonderful opportunity to fulfil the dreams of my customer looking for a firewall per server. With virtualisation we have an abundance of processing power in our compute pools that we could bring to bear on this challenge if only we had a mechanism to do so.

 

With vGW this is exactly what we have, a low overhead ESX Kernel Module firewall that sees all traffic between virtual machines and maintains policies and state tables for every individual one.  The virtual world has delivered my customer’s dream of a firewall for every machine in his data centre, I apologise for the lateness of the answer!

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.