Post

SDN and Microsegmentation: Automating Network Security Policies

There are many use cases, deployment scenarios and benefits from an SDN-enabled datacenter, but perhaps the most common driver for SDN deployments today is security. While SDN has always delivered policy-based automation for network devices, applying the same techniques to multi-tenant cloud environments is a more urgent requirement because security policies (compared to network policies) are likely more complex, more application-specific, change more frequently, and encompass a wider range of devices from multiple vendors. As organizations evolve their data centers to the cloud, the security operations are likely to overwhelm even before network issues dictate an evolution to SDN.

In multi-tenant cloud environments, there is a requirement for “microsegmentation”, i.e., enforcing security policies at a very granular level, between individual workloads and applications. Microsegmentation can certainly deliver all of the required application-specific security policies and a more secure cloud overall, but what really makes microsegmentation viable (and not overwhelming) is when it is deployed with SDN-based network overlay and the microsegmentation policy configurations can be fully automated and are location independent. As new cloud applications are spun up, automating security policy provisioning and network security devices is enabling on-demand service delivery organizations are looking for. So, it’s not just about greater degrees of security. It’s about faster, on-demand delivery of cloud applications with what easily could be an order of magnitude greater degree of security complexity than traditional data centers dealt with.

A new white paper from Nuage Networks goes into greater detail how our Virtual Services Platform (VSP) implements microsegmentation, an overview of key use cases and deployment scenarios, as well as security benefits organizations are realizing through SDN.

Some of the differentiating security features of Nuage Networks VSP include:

  • The sophistication of the policy model and the security policies that it can represent, helping to align the network with business requirements
  • The rapidly growing partner ecosystem that has integrated with VSP, to automate third-party best-of-breed security solutions across the network, and
  • The inherent security features native in VSP and the Nuage Networks virtual switch

And, of course, compared to other SDN solutions that claim to do microsegmentation, Nuage VSP has these key advantages:

  • A platform-neutral approach that allows us to run in any leading hypervisor, as well as an open approach to Linux containers, to support heterogeneous cloud environments and avoid platform specific security threats
  • A consistent SDN policy model and centralized controller across the data center and WAN
  • Proven ability to scale to the largest enterprise and carrier-grade environments

Download the white paper here: http://www.nuagenetworks.net/wp-content/uploads/2015/12/PR1512017026EN_NN_VSP_Security_Solution_Overview_StraWhitePaper.pdf

No Comments

Post a Comment

Comments are moderated and will be published/addressed upon review. Your email address will not be published.

Required fields are marked *