"Great Pricing, Support, and Logistics.
|
Palo Alto Networks Gold Partner |
Home > Palo Alto Networks > Network Segmentation | |||
Server Virtualization and CloudProblemWhile enterprises have fully embraced server virtualization, the true promise of an agile, flexible and extensible cloud remains elusive. One of the barriers to fully embracing cloud computing is network security. Existing network security devices within physical, virtualized, and cloud environments are blind to the applications running across the network—and rogue or unknown applications are often used as common mediums for threats and attacks. | |||
Thanks to virtualization, virtual machines (VMs) can communicate with other VMs on the same hypervisor, creating an assortment of applications and services with different risk classifications and confidential data—all on the same host server. The problem with this flexibility is the challenge in segmenting and enforcing security for ‘East-West’ traffic communications between these applications. Furthermore, when VMs are created or moved from hypervisor to hypervisor, rack to rack, or datacenter to datacenter—it’s difficult trying to apply static security policies to the individual virtual machines. As you evolve your datacenter towards a cloud-based architecture, you begin orchestrating the automated tasks for provisioning workloads (compute, storage, network). Unfortunately, securing these workloads with today’s existing network security appliances is a manual, time-consuming process. Security teams simply cannot keep up with how quickly these workloads are being provisioned by the virtual infrastructure teams. SolutionPalo Alto Networks builds a next-generation security platform including physical models that allow you to segment your datacenter network, and a virtual form factor, our VM-Series, for segmentation within a virtualized server. Both physical and virtual form factors run the same PAN-OSTM operating system. Working together, these next-generation security platforms safely enable the ‘North-South’ and ‘East-West’ traffic throughout your physical, virtualized and cloud environments. This gives you complete visibility into the applications being used, knowledge of the users accessing those applications, and protection against known and unknown threats. Integration with the VMware NSX network virtualization platform enables automated provisioning and distribution of Palo Alto Networks next-generation security services and delivery of dynamic context-based security policies. Automated Deployment and ProvisioningPalo Alto Networks security platforms feature a REST-based API, permitting integration with 3rd party cloud orchestration solutions. These cloud-ready capabilities enable you to deploy and configure security on-demand, in lock step with your virtualized workloads. Within a software defined data center, our integration with the VMware NSX network virtualization platform enables Palo Alto Networks next-generation network security services to be automatically deployed and transparently inserted within data center workflows. Apply Dynamic, Contextual Policies to all Your VMSDynamic Address Groups allows you to create security policies using one or multiple qualifiers, or tags, representing your virtual machines, instead of making you manually track hundreds or thousands of IP addresses. This industry-unique capability supports context from virtualization elements including VMware NSX, making it incredibly easy to apply next-generation security to all of your VMs when they are created or spun up, and whenever they are moved across your network. Virtual machine attributes can also be collected as tags via our VM-Monitoring feature that can poll and monitor VMware ESXi and vCenter environments. Using Palo Alto Networks VM-Series, administrators can craft dynamic security policies based on application, user, and virtual machine “container”, as well as using Content-ID and WildFire technologies to continually inspect traffic for known and unknown threats. Centrally Manage All Security PoliciesPanorama is a management platform that provides the ability to manage security policies for all Palo Alto Networks network security platforms – regardless of whether they are virtual or physical – from a centralized location. Panorama provides compliance through consistent enforcement of policy across your entire datacenter network, as well as rich centralized logging and reporting capabilities. Internet Gateway | Mobility | Network Segmentation | Server Virtualization & Cloud | Threat Prevention | Virtual Desktop Infrastructure | Wireless Infrastructure |
|||