![]() ![]() This ensures the security of different traffic volumes and services within the cloud DC. Once the vNGFW has formed a high-capacity cluster, security gateways of various sizes can be formed according to service requirements. The second method deploys each vNGFW on a single VM, and a cluster is formed by bundling multiple VMs. The multiple VMs are arranged on a single vNGFW to form a high-capacity cluster. ![]() The first is distributed architecture, where different modules of a vNGFW, such as URL filtering, VPN, and IPS, are deployed on different VMs. High-capacity clusters and elastic scalability implements high-capacity clusters to better support high-volume operator pipe services, with two possible implementation methods. For greater flexibility, distributed deployment can run each virtual security NE (or VM) as a virtual network function, with the Service Chain invoking the corresponding security service when they’re used. ![]() For easy deployment, these services can be batch deployed on a single vNGFW. Virtual NGFW (vNGFW) includes more than ten types of security services, including application identification, NAT, VPN, IPS, and URL filtering. Micro security services applies scheduling on individual and combined services. In both scenarios, the flexibility and ease of use of the software and hardware NGFW makes managing 1:N and N:1 virtualization easier. N:1 pools multiple NGFW software and hardware components, so security resources can be flexibly invoked based on service needs. 1:N virtualizes a single NGFW software or hardware device into many virtual devices that can be invoked by different servers or services based on NFV service requirements. Hardware and software NGFW must support 1:N and N:1 virtualization. When VMs are launched, the software firewall or security service agent must also be launched. Next-Generation Firewall (NGFW) hardware is deployed at every perimeter on the cloud DC network in the traditional manner, while the software version of NGFW is deployed on every VM. Software-based security infrastructure applies to different sizes of software and hardware security components. NFV-based security involves processes for achieving the following three goals: software-based security infrastructure, micro security services, and high-capacity clusters with elastic scalability in cloud architecture. So, they require network equipment scheduling, including hardware boxes and vSwitch virtualized components, meaning that security must be integrated into the SDN network and adapted to the entire network architecture. Scenarios three (vCPE) and four (IT Cloud) involve enterprise border protection and tenant protection, respectively. The virtualized and cloudified infrastructure in each of these scenarios requires NFV-based security services. Three: Security requirements for vCPE include border protection for enterprises with end-to-end VPN encryption, E2E QoS, IPS, and anti-virus.įour: The IT Cloud provides telecom VAS like video for operators, which needs tenant-grade perimeter security. Two: The security requirements of vMSE include high-performance NAT and URL filtering, as well as Anti-DDoS. One: vEPC requires signal security, so the security infrastructure must provide functions such as 3GPP IPSec encryption. New network architecture creates different security requirements in different locations, as demonstrated in the following four scenarios. As a result, NFV and SDN security features are applied mainly in the core network and cloud DC applications. Ineffective static security software and hardware: The traditional static security components and software deployed on the network borders and servers cannot sense east-to-west traffic between virtual machines (VM) or ensure security in cloud scenarios.Ĭomplex security management: Large cloud data centers (DC) have numerous cloud security policies, placing high demands on personnel to manually handle application, review, and configuration tasks such as policy updates, approvals, and around-the-clock maintenance.Īccess and backbone transmission networks are still largely based on traditional architecture. Service-driven, cloud-based network transformation brings a slew of financial and performance benefits to operators, including greater service agility, faster service provisioning and TTM, lower OPEX, automation, the Pay-as-you-Grow model, and VAS.īut, traditional security mechanisms are no longer up to the task of protecting cloud environments for a number of reasons: NFV and SDN are the tools for ensuring that operators can meet business requirements with a security system that adapts to the new environment network-wide. Transforming network security is intrinsic to network transformation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |