Gagner en sécurité et en efficacité opérationnelle dans le Datacenter

Slides:



Advertisements
Présentations similaires
Sécurité informatique
Advertisements

3/25/ :58 AM Développement de Services Web sécurisés et interopérables avec WS-* et WSE 2.0 SP3 Philippe Beraud Consultant Principal Microsoft France.
Hygiène de la messagerie chez Microsoft
ForeFront Edge Protection: ISA Server 2006
Microsoft Corporation
Le EAI et S-95: une combinaison gagnante!!!
Présentation WX Optimisation de bande passante
Mobilité Enjeux Les Enjeux Business Gérer votre Force de Vente plus Efficacement Force de Vente Mobile – 15% de réduction en moyenne dans le coût par.
Stéphanie CLAPIÉ Antoine RENARD
Patrick PROY Sébastien MATHON DESS Réseaux - promotion 1999/2000
Conception de la sécurité pour un réseau Microsoft
ISP/ASP ISP ASP Conclusion DESS Réseaux 2000/2001
Découvrez… 30/03/2017 © Agarik.
Bases et Principes de la Virtualisation. Votre infrastructure informatique ressemble-t-elle à cela ? 2.
30/03/2017 Formation Plan 1.
Muriel Bôle– Partner SE
Présentation Spécificités Générales Spécificités Produit Coup dœil dans les organisations Quattend le PDG dun responsable RH Le Rôle du responsable RH.
Forefront Threat Management Gateway
Le Poste de Travail optimisé en action
…. Service 1Service 2Service NService 3 …… North Central USA South Central USA Irlande Pays-Bas Hong Kong Singapour Contrat de service entreprise,
La mobilité des licences via la Software Assurance
Optimisation du Poste de Travail
Présentation de Windows 2000 Quest-ce que Windows 2000? 2 versions principales : 1.Windows 2000 Professionnel : Système dexploitation client (comme Windows.
Notre Accompagnement pour Votre Offre de Cloud
Office 365 Damien Caro Christian Fumey Cecilia Lentini
Une infrastructure des TI souple Ruth Morton Conseillère auprès des professionnels des TI, Microsoft
Valorisation Forfait Informatique. Page 2 Avantages de base Sans Forfait InformatiqueAvec Forfait Informatique Compétences Ressources Peu de compétences.
Les NAC Network Access Control
Cloud et Sécurité SEC2207 Pascal Sauliere Architecte
System Center 2012 & Cloud Privé
Le nouveau Project. Le Nouveau Project Une solution flexible en ligne ou sur poste de travail pour la gestion de portefeuille de projet et le travail.
De A à Z Fabrice Meillon & Stanislas Quastana, CISSP
22 VIR302 - Comment résoudre les problèmes de compatibilité applicative avec l’OS grâce à la virtualisation (XP Mode et MED-V) 8 février 2010 Enrique.
Hyper-V Cloud - Le Cloud Privé version Microsoft
1© GLADINET, INC.12/12/2014. Historique Gladinet Fondé en 2008 en Floride, Gladinet fournit des solutions en ligne d'accès, de stockage, de partage de.
1 © Copyright 2010 EMC Corporation. Tous droits réservés.  Consolidation  Économies d’échelle grâce à la standardisation  Réduction des coûts informatiques.
APPLICATIONS MÉTIER COLLABORATIONSTOCKAGEPLATE-FORMEIDENTITÉCOMMUNICATIONSPRODUCTIVITÉ SUR SITE SERVICES DE « CLOUD COMPUTING »
OVERLAP en chiffres 320 salariés dont 120 consultants
22 DBA DAY - Administrer facilement des environnements SGBD hétérogènes Anthony Moillic Directeur Technique
1 1 Panda Managed Office Protection Switch from Antivirus to Security as a Service.
Windows 8. Le monde du travail a changé Consumérisation de l’IT des employés utilisent au moins un appareil personnel au travail. des sociétés ont déployé.
1 Laurent BONNET Stéphane GOUDEAU Architectes en Système d’information Division Développeurs et Plateforme d’Entreprise © 2005 Microsoft Corporation Un.
Cliquez pour ajouter un texte 1 Les services collaboratifs IBM LotusLive Jonathan Bénichou IBM.
Offre DataCenter & Virtualisation Laurent Bonnet, Architecte Systèmes Alain Le Hegarat, Responsable Marketing 24 Novembre 2009.
Stratégie IBM software Philippe Bournhonesque Directeur stratégie Software France.
Citrix ® Presentation Server 4.0 : Administration Module 2 : Présentation et installation de Citrix Presentation Server.
Positionnement : Outil de supervision et d’administration spécialiste Les management packs de l’éditeur et la base de connaissance embarquée Rapidité.
Solution Monétique Transacom Network
Nov. 2009Parallels Automation1 Créer votre propre Cloud Microsoft avec Parallels Automation Créer votre propre Cloud Microsoft avec Parallels Automation.
Rapport de Stage : Les Web Services ou la communication
22 Windows Azure Storage SQL Azure Pascal Belaud Architecte SQL Server Microsoft France Sébastien Warin R&I Technical Lead.
Adaptive Security Architecure Gartner© By Blue Coat : “ATP LifeCycle”
Accès au Frontal SAP depuis un Portail PSA
Quels sont les bénéfices techniques à migrer vers Windows Longhorn Server ?
Alti Copyright All rights reserved.. 2 ALTI Copyright All rights reserved. Sommaire Architecture BI 1 Entrepôt de données 2 Acquisition de.
2 Demo Extravaganza Fabrice Meillon & Stanislas Quastana, CISSP Architectes Infrastructure Microsoft France
The leading Workspace Performance solution
Lellouche Aaron ITIC Paris
Vendre l’offre StorageWorks GV13 Identifier les opportunités.
La voie vers l’entreprise Mobile First
Fedict Identity Authentication & Authorisation Séance d'information M1016 – 03/06/2015 APPEL D’OFFRES OUVERT POUR UN MARCHÉ DE SERVICES PLATE-FORME D'E-GOUVERNEMENT.
Gwenaelle Bonnet Strategic Account Manager EMEA, Thingworx Gwenaelle
1© Copyright 2014 EMC Corporation. Tous droits réservés. LE CLOUD COMPUTING ORACLE AVEC EMC.
Sécurisation infrastructure Altibus Ajout d’un serveur pour le réseau Call Center.
Les identités numériques dans un monde connecté Digicloud 2016 – Marrakech Ouadie TALHANI Consultant Senior Sécurité Tél.: +336.
SQLSaturday Paris 2015 La BI dans le Cloud Quelles solutions ? Franck Microsoft.
Xavier DASPRE Directeur Technique France Chambre du Commerce et de l’Industrie Versailles le 23 mai 2006.
VEILLE TECHNOLOGIQU E LE CLOUD R. Mars al A. Guel louz B. Covo lo C. Eise nhauer G. Monn el.
ASPSERVEUR | N° vert : CHOOSE THE BEST AVAILABILITY.
Transcription de la présentation:

Gagner en sécurité et en efficacité opérationnelle dans le Datacenter Laurent PETROQUE Responsable Avant-Ventes F5 France

En cinq ans, plus des trois quarts (76%) des intérrogés s’attendent à ce que le Cloud Hybride soit au coeur de leur stratégie, dépassant le Cloud Privé et Public. La majorité des intérrogés (55%) attendent que le Cloud Hybride ou que le fournisseur Multi-Cloud apparaissent dans les 2 ou 3 ans pour concurrencer les solutions Cloud actuelles. Initial uptake of IaaS providers was slow for large enterprises largely due to security and data protection concerns. And this lead to the popularity of a Hybrid cloud model allowing organisations to select which apps and services were suitable for cloud providers while still maintaining control of what data would where. Source: 2013 Future of Cloud Computing Survery, North Bridge / Gigaom

Répondre aux changements ! Now take that environment and consider how easy it is to scale your application – not just more application servers but additional ADC’s or firewalls or WAF’s. How quickly can you respond to change? Increases in users, the number of services, backend application servers or increase security profiles all add to the complexity of scaling an application. All the while application and business owners expect and increase in performance and availability over time!

Availability, Security, Access Control Migrer vers le Cloud Devices Applications éligibles Applications ne tombant pas sous des règles strictes de protection des données Applications virtualisées supportant la migration depuis leur infrastructure courante Application et services moins critiques moins sujettes à des SLAs contraignant Data Center Load Balancing, Availability, Security, Access Control DEMAND Competition for finite computing resources Physical Virtual Applications Applications Not all applications are suitable for migration to cloud providers. Many organizations have issues related to governance and data protection. Applications suitable for IaaS providers are often defined or identified by the following criteria: Applications that don’t fall under strict data protection policies. Non-legacy applications that are able to migrate from existing infrastructure. Typically this means virtualized applications. Non-mission-critical applications and services that aren’t governed by tight SLAs.

Cohérence entre les toutes les Applications et Services Data Center Agility Workload Prioritization Automation/ Orchestration Customer Scenarios Any Device Internal and External Services Centralized Management Consistent Delivery Cloud Migration Replicated Policy Core Functionality IaaS Acceleration Context Services Reporting iApps On the left we have the many different device types and numerous connectivity methods to deal with. Each with unique behavior and requirements. And on the right we have the different applications and services that we want to deliver from different locations and providers. However to ensure a consistent user experience, which requires consistent: performance, availability and security services, - we call these application delivery services – we must ensure that these application delivery services exist everywhere the application can exist. Both in the private data center and in the cloud environment. The work done by application architects and network architects mustn't be sacrificed as part of the journey to the cloud. Extensibility Integration Availability Any Location Cloud Providers Professional Services and Support

Gestion de la Politique de Cloud Services Applicatifs Modélisés Intégrés Orchestrés Accélérés Sécurisés Cloud Portal Cloud Manage-ment Provider Portal Cloud Portal App Lifecycle Management Cloud Connectors Third-Party Cloud Orchestrators (VMware vCloud Director) Tenant Portal Public Cloud (Amazon Web Services) Cloud Management REST API A lot of this capability hinges on policy management. Whether you are using physical BIG-IP’s or Virtual Editions, both are all running F5’s TMOS, and the speed at which Application Services can be deployed within a private DC or an IaaS provider hinges on the ability to create/define reusable policies that can follow applications wherever they run go. And these policies need to be deployed in minutes, not hours or days. F5’s BIG-IQ management platform, handling both individual F5 Device requirements, including flexible licensing models, and F5 Cloud delivery requirements, the delivery of application service templates as tested and managed within private datacenters, is the solution. It ensures consistent delivery. Data Center 1 Data Center 2 Data Center 3 Data Center 4

Architecture de Migration dans le Cloud On-Premises Infrastructure Global load balancing Infrastructure monitoring Advanced reporting Administrators Business Unit Application Manager Load balancing Custom business logic Application health SSL management DNS Line of Business Applications Business Unit Application Manager Application User Cloud Administrator Cloud Management Beta User Automated Application Delivery Network Health/performance monitoring vADC deployment With this capability, the ability to rapidly deploy application specific delivery and security policies in minutes, comes the application delivery flexibility required to migrate applications to cloud providers without sacrificing on Application Availability, Performance and Security. Delivering replication of: Optimized connectivity Consistent application delivery services Security policy Here we have an Architecture Diagram and at in the top of this diagram, you can see the private data centre with its DNS Services, and its application services: things like SSL management, load-balancing, application health monitoring – and then, within that private DC we also have the Cloud Management services. This cloud management takes the configuration, all the tested and validated Application Delivery services and deploys them to a F5 virtual edition running in the cloud provider. This isn’t just a case of spinning up a Virtual Edition, its about also deploying all of the required configuration for ensureing the application behind it is running fast, highly available and secure. This type of hybrid deployment has been very popular for development teams, QA testing, those kind of business functions. There is a demand for compute resource but there is no sensitive data. This is an excellent way of freeing up private DC resources. Load balancing Custom business logic Application health SSL management Line of Business Applications Application Strategic Point of Control Cloud Hosting Provider

Optimiser Globalement le Service Applicatif DMZ Data Center On Premise Clients Internet LDNS DMZ Cloud Orienter les utilisateurs vers le meilleur DataCenter Vérification continue du Service Applicatif Routage de Services Applicatifs basé sur la logique business Permet la géolocalisation IP et la répudiation Sécuriser l’infrastructure DNS GTM directs traffic to the best available data center – if one isn’t available, all traffic is redirected to the next best available DC. RelayHealth, a SaaS platform connecting patients, providers, pharmacies, payers, and financial institutions, operates two major data centers—one in Atlanta and one in Sacramento—plus several smaller ones. Manage 12 billion financial and clinical transactions a year. Load balancing was handled by host software on each server. Some servers had none, requiring developers to write custom software. This approach led to many variations of application delivery software all trying to operate within the same data center, resulting in intermittent downtime and slow response times. 75% of enterprises have experienced a major disaster or business disruption. Are you prepared? Nearly 75% of all U.S. businesses have experienced a business interruption NOTE: If desired/necessary, can enumerate: 72% of the time suffered from power outages 52% of the time dealt with hardware problems 46% of the time suffered telecommunications failures 43% of the time dealt with software problems Source: www.oregon.gov/DAS/EISPD/BCP/docs/BCP_Overview_0305.ppt Because, things happen! Floods, Fires 9/11 DDoS – even the target of WikiLeaks’ Anonymous DNS DDoS attack! (See DNS Express section) What would happen if a catastrophic event hit your data center? How would users be re-directed to their applications in another datacenter? How long would it take to redirect them? How much business would it cost in the meantime?

Protéger les applications du DoS/DDoS Service de protection DoS/DDoS hébergé dans le Cloud Defense.net SaaS Internet Data Center Public Cloud

Firewall Applicatif Web - WAF Identifier, Patche-virtuel, et bloquage des vulnérabilités Auditer les applications avec: Cenzic Hailstorm QualysGuard Web App. Scanning IBM Rational AppScan WhiteHat Sentinel Configurer une politique de protection avec BIG-IP ASM Bloquer les attaques sur les Applicatifs Web Hacker Data Center BIG-IP Application Security Manager Clients Scanner scans applications to identify vulnerabilities and directly configures BIG-IP ASM policies to implement a virtual patch that blocks web app attacks BIG-IP ASM is now importing vulnerabilities – not patches, it effectively becomes a Vulnerability Management Tool along with being WAF.  Obviously, the net effect is enabling very rapid response, particularly in the instance where you're waiting for the third-party vendor to patch the vulnerability. Internet Web 2.0 Apps Private Cloud Apps BIG-IP Application Security Manager

Gérer globalement les Accès et l’Identité des utilisateurs Authentification, Autorisation, et SSO pour toutes les applications, partout (On-Prem ou Cloud) Secure Web Gateway (URL Filtering / Internet App Control) Web Apps Internet Cloud based web security Cloud Apps Web Access management Internet Public Cloud Remote Access & Application Access Web Access Management Enterprise Apps Cloud based IAM Public Cloud Hybrid Cloud Cloud, SaaS, and Partner Apps Identity Federation SAML Private/Public Cloud Directory Services

Disposer d’une architecture de protection Anti Fraude Local alert server and/or SIEM Online Customers A Man-in-the- Browser Attacks Copied Pages and Phishing Web Fraud Protection Online Customers B Network Firewall Application C Security Operations Center Account Automated Transactions and Transaction integrity Amount Highlight the multi tenancy of the F5 SOC, webGUI, reports,… Referenz Architecture Fraud detection and protection components are stored and configured on BIG-IP Transfer Funds Online Customers Scénarios Détection et protection contre Malware Anti-phishing Analyse des Transactions A B C

Administration Centralisée SSL DDoS DDoS Traffic Management Administration Centralisée SSO LTE LTE Acceleration Administration Centralisée WAF Anti-fraud Whether you are managing a local datacenter, applications in a public or private cloud or some hybrid model, your applications – and the services they require should work seamlessly. The vision behind BIG-IQ is to allow automated, programmatic provisioning of applications and services to support applications – wherever they reside Click Your network provides applications – sometimes hundreds of different applications, and they services they require Need to add a service to an existing application – say traffic management or security, BIG-IQ can do that Want to add a service? BIG-IQ can do that too Want to move an application from one data center to another, or to a cloud? That should be simple to do as well. BIG-IQ provides the orchestration behind Software Defined Application Services - it is the glue that holds Synthesis together. ADC Data Center Hybrid Cloud Public Cloud ADC

Qu’est ce que ça signifie pour l’IT ? Plus de d’Innovation Meilleur alignement Réduction de coûts

Et qu’est ce que ça signifie pour le business ? Go to Market plus rapide Engagement Client plus fort Meilleur ROI applicatif

Solutions for an Application World.