Cloud OS Microsoft delivers a complete datacenter solution

  • Slides: 36
Download presentation

Cloud OS Microsoft delivers a complete datacenter solution with Windows Server 2012 R 2

Cloud OS Microsoft delivers a complete datacenter solution with Windows Server 2012 R 2 out-of-the-box Development Management Identity Virtualization Data

Extension miniport

Extension miniport

VM 1 VM 2 VM 3 SCVMM 3 rd Party components Virtualization Root Partition

VM 1 VM 2 VM 3 SCVMM 3 rd Party components Virtualization Root Partition Capture Extension Filtering Extension VMM Service VMM Agent Vendor SCVMM Plugin Forwarding Extension Physical NIC • • Hyper-V switch extensions and SCVMM extensions from partners Vendor network mgmt console Policy database

Cloud Security for Hyper-V Programmable Flow Virtual Switch PF 1000 for Hyper-V Nexus 1000

Cloud Security for Hyper-V Programmable Flow Virtual Switch PF 1000 for Hyper-V Nexus 1000 V

Enterprise-grade Aggregate security control Simplified deployment Agentless Virtual Firewall Agentless Intrusion Detection Agentless Anti-Virus/

Enterprise-grade Aggregate security control Simplified deployment Agentless Virtual Firewall Agentless Intrusion Detection Agentless Anti-Virus/ Anti-Malware • Isolate VMs: manage security programmatically per VM • Industrial-strength • Control and protect inbound, outbound, intra-VM traffic • Signature-based • All versions of guest OS supported by Microsoft Hyper-V • Block application-level attacks (WAF) • Fastest AV Scans available • Behavioral: build baseline for known attacks (WAF) • Orchestrate scans and set thresholds across VMs • Pro-active - detect, warn, block (WAF) • Staggered scanning • Multi-Tenant protection and support of network virtualization • Stateful, deep packet inspection • Granular Qo. S • Aggregate, analyze, audit logs • Virtual Machine Security Groups • User/Role - level access: support of Security and Auditor accounts • Application-level protection against a wide range of exploits (WAF) • Real-time threat monitoring • Agentless: no degradation • Caching across VMs • Centralized management

Virtual Networks (VTNs) Independent and secure virtual networks VTN 1 VTN 2 Physical Network

Virtual Networks (VTNs) Independent and secure virtual networks VTN 1 VTN 2 Physical Network Control Programmable. Flow Switch Programmable. Flow Controller Network Switch Pool Network Appliance Pool Server Pool

VMM Setup: VMM PF 6800 Tenant Red VLAN: 200 VTN for HNV tenant VTN

VMM Setup: VMM PF 6800 Tenant Red VLAN: 200 VTN for HNV tenant VTN for Others Path policy 1 Path policy 2

Fabric Operation VM VM network VM Subnet IP Pool Virtual port VMs and Services

Fabric Operation VM VM network VM Subnet IP Pool Virtual port VMs and Services Operation PF 1000 Logical switch Uplink port Logical network Network site VLAN-Subnet Path-Control over Fabric Network IP Pool

Nexus 1000 V Architecture Respects DC Operational Model for P V Virtual Appliance VSM-1

Nexus 1000 V Architecture Respects DC Operational Model for P V Virtual Appliance VSM-1 (active) Back Plane Network Admin VSM-2 (standby) Supervisor-1 (Active) Supervisor-2 (Stand. By) Linecard-1 Linecard-2 … NX-OS Data Plane Linecard-N Nexus 1000 V VEM Forwarding Capture Filtering Extensible Switch Modular Switch VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module NX-OS Control Plane Hypervisor Server Admin VEM-2 Hypervisor VEM-N Hypervisor

Clients Guests Database Network # network-segment database 1 switchport mode access switchport access vlan

Clients Guests Database Network # network-segment database 1 switchport mode access switchport access vlan 10 # port-profile database-client ip port access-group dbclient in no shut state enabled # port-profile database-server ip port access-group dbserver in no shut state enabled # port-profile database-admin ip port access-group dbadmin in no shut state enabled

Cisco Virtual Security Gateway Context-based, Multi-tenant, Workload Segmentation VM VM VM Cisco PNSC VM

Cisco Virtual Security Gateway Context-based, Multi-tenant, Workload Segmentation VM VM VM Cisco PNSC VM VM VM Nexus 1000 V Distributed Virtual Switch v. Path VSG (active) Secure Segmentation (VLAN agnostic) Efficient Deployment (secure multiple hosts) Transparent Insertion (topology agnostic) High Availability Dynamic policy-based provisioning Mobility aware (policies follow Migration) Log/Audit

Rule Destination Condition Source Condition Action Attribute Type Condition Match Criteria Network Match

Rule Destination Condition Source Condition Action Attribute Type Condition Match Criteria Network Match All (And) VM Match Any (Or) User Defined v. Zone VM Attributes Network Attributes Operator VM Name IP Address eq Guest OS name Network Port neq Port Profile Name gt VM DNS Name lt range Not-in-range Prefix Operator member Not-member Contains And (Global Level) Or (Global Level)

For More Information Windows Server 2012 R 2 http: //technet. microsoft. com/en-US/evalcenter/dn 205286 System

For More Information Windows Server 2012 R 2 http: //technet. microsoft. com/en-US/evalcenter/dn 205286 System Center 2012 R 2 http: //technet. microsoft. com/en-US/evalcenter/dn 205295 Azure Pack http: //www. microsoft. com/en-us/servercloud/products/windows-azure-pack Microsoft Azure http: //azure. microsoft. com/en-us/ Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management Tech. Expo Level 1 Hall CD

http: //channel 9. msdn. com/Events/Tech. Ed www. microsoft. com/learning http: //microsoft. com/technet http: //microsoft.

http: //channel 9. msdn. com/Events/Tech. Ed www. microsoft. com/learning http: //microsoft. com/technet http: //microsoft. com/msdn