Bringing SWAG to Enterprise Campus Networking!
As client users, devices, and IoT continue to proliferate, the need for switching management and workload optimization across domains increases. Many...
Every CXO worries about security because the perimeter is changing; in fact, there are no walls for protection. The lines between cloud, workloads, applications, enterprise networks and hosts are blurring and the challenges are getting exponentially greater. The true security architect must rapidly address the reality of a more holistic network-wide security strategy. It must be one that goes beyond the cyber threat of the day to address the risk, scale and mitigation of persistent security issues. The state of cyber security needs urgent resolution because:
In the 2015 timeframe, VMware pioneered micro-segmentation by using virtualized firewalls within either a public or private cloud environment while Palo Alto, Fortinet and Checkpoint all drove next generation firewalls. Complementing Micro-segmentation and firewalls, Arista introduced Macro-Segmentation (MSS), another example of our pioneering innovation. MSS is dynamically applied to cloud networks depending on the type of host connected for secure workload mobility and workflow visibility. Arista, Next Generation Firewall partners (Checkpoint, Fortinet and Palo Alto) and VMware have been at the forefront of driving secure segmentation capabilities in a standards-based manner with uniform security control.
New Frontier in Cloud Security: Zone Segmentation
Regardless of the service or workload type, the location of these services and workloads must now transcend multi-cloud environments securely and seamlessly. Consistent network segmentation with Arista Any Cloud provides a powerful approach for applying the right security across applications, users, and places in the cloud. Arista vEOS now supports Zone Segmentation, allowing implicit traffic between workloads in the same zone while segmenting traffic between zones. Zone Segmentation can be automated and visualized with CloudVision. Users can create a zone and map cloud network attributes to that zone. The figure below shows the application of Zone based Segmentation in Azure, AWS or GCP cloud boundaries.
Figure 1: Zone Segmentation across Any Cloud works with existing segmentation and firewalls
The benefits of Arista’s cloud security with Zone Segmentation Services (ZSS) are compelling for customers and include:
CloudVision Foundation for A to Z Partnerships
Arista CloudVision can manage and secure segmentation across the premise and cloud in a centralized manner. Together with Arista EOS state streaming and interface statistics, anomalous behavior can be detected, alerted and analyzed. For example, if a compromised workload tries to access other workloads that it isn't supposed to, alerts are captured in CloudVision and visualized to the network operator for rapid detection/actions. Thereby CloudVision establishes secure parameters and establishes trust relationships between zones with our cloud partners as well as new security partners, Zscaler and VMware. Arista and Zscaler offer a secure cloud architecture that recognizes the central role, often played by the cloud, in hosting corporate applications and general web content. Zscaler’s cloud, together with Arista vEOS Zone Segmentation secures inter-cloud traffic to and from the Internet for north-south workloads and east-west cloud networking.
Arista now complements its datacenter with MSS and campus functions. We have expanded our partnership with VMware to extend both Arista MSS and VMware’s micro-segmentation by enabling Arista switches to enforce NSX security directives. This ensures consistent segmentation actions can be applied to applications hosted on virtualized and bare-metal servers.
Simple and Secure Cloud Networking
I am excited by the power and potential of Zone Segmentation for both the security and cloud networking industry where each is undergoing massive transitions. It secures and unifies two islands, bringing profound impact to our eco-partners and customers alike for secure cloud networking. Critical to successful deployment of uncompromised security in a private or hybrid cloud evolution are our partnerships with next generation firewall vendors and VMware and ZScaler. Arista is now extending secure segmentation beyond firewalls into virtualized datacenters and campuses for secure cloud networking.
Welcome to the new world of secure cloud networking. I always welcome your comments feedback@arista.com
Reference:
Zone Segmentation Technical Brief
Video - Arista Security for Cloud Networking: A Customer Perspective
Gartner Catalyst - San Diego, Booth #505
VMworld 2018 - Las Vegas, Booth #1030
As client users, devices, and IoT continue to proliferate, the need for switching management and workload optimization across domains increases. Many...
Today marks the 20th anniversary of Arista! Over that time, our company has grown from nothing to #1 in Data Center Ethernet, a highly profitable...
We are excited to share that Meta has deployed the Arista 7700R4 Distributed Etherlink Switch (DES) for its latest Ethernet-based AI cluster. It's...