CohesiveFT and IBM joint EMEA Webinar - 20Jun13
Control and secure your applications on IBM SmartCloud Enterprise with Software Defined Networking from CohesiveFT.
An IBM SmartCloud ready partner, CohesiveFT address issues of security and control to allow customers to take full advantage of cloud computing. Cohesive FT’s VNS3 Software Defined Networking is an overlay network which allows you to extend your data centers into the cloud, join clouds together and have control over end to end 256 bit encryption, IP addressing, topology and multicast protocols.
The joint IBM and Cohesive webinar aired on June 20
2. Copyright CohesiveFT - 14 Jun 2013
Welcome to the webinar
2
Sam Mitchell
Senior Solution Architect
Sam leads the technical elements of the sales cycle. He runs demos,
technical qualification, technical account management, proof of
concepts, technical and competitive positioning, RFI/RFP responses &
proposals.
Before CohesiveFT, Sam was a Cloud Solution Architect at Platform
Computing, recently acquired by IBM, and Lead Architect at SITA.
Your Presenters
Chris Purrington
Global Sales Director
As Global Sales Director at CohesiveFT and Managing Director of
CohesiveFT UK, Chris is responsible for worldwide sales. With over
20 years in the software industry. Chris has extensive experience in
leading ISVs to success in EMEA, this includes 9+ years at Application
Lifecycle Management company Borland where he was UK MD andVP
UK, Ireland and Africa.
3. Copyright CohesiveFT - 14 Jun 2013
Agenda
• Cloud and SDN Market Overview
• What is cloud networking?
• Working with cloud networks
• Security & control solutions
• Hybrid cloud solutions
• Federated cloud solutions
• Cloud networking customer use cases
• Wrap up & questions
3
@cohesiveft
#CFTWebinars
4. Copyright CohesiveFT - 14 Jun 2013
About CohesiveFT
4
What We DoWho We Are
• Cohesive FlexibleTechnologies Corp.
(CohesiveFT)
• Founded in 2006 by IT and capital markets
professionals with years of experience in
operations, enterprise software and client-
facing services
• Customers have 50M+ virtual device
hours in public, private, & hybrid clouds
secured byVNS3
• First product launched in 2007 with
followup products in 2008 and 2011
• Offices in Chicago, London, Belo Horizonte
and Palo Alto
• Enable enterprises to run business systems
in the cloud
• Our solutions help migrate, transform and
extend both customer facing systems and
internal operational platforms
• Provide more application-centric SDN for
cloud than all competition combined
• Only company to promote comprehensive
cloud container solution for migration,
deployment and control
• Cloud, vendor, and standards neutral for
greater customization and control
5. Copyright CohesiveFT - 14 Jun 2013
Customers
5
ISV SaaS Integrators Self Service Enterprise
VNS3 has helped secure 50M+ virtual device hours in public, private, & hybrid clouds
7. Copyright CohesiveFT - 14 Jun 2013
PhysicalLayer
SDN Market can be divided into 2 segments
1. Application Controlled
• CohesiveFTVNS3
• Cisco Cloud Service Router
• Citrix CloudBridge
2. Provider Controlled
• Nicira/VMware
• Open vSwitch
• Cisco Nexus 1000v
• IBM
• Cisco
• Juniper
Software Defined Network - Market Segments
7
VirtualLayerApplicationLayer
Cloud Instance
OS
App Stack
ProviderControlled
Hypervisor
Hardware
Compute
Storage
Network
Multiplexed access to:
AppControlled
} OpenFlow
Layer 0
Layer 4
Layer 3
Layer 2
Layer 1
Layer 5
Layer 7
Layer 6
Perimeter of access, control, & visibility
8. Copyright CohesiveFT - 14 Jun 2013
Overlay networks can solve common pain points:
8
@cohesiveft
#CFTWebinars
Attest to data in motion encryption
Capacity expansion into public cloud
Cloud WAN / connect to customer &
partner networks
Federate common, shared infrastructure
Legacy Migration and Integration
Disaster recovery / readiness
9. Copyright CohesiveFT - 14 Jun 2013
Overlay SDN (Software Defined Network)
gives control in the cloud of:
• IP Addressing
• Protocols
• NetworkTopology
• Security
• Separate network identity from location
•Configure in a mesh for high availability
•Overlay across multiple clouds for geographic
distribution, & cloud federation
•Rest API or UI
ExtendYour Network Across the Clouds withVNS3
9
10. Copyright CohesiveFT - 14 Jun 2013
VNS3 is a combination of 6 device types:
Firewall
Dynamic & Scriptable
SDNProtocol Redistributor
IPsec/SSLVPN
concentrator
Router Switch
VNS3
Hybrid virtual
device able to
extend to
multiple sites
10
Leading Overlay SDN (Software Defined Network) Appliance
•Allows control, mobility & agility by separating network location and network identity
•Control over IP addressing and topology
11. Copyright CohesiveFT - 14 Jun 2013
Security lattice: layers of control & access
11
Cloud networks combine with user & provider firewalls and
isolation features to create a “security lattice” with layers of
security.
Some key security elements must be
controlled by the customer but
separate from the provider.
Provider Owned/Provider Controlled
Provider Owned/User Controlled
VNS3 - User Owned/User Controlled
User Owned/User Controlled
13. Copyright CohesiveFT - 14 Jun 2013
A technical use case preview
13
@cohesiveft
#CFTWebinars
Other Cloud 2
Singapore
Other Cloud 1
New Jersey, USA
Other Clouds
14. Copyright CohesiveFT - 14 Jun 2013
Security & control: customer networking setup
14
@cohesiveft
#CFTWebinars
App-layer security: Firewalls
& IPsec devices
Control: users
already control and
manage everything
below this layer
15. Copyright CohesiveFT - 14 Jun 2013
Security & control: IPsec connections
15
@cohesiveft
#CFTWebinars
Security: IPsec tunnels
with encrypted data-in-
motion
Control: only provide access
to certain endpoints; separate
customers and partners
16. Copyright CohesiveFT - 14 Jun 2013
Security & control: connection into cloudVMs
16
@cohesiveft
#CFTWebinars
Control: peering and
failover for disaster
recovery / readiness
Security: Points of
presence &
backup, without
vendor lock-in
Other Cloud 2
Singapore
Other Cloud 1
New Jersey, USA
Other Clouds
17. Copyright CohesiveFT - 14 Jun 2013
Cloud Address Control
17
VNS3 Solution:
• Control static addressing of your cloud servers
• Local Area Network (LAN) address extension to the cloud
• Servers andTopologies behave as though the are running locally
• Application centric network is portable
Problem: Public Cloud addressing schemes don’t match your data center
addressing.
18. Copyright CohesiveFT - 14 Jun 2013
Cloud Protocol Control: Multicast
18
Problem:
• Enterprise software uses multicast protocols for
service election and service discovery.
• Many public cloud providers block multicast protocols
at the user layer.
VNS3 Solution:
• Send multicast traffic viaVNS3 overlay network
before it is rejected by underlying network
infrastructure.
• Control all your protocols withVNS3.
19. Copyright CohesiveFT - 14 Jun 2013
Cloud Security Control: IPsecTunneling
19
VNS3 Solution:
• Extend your network with industry standard IPsec.
• Use your existing network security appliances (Cisco, Juniper, Netscreen, SonicWall).
• Use your existing secure communication methods/practices the same as you currently
connect offices, data centers or partners/customers.
Problem: Public cloud is accessed via public internet.
20. Copyright CohesiveFT - 14 Jun 2013
Cloud Security Control: Multiple IPsec
20
Problem: Cloud providers limit the number of
IPsec connections.
VNS3 Solution:
• VNS3 Manager enables multiple IPsec connections to a
cloud-based overlay network segment.
• Serves as user-controlled, virtualized switch/router
(uSwitch) inside the provider cloud.
• Cloud deployed servers can communicate with multiple
IPsec gateways via endpoint-to-endpoint encrypted
connections.
21. Copyright CohesiveFT - 14 Jun 2013
Regional Cloud Federation
21
VNS3 Solution:
• Leverage cloud points of presence without sacrificing security and control.
• Link multiple clouds for one logical group of resources.
• Extend connectivity between multiple public and private cloud environments.
Problem: Production cloud deployments require geo distribution for DR
and points of presence.
22. Copyright CohesiveFT - 14 Jun 2013
Use Existing MonitoringTools
22
VNS3 Solution:
• Use your existing monitoring tools for cloud deployments.
• VNS3 allows you to use your existing NOC to monitor and manage devices in the
data center and the cloud.
Problem: Cloud deployments cannot be connected to existing network
operations center.
23. Copyright CohesiveFT - 14 Jun 2013
Customer-Partner and Branch Networks in Public Cloud
23
VNS3 Solution:
• Industry standard secure connectivity to isolated servers in public cloud
• Data in motion in the public cloud is encrypted.
Problem: Securely connect customers, partners or branches to specific
servers in shared infrastructure.
24. Copyright CohesiveFT - 14 Jun 2013
VNS3 Summary
24
Firewall
Dynamic & Scriptable
SDNProtocol Redistributor
IPsec/SSLVPN
concentrator
Router Switch
VNS3
Hybrid virtual
device able to
extend to
multiple sites
Leading Overlay SDN (Software Defined Network) Appliance
• Allows control, mobility & agility by separating network location and network identity
• Control over end to end encryption, IP addressing and network topology
25. Copyright CohesiveFT - 14 Jun 2013
CohesiveFT Europe
London, UK
ContactMe@cohesiveft.com
+44 208 144 0156
CohesiveFT Americas
Chicago, IL USA
ContactMe@cohesiveft.com
+1 888.444.3962
Contact Details
25
Follow us for news and updates:
blog.cohesiveft.com @cohesiveft
Get in touch:
Chris Purrington, Global Sales Director
- chris.purrington@cohesiveft.com +44 7962 452661
Sam Mitchell, Senior Solution Architect
- sam.mitchell@cohesiveft.com +44 7917 630020
26. Copyright CohesiveFT - 14 Jun 2013 26
Appendix 1 -VNS3 Licenses
SKU License Parameters Cost
VNS3 Free 1 VNS3 Manager, 1 IPsec
Endpoint, 5 Client Packs
Free (no time limit)
VNS3 Lite Edition Cloud
Only
1 VNS3 Manager, 0 IPsec
Endpoint, 25 Client Packs
$150 per month
VNS3 Lite Edition Data
Center Connect
1 VNS3 Manager, 2 IPsec
Endpoint, 10 Client Packs
$150 per month
VNS3 SME Edition 1 VNS3 Manager, 1 IPsec
Endpoint, 5 Client Packs
$350 per month
VNS3 Enterprise 1 VNS3 Manager, 1 IPsec
Endpoint, 5 Client Packs
$750 per month
Larger Licenses additional Managers,
IPsec endpoints and client
packs can be added to
the SME and Enterprise
Editions
Contact CohesiveFT Sales
sales@cohesiveft.com
28. Copyright CohesiveFT - 14 Jun 2013
Large mutual fund
securely bursts into
public cloud to extend
their HPC grid
Highlights
Automatically flex existing HPC solution
up and down by bursting into public cloud.
Configure and contextualize nodes
between data center and cloud.
Used existing workload manager / grid
engine software / vendor to extend their
grid.
Significantly reduced infrastructure costs,
while increasing flexibility and
responsiveness.
Challenge:
Fund needed to extend their existing
grid on the same IP network with
security.
Traditional high performance
computing (HPC) environments are
expensive to own and to operate.
Growing demand for faster results and
equally strong push to reduce costs
pointed to public cloud, but could not
provide security and control.
Security & Compliance Challenges
Cloud IaaS and multi-tenant solutions
still cannot provide the security of a
physical grid.
Solution
Seamlessly extended the grid with an
overlay network.
The fund’s cloud grid compute nodes
connected securely with a pair of highly
availableVNS3 managers.
Fund bursts into public cloud to extend HPC
28
Public Cloud
Node
Private Data Center
Node
Node
Node
IPsecconnection
29. Copyright CohesiveFT - 14 Jun 2013
Scalable, pay as you go
solution to connect
cloud-based apps to
partner networks.
Highlights
Had to connect to telco partners with
partners’ exact IP addresses
Concerns over keeping customer and
partner traffic separate and secure
Needed to quickly scale up and down,
with a price package to match
Overlay network segmented partners
to take control of security, addressing,
and connection
The Situation:
Telco with mobile app needed to
connect cloud-based app servers to
APAC partners on the partners’ exact
IP addresses.
Developed a segmented overlay
network capable of running in multiple
geographic regions and separating
customer and partner data with
encrypted connections.
Solution used:
• Overlay network
• Instance-based solution using pay-as-
you-go virtual appliances
• Customer-defined address pools
• Guarantee encryption for all data in
motion, including customer session
tokens and payment information
Mobile app developer connects on overlay
29
Public Cloud
Virtual
Network
IPsec connection
Customer Site
PartnerSite
Customer Site
IPsecconnection
IPsecconnection
30. Copyright CohesiveFT - 14 Jun 2013
European clothing
designer wanted
creativity and capacity
without the hardware.
Highlights
Created a fashion social networking site
with security and cloud-based capacity
Wanted to scale and control capacity.
Access and reliability will remain to be
key aspects of the infrastructure.
Secure, encrypted data in motion and
access to data center withVNS3
The Situation:
European fashion designer and
wholesaler wanted to extend fashion
brand by:
• Creating first ever fashion-focused
social site
• Scaling up and down with demand
• Keeping security standards high
The industry, enterprise and
infrastructure created hurdles for
traditional physical computing.
VNS3 overlay network offered control
over addressing and topology for
customer-controlled hybrid device.
Solution included:
• Overlay network to public cloud
• Encryption for all data in motion
• End-to-end encryption from data
center to apps
• Easy internal approvals for the
corporate “network police”
• Perpetual license to accommodate
scaling needs
Capacity expansion: fashion brand grows in cloud
30
Public Cloud
Private Data
Center
HybridCloud
31. Copyright CohesiveFT - 14 Jun 2013
Customer Site
BPMS-as-a-SaaS without traditional complexity
31
Business process SaaS
vendor reaches
customers without
on-site data centers
or physical networks.
Highlights
Large independent logistics firm
wanted to provide SaaS as subscription
model without burdening clients.
Hoped to scale cloud containers for
more customized solutions.
Removed complexity of migrating and
need to change the business model,
operations.
Solved end client’s issues with on-site
data centers and large software clients.
The international BPM and CRM
software vendor wanted to provide a
SaaS offering to move customers to
subscription revenue model.
Challenges:
• Limited multi-tenant environments for
customers that pass industry tests
• Required connectivity without the
hurdles of traditional networks, data
centers and enterprise rules
• Connecting apps across different
public and private clouds
• End customer security concerns
Solution created:
• Access as if it is a subnet on their
network
• Guaranteed encryption for all data in
motion and at rest
• Overlay network that can deploy to
any public cloud provider
• Firm can connect their clients’
software to cloud-based data centers
without up-front, capital intense
processes
Public Cloud
Customer SaaS
deployment 2
IPsecconnection
Customer Site
IPsecconnection
Customer SaaS
deployment 1
32. Copyright CohesiveFT - 14 Jun 2013
Threat protection
firm extended
offerings with global
cloud points of
presence.
Highlights
Global reach for products and global
redundancy for security.
Needed secure connections to existing
data centers and networks.
Access critical infrastructure “in region”
without delays or capital of physical
resources.
Offered global redundancy at
dramatically lower cost than traditional
infrastructure.
A global end point threat prevention
company wanted to have global reach
for their cloud-based threat protection
and virus scanning system.
Additionally, they wanted to ensure
global redundancy using multiple cloud
data centers with the potential for
connected multiple cloud providers.
Challenges:
• Working with multiple cloud
providers and cloud regions
• Connections across clouds and down
to existing physical data centers and
networks
Solution featured:
• Guaranteed encryption for all data in
motion and at rest
• Overlay network to federate across
any public cloud provider
End customers can access critical
resources without waiting for inter-
continental lag times, at much lower
costs.
Data Center 2
Cloud WAN for global reach and redundancy
32
EU Public
Cloud
IPsecconnection
Existing Data Center
IPsecconnection
US Public Cloud
Federated Multi-Cloud Network
Failover
33. Copyright CohesiveFT - 14 Jun 2013
Cloud WAN
connectivity without
the expensive assets
or contracts.
Highlights
Global reach for products and global
redundancy for security.
Needed secure connections to existing
data centers and networks.
Access critical infrastructure “in region”
without phsyical resources.
Offered global redundancy at
dramatically lower cost.
A pharmaceutical information systems
firm wanted to integrate US-based
offices together and to integrate offices
to their cloud infrastructure.
Challenges:
Offices had different hardware and
software, networks and data needs.The
firm did not want to invest in assets or
long term contracts with vendors.
Solution featured:
• Guaranteed encryption for all data in
motion and at rest
• Overlay network to federate across
any public cloud provider
• IPsec and data in motion encryption
Customer created a true Cloud WAN
with overlays and cloud provider.
Each office connected to the cloud-
based systems and also connected to
each other usingVNS3 and the cloud
as the network backbone. Medical Data
Center
Pharmaceutical system federates infrastructure
33
Hospital Offices
Medical
Office
Public Cloud
Region 2
IPsecconnection
Public Cloud
Region 1
WANNetwork
IPsecconnection
IPsecconnection
34. Copyright CohesiveFT - 14 Jun 2013
Coalescence: Services for the Cloud Container
• Cloud migration framework
•Automate your application migration to save time and money
•No need to re-instal servers if cloud provider infrastructure fails or upgrades
• Proven methodologies to take planned topologies to the
cloud through a set of logical steps
• Experience-informed services:
•Cloud strategy / advisory
•HPC in the cloud
•Cloud training
•Cloud / virtualization support
•VNS3 design and implementation
•Cloud deployment and security audit
•Cloud active directory
34
Analyze
Requested
Topology
Packaging &
Bundling
Unit Implementation
Cluster Definition &
Contextualization
Cluster Mastering
Multi Cluster
Launch