December 13, 2017 | REAN Cloud Team
A recent IDC report found that organizations’ infrastructure can be more secure using the AWS cloud than their on-premises environment. This is huge, as enterprises will see a shift in the amount of data that is cloud based vs. system based, freeing up important IT resources; a long-term benefit to businesses, as they can then deploy those resources to other or new endeavors. However, while resource-impact and ease of deployment are clear benefits of the Cloud, the issue of security is still top of mind.
AWS primarily focuses on security by ensuring that encryption is built into their products via extensive network and security monitoring systems. Nevertheless, in the shared security model that AWS uses, the customer is still responsible for making sure that they have control over data and access management, network and firewall configurations.
Palo Alto Networks, a leader in next generation security systems, provides a broad suite of enterprise-level firewalls with a diverse range of security features for your network. Its core capability lies in detecting the application and not the port, allowing to set policies on that application to control traffic moving in and around that VPC and preventing threats within that application flow. This has a significant impact on security in the Cloud as it makes encryption easier, yet built into every layer of products, which in the long run provides more robust security than on-premise can provide.
Palo Alto Networks’ automation includes key features like Bootstrapping, bi-directional XML API, and dynamic policy updates which allow completely configured firewalls eliminating the change control process and commit process that a firewall needs to go through. These are the key features of Palo Alto Networks that REAN Cloud has taken advantage of in their work with Gigamon.
Gigamon is an ISV focusing on data in motion by collecting network data and being able to analyze it and further share it with relevant partners. Initially, it tried configuring its own security environments, but ran into a number of challenges. Desiring a cloud-based solution, REAN Cloud, harnessing the power of Palo Alto Networks, was able to create an infrastructure required for their customer on Cloud that eliminated security roadblocks from a DevOps environment. Also, taking into consideration the idea that every developer needed a unique and dedicated VPC, REAN Cloud offered the concept of Control VPC — a centralized component to put all the security resources to provide the required level of consistency.
To automate deployment, we leveraged REAN Deploy for drag and drop capabilities. This allowed us to minimize efforts on developers, configure the environment and successfully deploy a set of security rules per the requirements of Gigamon.
This allowed us to push out the individual resources needed to take advantage of, and configure, those elements. This ensured a sturdy foundation and control VPC, which lead to layering the networking components that would be required to support the VM series. REAN Cloud leveraged Jenkins Continuous Integration and Continuous Delivery software to pull IP addresses from the network configuration and using the tools that PAN provides, were able to export and generate xml files for use. So within the configuration directory we were able to store this updated bootstrap with the correct IP addresses that have been deployed for networking within the VPC and point Palo Alto Networks to that VM series.
We are proud of our work for Gigamon and the work we do with our customers every day, guiding them through their cloud journey. Often this starts with developing a business case, other times, it means working within an existing system. With partners like Palo Alto Networks, REAN Cloud is innovating cloud-based environments for customers that show ROI.
Click here to view the Palo Alto Networks webinar that discusses this topic in detail.