RSA China Convention Zhang Zhenlen: Overview of Private Cloud Security Architecture (1)

Source: Internet
Author: User
Keywords Private cloud Vmware rsa vmware virtual machine
In the early days of the RSA 2010 conference, we listened to a number of speakers. 51CTO as a special media, the General Assembly of the relevant reports. See the RSA 2010 Information Security International Forum feature for more details. So, for some of the speeches that are involved in the conference, here's a summary. Now, let's review the "private Cloud Security Architecture Overview" brought by Zhang Zhenlen, the Greater China technology director of VMware. Zhang Zhenlen: Good afternoon! It's a pleasure to have this opportunity to share with you the security issues of virtualization and cloud computing. In fact, I believe that members have listened to a lot of introductions, including the introduction of Professor Chen, who are talking about the security of cloud storage and all aspects of the cloud, as if all the security in the cloud has become a particularly important topic. Today, when we are talking about the public cloud, we all feel that one of the most important obstacles is security. How do we see security? In the cloud architecture, what will happen to some of the changes in the way, from the perspective of the entire architecture, how should we reconsider? Before that, I would like to ask everyone here, I do not know how many people know what VMware Company is doing? (Listener Answer: virtual machine) This Mister says VMware is a virtual machine, and someone knows what VMware does? I believe that when we went to see VMware a few years ago, a lot of people knew that VMware was server virtualization and that the concept was outdated. Maybe two or three years ago, or when I joined VMware, said VMware began to do data center virtualization, data center virtualization than server virtualization, the content of a lot of expansion, because of the inclusion of network virtualization, storage virtualization, memory virtualization, Application Virtualization, desktop virtualization, security virtualization and so on. That means it becomes the entire data center, and it's virtualized. Today, I tell you, VMware is not a data center virtualization, this concept is outdated, what is VMware doing? If we were to focus on VMware's recent user conference in the United States, we VMware 2010, and I believe you see a very clear theme for what VMware is officially publishing at this conference. A lot of people used to use VMware's servers, and then we renamed VMware. Seeing US release vsphere today marks the official landing of VMware's products in cloud computing, and last week at our European user Conference, VMware officially released Vsphere 4.20. These two important releases mean that our cloud is not always floating in the sky, to fall to the ground, once the landing, we will lead to today's topic, if we say that a few years ago, we have been saying that clouds in the sky, this cloud down to the ground, into the rain, into what looks like, we will have a variety of ideas, These thoughts cause us to have no direction today.But today these two important releases of cloud computing, has let us cloud computing really can fall, have ready-made products, I believe that if we go back to the past 20 years, everyone will feel that the Internet is a very mysterious thing, but said the internet will bring about what kind of impact, no one knows. People just think we have a lot of things to go in this direction. But today we are at another point in the cloud. This point is the challenge of our architecture after cloud computing actually landed. We begin today to formally look at the challenges of our entire architecture, and how we can add our security to this platform, and let us build a secure private cloud, or a public cloud. We're going to look at a few stages, we're going to look at today's data center or this virtual cloud platform what the challenges are, if we use the traditional security architecture to do, we have some of the loopholes, or some kind of gap, we have to make up, to ensure that we go to the cloud, We don't have any problems with the security system. There are a number of discussions here that may be oriented to architecture, perhaps not encryption, decryption, and so on. We're going to build the entire security architecture, and then on the cloud computing platform, we'll also look at how to solve the security problem under the hybrid cloud platform. For example, this is an enterprise-class virtual Cloud computing Center, or we call it an internal cloud. Today, a lot of people hear about how the internal cloud, the external cloud, the hybrid cloud, or how the internal cloud and the external cloud work together, and that's not the topic we're talking about today, but we'll think of the first step in cloud computing today, and the idea of how to become an internal cloud for the The concept that we have been mentioning from today or in the past years, (NGDC), to this day, we basically put this concept out, and then into the concept of internal cloud, we want to complete this gorgeous turn, which from the security architect, we have to challenge, such as we see a variety of security devices, Whether from the firewall, from VPN and so on, IDS, IPs Some defense mechanism, these things gradually accumulate in our entire cloud computing or enterprise data center, while our tradition is the chimney-style management mechanism, each part may not be well balanced, we also built more and more VLAN, If, as the cloud expands, the entire architecture becomes more complex, we may be able to exhaust the number of VLANs we can design on VLAN construction, leading us to the end, and all of our established security traditional policies are static. Static, how do we follow virtual machines or dynamic resource scheduling on our cloud architecture to ensure that security follows dynamic changes. If these security structures and systems are not able to properly integrate the dynamic adjustment and optimization of cloud computing, then security poses a huge challenge that may constrain many resources from being dispatched. In thisMay return to the traditional pattern. Of course, we also see a number of other challenges, with the cloud when a series of challenges, we have not traditionally considered these dynamic factors, resources can be scheduled to dispatch, virtual machines can be on different physical machines through other mechanisms to drift, drift away after the connection to the physical port, Connecting a firewall or some security mechanism is changing, how to ensure these valid connections. Just talking about the data center, another piece can not be ignored, is our desktop or our terminals. A lot of people will say that the data center is our focus today, the desktop, there are dedicated to do it people to tube. In fact, when we go to the cloud computing stage, we must not overlook the desktop. We can have all kinds of problems on the desktop. I do not know whether we have to pay attention to, some time ago, for example, we all know an event, KFC's "Seconds to kill the door", is how to cause. Another incident in Europe, HSBC, 97,000 customer information leaked, what does this mean? This means there must be a lot of fines, a lot of image loss and so on a series of problems. Think of this as hackers attacking your data center and taking that data away? Is it true that someone ran into your data center and pried your door open and moved the disk inside? We said it might be useless to move that disk. Professor Chen said just now, there are a variety of data encryption, I moved this data is no use, but also can not be solved, but why these data are easily leaked to the market up? Who the hell did this? What is our problem? In fact, not the data center security issues, nor the data center to set up some firewalls or intrusion prevention system problems, but our desktop has problems, our people have problems. This is the most important, the most critical, no matter how encrypted, no matter how safe the system, there will always be several people, or even dozens of people, to access the data. If you're going to have access to the data, will these people be able to use that data as a diversion? This is actually a lot of time today we talk about the concept of desktop cloud, desktop data center, do not think it is not important, when Jianyun, we must feel that this piece is the entire security architecture is the weakest link, it should be taken into account, should form a desktop cloud. As a desktop cloud, to our enterprise-class data center, or virtual data center has the same problem, of course, we also have a lot of different problems, such as our desktop this piece to install a variety of software, to install security protection, today Anti-Virus, tomorrow to prevent intrusion, and constantly add a lot of things, once the formation of the desktop cloud, is to think that the desktop should be in the data center, as much as possible as a secure access architecture, this secure access architecture means that the foreground things become similar to the client software installed on your traditional notebook, desktop, and then direct access to the background, as far as possible so that your front desk can not get the data, you can see, But you can't get itCuff it, copy it, then carve it into a disc, upload it from the web, and so on. But once you have made these architectures, such as working in the morning, all employees log on to these systems, all the machines start to specify a virus scan, will not cause the entire desktop disaster. How are these aspects solved? If we're still playing the traditional cop-catching-thieves game, we're going to get a much worse social order today. 1 2 3 4 next page >> view full-text navigation page 1th: VMware Development Direction 2nd page: Let it become industrialization 3rd page: Private Cloud Security Architecture 4th page: Question Link original: RSA China Convention Zhang Zhenlen: Private Cloud Security Architecture Overview (1) Back to network security home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.