SlideShare a Scribd company logo

Micro segmentation – a perfect fit for microservices

Download as PPTX, PDF
Anthony Chow, profile picture
Anthony Chow

Microsegmentation, which groups network entities into segments and applies security policies to control traffic, is a perfect fit for securing microservices architectures. It allows for network-independent security policies to be defined and centrally managed at a fine-grained level, enabling policies to adapt to the dynamic and elastic nature of microservices. Major networking and security platforms like VMware NSX, Cisco ACI, and Docker's libnetwork support microsegmentation capabilities that are well-suited for microservices security through isolation, segmentation, and distributed policy enforcement.

Technology
1 of 18
Downloaded 42 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Microsegmentation – a perfect fit for Microservices security Anthony Chow @vCloudernBeer http://cloudn1n3.blogspot.com VMworld 2015 vBrownBag TechTalk
What is Microservices?  It is an architecture for application deployment  Monolithic -> small and autonomous  Deployed as separate service/entity  Communicate via network calls  A new trend to deploy application  Agile  Scalable  High Availability
Monolithic vs Microservices (Star Wars version)
Microservices companion technologies  DevOps – share same idea with Microservices  Agile  Scalable
Microservices companion technologies  Docker – enables streamlined Microservices architecture  Minimum overhead  Quick provisioning
Cloud Native Application  Microservices part of the equation along with DevOps and Linux Containers for building Cloud Native Application  Application that takes full advantage of the cloud platform.  Agile  Scalable  High Availability  Not a “One Size fit All” solution
Microservices – opens up security risk  Frequent and short life span  Increase east-west traffic  Services are not as isolated
What is Microsegmentation?  A security feature  Group entities within a network into one unit and to apply rules/polices to control the traffic in and out of the segment.  Concept is not new  Miro level not feasible to implement before network virtualization  Supporting principles  Apply security policy to the smallest granular level  Zero trust security model
Major component for effective Microsegmentation  From an article by Scott Lowe  Network independent policy definition  Centralized policy repository  Distributed policy enforcement
How does Microsegmentation fit into Microservices security?  Network independent definition  Security rule tailor to Microservices  Centralized policy repository and distributed enforcement  Able to adapt to dynamic and elastic nature of Microservices
VMware - NSX  An networking and security solution  Security is supported inherently by its architecture/design:  Isolation  Segmentation  Segmentation with Advanced Services
Micro segmentation – a perfect fit for microservices
Micro segmentation – a perfect fit for microservices
Micro segmentation – a perfect fit for microservices
Cisco – ACI (Application Centric Infrastructure)  Policy definition separating segments from the broadcast domain  “tags” or “attributes” that identify an endpoint regardless of its IP address  End-point Groups as Microsegmenations
Micro segmentation – a perfect fit for microservices
A new chapter in Docker networking - libnetwork  Still under development ◦ Docker 1.7 (libnetwork rev 0.3) ◦ Docker 1.8 (libnetwork rev 1.0)  Container Network Model  A plugin model – able to take advantage 3rd party well developed networking and security infrastructure.
libnetwork- a pluggable interface  Container Network Model (CNM)  Sandbox  Endpoint  Network

More Related Content

PDF
Microservices: Notes From The Field
Apcera
 
PDF
Apcera: Agility and Security in Docker Delivery
Apcera
 
PDF
Scaling towards a thousand micro services
Diego Berrueta
 
PPTX
Cloud security what to expect (introduction to cloud security)
Moshe Ferber
 
PPTX
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
Puneet Kukreja
 
PPTX
Architect secure cloud services.
Moshe Ferber
 
PPTX
Transforming cloud security into an advantage
Moshe Ferber
 
PDF
Open faas and linkerd
Keiran Smith
 
Microservices: Notes From The Field
Apcera
 
Apcera: Agility and Security in Docker Delivery
Apcera
 
Scaling towards a thousand micro services
Diego Berrueta
 
Cloud security what to expect (introduction to cloud security)
Moshe Ferber
 
CLOUDSEC LONDON 2016 - Puneet Kukreja - Enabling Cloud Security -
Puneet Kukreja
 
Architect secure cloud services.
Moshe Ferber
 
Transforming cloud security into an advantage
Moshe Ferber
 
Open faas and linkerd
Keiran Smith
 

What's hot (18)

PPTX
What the auditor need to know about cloud computing
Moshe Ferber
 
PDF
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elasticsearch
 
PPTX
Modern Security Pain Points with Application Modernization - With Jermaine Ed...
Konveyor Community
 
PPTX
Best Practices to Secure Your Kubernetes Cluster
Stefano Tempesta
 
PPTX
Cloud of tomorrow
Kevin Clarke
 
PPTX
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 
PPT
OpenStack - Security Professionals Information Exchange
Cybera Inc.
 
PDF
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Sebastian Taphanel CISSP-ISSEP
 
PPTX
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
PDF
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community
 
PPTX
Cloud security for financial services
Moshe Ferber
 
PPTX
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
Iftikhar Ali Iqbal
 
PDF
Launching a Highly-regulated Startup in the Public Cloud
Poornaprajna Udupi
 
PPT
Richard Chang Uvp
rchang1967
 
PDF
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
PDF
Evident io Continuous Compliance - Mar 2017
Sebastian Taphanel CISSP-ISSEP
 
PPTX
Alert Logic: Realities of Security in the Cloud
Alert Logic
 
PPTX
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Alert Logic
 
What the auditor need to know about cloud computing
Moshe Ferber
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elasticsearch
 
Modern Security Pain Points with Application Modernization - With Jermaine Ed...
Konveyor Community
 
Best Practices to Secure Your Kubernetes Cluster
Stefano Tempesta
 
Cloud of tomorrow
Kevin Clarke
 
Infrastructure Saturday - Level Up to DevSecOps
kieranjacobsen
 
OpenStack - Security Professionals Information Exchange
Cybera Inc.
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Sebastian Taphanel CISSP-ISSEP
 
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community
 
Cloud security for financial services
Moshe Ferber
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
Iftikhar Ali Iqbal
 
Launching a Highly-regulated Startup in the Public Cloud
Poornaprajna Udupi
 
Richard Chang Uvp
rchang1967
 
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
Evident io Continuous Compliance - Mar 2017
Sebastian Taphanel CISSP-ISSEP
 
Alert Logic: Realities of Security in the Cloud
Alert Logic
 
Introduction to Security in the Cloud - Mark Brooks, Alert Logic
Alert Logic
 
Ad

Viewers also liked (8)

PPTX
Secure rest api on microservices vws2016
Quý Nguyễn Minh
 
PDF
Netflix Container Runtime - Titus - for Container Camp 2016
aspyker
 
PPTX
Steel Industry
praveenkumar2421
 
PDF
Industrial mkt segmentation
Sarthak Gulati
 
PPTX
Marketing Management - Industrial Market Segmentation OR B2B Market Segmentation
Arjun Parekh
 
PDF
B2B Strategy Making and Planning
Asia Pacific Marketing Institute
 
PPTX
Nested approach to the segmentation of B2B markets
Sana Sadiq
 
PPT
Business to business marketing ppt
Sukriti Mal
 
Secure rest api on microservices vws2016
Quý Nguyễn Minh
 
Netflix Container Runtime - Titus - for Container Camp 2016
aspyker
 
Steel Industry
praveenkumar2421
 
Industrial mkt segmentation
Sarthak Gulati
 
Marketing Management - Industrial Market Segmentation OR B2B Market Segmentation
Arjun Parekh
 
B2B Strategy Making and Planning
Asia Pacific Marketing Institute
 
Nested approach to the segmentation of B2B markets
Sana Sadiq
 
Business to business marketing ppt
Sukriti Mal
 
Ad

Similar to Micro segmentation – a perfect fit for microservices (20)

PDF
Microservices in Practice
Kasun Indrasiri
 
PPTX
Design and Deploy Secure Clouds for Financial Services Use Cases
PLUMgrid
 
PDF
Microservices: A Security Nightmare?
Container Solutions
 
PDF
A Gentle introduction to microservices
Gianluca Padovani
 
PPTX
Containers & Microservices
Zeeshan Rizvi
 
PDF
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
PDF
Monitoring & Securing Microservices in Kubernetes
Michael Ducy
 
PPTX
Containers and workload security an overview
Krishna-Kumar
 
PDF
Microservices Security: dos and don'ts
Minded Security
 
PDF
Building Microservices Software practics
muhammed84essa
 
PDF
Service Mesh Talk for CTO Forum
Rick Hightower
 
PDF
Securing Microservices in Containerized Environments
DevOps.com
 
PDF
Microsegmentation for enterprise data centers
Narendran Vaideeswaran
 
PDF
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMware
 
PPTX
NSX 9 Core Use Cases
Kevin Groat
 
PDF
VMware Developer-Ready Transformation
VMware Tanzu
 
PPTX
M11 ACI Security.pptx
vinodp59
 
PDF
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
PDF
Kenzan: Architecting for Microservices
Darren Bathgate
 
PDF
Production-Ready_Microservices_excerpt.pdf
ajcob123
 
Microservices in Practice
Kasun Indrasiri
 
Design and Deploy Secure Clouds for Financial Services Use Cases
PLUMgrid
 
Microservices: A Security Nightmare?
Container Solutions
 
A Gentle introduction to microservices
Gianluca Padovani
 
Containers & Microservices
Zeeshan Rizvi
 
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
Monitoring & Securing Microservices in Kubernetes
Michael Ducy
 
Containers and workload security an overview
Krishna-Kumar
 
Microservices Security: dos and don'ts
Minded Security
 
Building Microservices Software practics
muhammed84essa
 
Service Mesh Talk for CTO Forum
Rick Hightower
 
Securing Microservices in Containerized Environments
DevOps.com
 
Microsegmentation for enterprise data centers
Narendran Vaideeswaran
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMware
 
NSX 9 Core Use Cases
Kevin Groat
 
VMware Developer-Ready Transformation
VMware Tanzu
 
M11 ACI Security.pptx
vinodp59
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
Kenzan: Architecting for Microservices
Darren Bathgate
 
Production-Ready_Microservices_excerpt.pdf
ajcob123
 

More from Anthony Chow (14)

PPTX
Build your own Blockchain with the right tool for your application
Anthony Chow
 
PPT
Container security
Anthony Chow
 
PPT
MQTT security
Anthony Chow
 
PPTX
Understanding gRPC Authentication Methods
Anthony Chow
 
PPTX
Api security with o auth2
Anthony Chow
 
PPTX
Container security
Anthony Chow
 
PPT
Container security
Anthony Chow
 
PPTX
V brownbag sept-14-2016
Anthony Chow
 
PPTX
Understanding the container landscape and it associated projects
Anthony Chow
 
PPTX
Getting over the barrier and start contributing to OpenStack
Anthony Chow
 
PPT
Introduction to go
Anthony Chow
 
PPTX
An overview of OpenStack for the VMware community
Anthony Chow
 
PPTX
VXLAN in the contemporary data center
Anthony Chow
 
PPT
What a Beginner Should Know About OpenStack
Anthony Chow
 
Build your own Blockchain with the right tool for your application
Anthony Chow
 
Container security
Anthony Chow
 
MQTT security
Anthony Chow
 
Understanding gRPC Authentication Methods
Anthony Chow
 
Api security with o auth2
Anthony Chow
 
Container security
Anthony Chow
 
Container security
Anthony Chow
 
V brownbag sept-14-2016
Anthony Chow
 
Understanding the container landscape and it associated projects
Anthony Chow
 
Getting over the barrier and start contributing to OpenStack
Anthony Chow
 
Introduction to go
Anthony Chow
 
An overview of OpenStack for the VMware community
Anthony Chow
 
VXLAN in the contemporary data center
Anthony Chow
 
What a Beginner Should Know About OpenStack
Anthony Chow
 

Recently uploaded (20)

PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Cloud computing and distributed systems.
kkkkkhan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Teaching material agriculture food technology
LiaRayya
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 

Micro segmentation – a perfect fit for microservices

  • 1. Microsegmentation – a perfect fit for Microservices security Anthony Chow @vCloudernBeer http://cloudn1n3.blogspot.com VMworld 2015 vBrownBag TechTalk
  • 2. What is Microservices?  It is an architecture for application deployment  Monolithic -> small and autonomous  Deployed as separate service/entity  Communicate via network calls  A new trend to deploy application  Agile  Scalable  High Availability
  • 3. Monolithic vs Microservices (Star Wars version)
  • 4. Microservices companion technologies  DevOps – share same idea with Microservices  Agile  Scalable
  • 5. Microservices companion technologies  Docker – enables streamlined Microservices architecture  Minimum overhead  Quick provisioning
  • 6. Cloud Native Application  Microservices part of the equation along with DevOps and Linux Containers for building Cloud Native Application  Application that takes full advantage of the cloud platform.  Agile  Scalable  High Availability  Not a “One Size fit All” solution
  • 7. Microservices – opens up security risk  Frequent and short life span  Increase east-west traffic  Services are not as isolated
  • 8. What is Microsegmentation?  A security feature  Group entities within a network into one unit and to apply rules/polices to control the traffic in and out of the segment.  Concept is not new  Miro level not feasible to implement before network virtualization  Supporting principles  Apply security policy to the smallest granular level  Zero trust security model
  • 9. Major component for effective Microsegmentation  From an article by Scott Lowe  Network independent policy definition  Centralized policy repository  Distributed policy enforcement
  • 10. How does Microsegmentation fit into Microservices security?  Network independent definition  Security rule tailor to Microservices  Centralized policy repository and distributed enforcement  Able to adapt to dynamic and elastic nature of Microservices
  • 11. VMware - NSX  An networking and security solution  Security is supported inherently by its architecture/design:  Isolation  Segmentation  Segmentation with Advanced Services
  • 15. Cisco – ACI (Application Centric Infrastructure)  Policy definition separating segments from the broadcast domain  “tags” or “attributes” that identify an endpoint regardless of its IP address  End-point Groups as Microsegmenations
  • 17. A new chapter in Docker networking - libnetwork  Still under development ◦ Docker 1.7 (libnetwork rev 0.3) ◦ Docker 1.8 (libnetwork rev 1.0)  Container Network Model  A plugin model – able to take advantage 3rd party well developed networking and security infrastructure.
  • 18. libnetwork- a pluggable interface  Container Network Model (CNM)  Sandbox  Endpoint  Network