• Home

  • Documents

  • Tame the Network and Security of a Data Center Migration · PDF fileTame the Network and...

If you can't read please download the document

Tame the Network and Security of a Data Center Migration · PDF fileTame the Network and Security Challenges of a Data Center Migration The Tufin Orchestration Suite™ is essential

Embed Size (px)

Citation preview

  • TametheNetworkandSecurityChallengesofaDataCenterMigrationTheTufinOrchestrationSuiteisessentialtoawellplanned,wellexecutedmigration

    www.tufin.com

  • 2/14

    Introduction

    DatacentermigrationplansarehighonthelistofkeyprojectsformanyCIOsthesedays.Migratingcompanyapplicationsfromonelocationtoanother,orfromoneplatformtoanother,representsalotofriskforanorganization.Still,manycompaniesundergothearduousprocesswiththeexpectationthatitwillresultinsignificantefficiencyandbusinessagility.Therearenumerousreasonswhycompaniesundergoadatacentermigration.Formanybusinesses,itispartofanITcostreductioninitiative.Datacenters,particularlyolderoneswitha1:1ratioofapplicationstoservers,areveryexpensivetooperateandmaintain.Companiesmayhaveobsoletelegacyhardwareorsoftwareplatformsthatarenolongersupportedbyvendors,leavingthemlittlechoicebuttomigratetoamoderninfrastructure.Companiesthathavegonethroughmergersoracquisitionsmaybelookingtoconsolidatemultipledatacentersintooneorjustafewinordertoeliminateredundancyandtoattainthecostefficienciesexpectedbycombiningcompanies.Anotherhugedriverfordatacentermigrationsistoincreasebusinessagilitybyutilizingcloudandvirtualizationtechnologiesandservicesthatcanbequicklyprovisionedandadaptedtorapidlychangingbusinessneeds.Manycompaniestodayaretakingtheirapplicationsoutofatraditionalonpremisedatacenterandmovingthemtothecloudwhetheritbeapublic,aprivateorevenahybridcloud.Regardlessofthereasonacompanyhas,orthedestinationplatformitchooses,datacentermigrationandconsolidationprojectscanoffertheopportunitytomeetmanybusinessneeds,includingimprovingtheorganization'ssecurityandcomplianceposture.Despitethefactthatmanyorganizationsareundertakingsuchamajortransition,fewpeopleinITtodayhavelegitimateexperiencegoingthroughanentiremigrationproject.Peoplewhodidthehandsonworkduringthelastgreatmigrationperiodtheonethatledcompaniesfrommainframestoclient/servercomputinghavemostlyretiredormovedontootherrolesintheirorganizations.Asaresult,theirknowledgeandexperienceinhowtoplanandexecuteacomplexdatacentermigrationislosttohistory.AccordingtoGartner,70%ofdatacentermigrationswillincursignificanttimedelaysorunplanneddowntime,largelyduetoimproperplanning.Thisfigureisbasedonmorethan300clientinteractionsGartnerhashadinthepastfouryearsinwhichdatacentermigrationswerediscussed.1

    1DavidCappuccio,Gartner,Inc.,"DataCenterMigrationsFiveStepstoSuccess,"26March2014

    "Awellplannedmigrationoftenbecomesawellexecutedmigration,andawellexecutedmigrationisoftenmuchfaster,endtoend,thanonethatisruninanadhocmanner."DavidJ.Cappuccio,Gartneranalyst

  • 3/14

    Adatacentermigrationisanexerciseinriskmitigation.Ittakessuperiorplanningandexecutiontomakethetransitioninatimelyfashionandwithlittletonobusinessdisruption.GartneranalystDavidCappucciowrote:"Awellplannedmigrationoftenbecomesawellexecutedmigration,andawellexecutedmigrationisoftenmuchfaster,endtoend,thanonethatisruninanadhocmanner."2Thedatacentersecuritypolicylayerisoftenthemostchallengingtoreplicatebetweendatacentersandevencloudenvironments.Thesepoliciesarethecentralnervoussystemofanorganization'sentiredatacenter,whichmakespolicyanalysisandconfigurationcontrolabsolutelyessentialthroughoutthemigrationprocess.Thecompanythatwantstoensureasuccessfulmigrationwilltakeadvantageoftoolsthatautomatetheprocessofplanningfor,predictingandtestingtheimpactofchangestosecurityandnetworkdevices,evenbeforethosechangesareactuallymade.ThiswhitepaperlooksathowtheTufinOrchestrationSuitehelpscompaniesdiscovertheirapplicationsandtheassociateddependencies,aswellasplan,predictandexecutechangesatthenetworksecuritylayeroftheirdatacentermigration.

    DataCenterMigrationChallenges

    Alargescalemigrationprojectcanbeoneofthemostriskyandcomplexundertakingsanenterprisecanexperience.Thechallengesaremyriad,buttherearethreeuniversalchallengesinherentineverymigrationproject.

    DiscoveryofApplicationDependencies

    Theorganizationmustfullydiscoveralloftheapplicationservicedependencies,evenforapplicationsthatarenotconsideredpartofthemigrationprojectbecausetheycanhaveunknownorundocumentedrelationshipsanddependencies.IfaserverisbeingmovedfromdatacenterAtodatacenterB,orfromphysicalserverAtovirtualserverB,therearemanycomponentsthatdependonthatserver.Forexample,perhapsthereisanapplicationrunningonthatserverandthereisanothersecondaryapplicationthatcommunicateswithadatabasewhichisonthisserver.Ifthedatabaseisgoingtomoveelsewhere,thenthesecondaryapplicationisgoingtostopworkingbecausetheapplicationcodehasithardcodedsomewherethatthedatabaseislocatedonaspecificIPaddress.

    Closelyrelatedtothisissueistheneedtoidentifybusinessownershipoftheapplications.It'scommonthatmanyapplicationscurrentlyrunninginanorganization'sdatacenterhavebeenrunningthereformanyyears.Thepeoplewhoknowthedetailsoftheseapplicationsmightnotevenworkforthecompanyanymore.It'snotthatunusualtohaveanapplicationwherenoonereallyknowspreciselyhowitisworking.Thisisn'tterriblyimportantaslongaseverythingisworkingasexpected,butifthere'sastoppageforanyreason,theapplicationownerwillwanttoknowwhy.2Ibid.

  • 4/14

    It'squitehardtounderstandwhatapplicationsexistandwhatdependenciestheyhaveinthenetwork.Inmanyorganizationstheconfigurationmanagementdatabase(CMDB),whichshouldcontainanaccurateversionofthisinformation,isn'tactuallyuptodate.Atthesametime,thisiscriticalinformationtohavebecausewithoutit,theorganizationhasabigriskofhavingbusinessdowntime.Gartnersaysthisdiscoveryandidentificationphaseisreallyariskassessmentphaseandit'soneofthemostimportantstagesofthemigrationplanningprocess.Itentailsdoingadetailedevaluationorauditofexactlywhatneedstobemoved,whenandhow.DavidCappuccioofGartnerwrites:"Thisphasetakesadetailedlookatapplications,networkrequirements,andmostimportantly,dependenciesbetweenapplicationsandthecascadeeffectsonapplicationdeliveryandbusinessimpactifanapplicationfailstomigratecorrectly."3

    MinimalImpactonBusinessDuringtheMigration

    Theidealscenarioistobeabletomigrateallnecessaryhardware,software,applicationsandserviceswithnodiscernibleimpactonbusinessoperations.Thisincludesmakingtherequiredchangestothenetworkandsecuritypolicies.Thepeoplewhoaredoingthemigrationaretypicallygivenscheduledperiodsoftimeinwhichtheyareexpectedtocompleteallnecessarywork.Failuretoadheretothiswindowoftimemighthaveanegativeimpactonbusinessandwouldcertainlyreflectpoorlyonthecompetenceofthemigrationteam.Consequently,theteammembersneedtohavebetterpredictabilityintheprocessofmovingthingsfromoneplatformtoanother,aswellasagoodlevelofcertaintythattheycanaccomplishwhattheyneedtodointheallottedtime.Forinstance,theteammightbegivenafourhourwindowtocutoverbusinessoperationsfromanapplicationthathasbeenrunninginalegacydatacentertoaparallelapplicationthatisrunninginthecloud.Themigrationteamexpectstheirworkshouldtakelessthanfourhoursbuttheywanttoallowextratimeincaseproblemsarise.Beforedoingthecutover,theylookforwaystoshortenthemigrationprocessandalsotohavemorecertaintyinpredictingwhatworkisrequiredforthiscriticalprocess.Duringthemigration,theywanttohavegoodvisibilityandcontrolsotheyknowexactlywhat'sgoingon.

    Security,RiskandCompliance

    Whiletheentiremigrationprocessisfraughtwithriskwhatifsomethinggoeswrongandbusinessisdisrupted?themorelongtermconcernisaboutriskandsecurityissuesthatmightbeintroducedasapplicationsmovefromoneplatformtoanother.Forexample,inmovingfromalegacydatacentertoavirtualizedenvironment,physicalfirewallsmaygivewaytothevirtualizedversion,whichmaybesomethingtheoperationsteamisnotyetcompletelycomfortablewith.Thechallengeforthemigrationteamistomakesurethat,astheyaremovingthingsaround,theyareactuallyimprovingtheorganization'ssecuritypostureandtheyarenotaddingnewriskstothemix.

    3Ibid.

  • 5/14

    Withregardtothenetworkaspectofthenewplatform,theteamisespeciallyconcernedaboutrisksfrommisconfigurationsandfrompoliciesnotbeingfullyimplementedorevenuptodate.Afirewallchangetoenableconnectivityofanapplicationthathasbeenmigratedfromoneenvironmenttoanotherisapotentialrisktosecurityandbusinesscontinuity.Forexample,it'snotuncommonforsecurityandnetworkingteamstofirstfocusonenablingconnectivityinthenewenvironmentinordertomakesurethebusinessapplicationsareworking.Forthistheyoftenconfiguretheirfirewallandrouterswithanoverpermissivesecuritypolicywhichfocusesonconnectivityratherthansecurity.Theyplantogobacklaterandfixthisbutunfortunatelytheynevergetaroundtotighteningtheirsecuritypolicies.Consequentlytheyendupwithamorevulnerablenetwork.Migrationteamsneedvisibilityintohowmakingsuchchangeswillimpacteverythingelse.Nowconsiderthatadatacentermigrationcaneasilyinvolvehundredsoreventhousandsofapplicationsandthemagnitudeofthechallengebecomesquitelarge.Maintainingcomplianceisanotherissue.Everybusinessofasignificantsizeiscompelledtocomplywithatleastonegovernmentorindustrymandatedregulation,whetheritbethePaymentCardIndustryDataSecurityStandard(PCIDSS),SarbanesOxley,theGrammLeachBlileyAct(GLBA),theHealthInformationPortabilityandAccountabilityAct(HIPAA),oranynumberofothers.Companiesoftenhaveinternalregulationsaswell.Theregulationsandstandardsrelatingtoinformationsecurityputanemphasisoncomplianceandtheregularauditingofsecuritypoliciesandcontrols.Whileregulatoryandinternalauditscoverabroadrangeofsecuritychecks,thefirewallisfeaturedprominentlysinceitisusuallythefirstlineofdefensebetweenthepublicandthecorporatenetwork.Thetaskofmaintainingcomplianceisdifficult,atbest,inamultivendorenvironment,andtheadditionalburdenofmigratingfromoneplatformtoanothercompoundsthechallengeofadheringtoregulatoryrequirements.Onceagain,thisprocessrequiresgoodvisibilitybefore,duringandafterthemigration.

    TechnologyChallenges

    Oneofthegreatbenefitsofanewdatacenterarethenewtechnologiesthatarebeingimplementedtoday,whetherit'scloud,virtualizationorSDx("softwaredefinedanything").Thesetechnologiesoffertremendousflexibilitywhichhelpsanorganizationgainbusinessagility.Nowit'spossibletoadaptthecomputinginfrastructurequicklytomeetchangingbusinessneeds.Never


Tufin Orchestration Suite Tune-Up · 2020. 10. 26. · About Tufin Professional Services Tufin Professional Services team and Service Delivery Partners are Tufin-certified experts

Tufin Orchestration Suite Tune-Up · 2020. 10. 26. · About Tufin Professional Services Tufin Professional Services team and Service Delivery Partners are Tufin-certified experts

Documents
Cisco Tetration Analytics & Tufin Orchestration Suite · 2019-01-15 · Cisco Tetration Analytics ™ & Tufin Orchestration Suite The Cisco Tetration Analytics platform uses advanced

Cisco Tetration Analytics & Tufin Orchestration Suite · 2019-01-15 · Cisco Tetration Analytics ™ & Tufin Orchestration Suite The Cisco Tetration Analytics platform uses advanced

Documents
Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that

Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that

Documents
Tufin Orchestration Suite Tune-Up · Key Benefits: •Tufin Orchestration SuiteLeverage expertise to modernize your installation. • Ensure that misconfigurations are identified

Tufin Orchestration Suite Tune-Up · Key Benefits: •Tufin Orchestration SuiteLeverage expertise to modernize your installation. • Ensure that misconfigurations are identified

Documents
NSX Reference Design Document - Tufin Reference Design Document Contents Overview ..... 1 VMware SDDC Approach Redefines Data Center Network Security ..... 1

NSX Reference Design Document - Tufin Reference Design Document Contents Overview ..... 1 VMware SDDC Approach Redefines Data Center Network Security ..... 1

Documents
Tufin Security Suite 5.1 Technical Preview Webinar February 2010 Reuven Harrison, CTO

Tufin Security Suite 5.1 Technical Preview Webinar February 2010 Reuven Harrison, CTO

Documents
Solution Overview Orchestrating Application … Application Connectivity with Cisco ACI and Tufin Managing Application Connectivity and Security with Cisco Application Centric Infrastructure

Solution Overview Orchestrating Application … Application Connectivity with Cisco ACI and Tufin Managing Application Connectivity and Security with Cisco Application Centric Infrastructure

Documents
Cisco Tetration Analytics & Tufin Orchestration Suite · of Cisco Tetration Analytics together with Tufin Orchestration Suite will dramatically increase their business agility without

Cisco Tetration Analytics & Tufin Orchestration Suite · of Cisco Tetration Analytics together with Tufin Orchestration Suite will dramatically increase their business agility without

Documents
Tufin Cisco Tetration Solution OverviewUse Case 2: Policy Learning Using the flows produced by the Cisco Tetration Analytics platform, users of Tufin Orchestration Suite can define,

Tufin Cisco Tetration Solution OverviewUse Case 2: Policy Learning Using the flows produced by the Cisco Tetration Analytics platform, users of Tufin Orchestration Suite can define,

Documents
T-Series Appliances - Tufin

T-Series Appliances - Tufin

Documents
FORTINET AND TUFIN SECURETRACK DEPLOMENT GUIDE: FORTINET AND TUFIN SECURETRACK OVERVIEW Fortinet (NASDAQ: FTNT) is a global provider of high-performance network security and specialized

FORTINET AND TUFIN SECURETRACK DEPLOMENT GUIDE: FORTINET AND TUFIN SECURETRACK OVERVIEW Fortinet (NASDAQ: FTNT) is a global provider of high-performance network security and specialized

Documents
Migration & National Security

Migration & National Security

Documents
MIGRATION, GLOBALIZATION, SOCIAL SECURITY

MIGRATION, GLOBALIZATION, SOCIAL SECURITY

Documents
Solution PRoViDERS - SCADAhacker · PDF fileSolution PRoViDERS 20 CritiCal SeCurity ControlS Advantages of Managed Security Services ... Tufin Appliance = Tufin 20 Penetration testing

Solution PRoViDERS - SCADAhacker · PDF fileSolution PRoViDERS 20 CritiCal SeCurity ControlS Advantages of Managed Security Services ... Tufin Appliance = Tufin 20 Penetration testing

Documents
Media, Migration and Security

Media, Migration and Security

Documents
Williams Walters - Migration and Security

Williams Walters - Migration and Security

Documents
Tufin APG Whitepaper

Tufin APG Whitepaper

Documents
Simplify the move to Lawson Security 9 Introducing SECURITY MIGRATION

Simplify the move to Lawson Security 9 Introducing SECURITY MIGRATION

Documents
NERC CIP v6 Continuous Compliance with Tufin Orchestration ... · Tufin Orchestration Suite enables NERC CIP V6 compliance by providing enterprises responsible for BES networks with

NERC CIP v6 Continuous Compliance with Tufin Orchestration ... · Tufin Orchestration Suite enables NERC CIP V6 compliance by providing enterprises responsible for BES networks with

Documents
analysis document SECURITY and MIGRATION

analysis document SECURITY and MIGRATION

Documents
Cisco Security Policy Compliance Eco-system · Operations Tools •Typically delivered by vendors •Focused on day-to-day operations Policy Compliance ... •Tufin Security Suite

Cisco Security Policy Compliance Eco-system · Operations Tools •Typically delivered by vendors •Focused on day-to-day operations Policy Compliance ... •Tufin Security Suite

Documents
Endpoint Security 10.1 Migration Planning Document

Endpoint Security 10.1 Migration Planning Document

Documents
Tufin ABC Handbook

Tufin ABC Handbook

Documents
Tufin Best Practices for PCI DSS Network Security Compliance · 2020. 10. 20. · Best Practices for PCI DSS v3.2 Network Security Compliance 2/8 Executive Summary Payment data fraud

Tufin Best Practices for PCI DSS Network Security Compliance · 2020. 10. 20. · Best Practices for PCI DSS v3.2 Network Security Compliance 2/8 Executive Summary Payment data fraud

Documents
Tufin ABC Handbook › hubfs › legal › Tufin-ABC-Handbook.pdf · The ABC Policy is based on internationally accepted best practice guidelines and applies in all jurisdictions

Tufin ABC Handbook › hubfs › legal › Tufin-ABC-Handbook.pdf · The ABC Policy is based on internationally accepted best practice guidelines and applies in all jurisdictions

Documents
Migration and security

Migration and security

Documents
Tufin Orchestration Suite™

Tufin Orchestration Suite™

Documents
MIGRATION-DEVELOPMENT-SECURITY NEXUS IN THE …

MIGRATION-DEVELOPMENT-SECURITY NEXUS IN THE …

Documents
Network Security Policy Orchestration - Altaica ITaltaicait.com/datasheets/tufin-orchestration-suite.pdf · The Tufin Orchestration Suite Provides Cybersecurity & Agility with Network

Network Security Policy Orchestration - Altaica ITaltaicait.com/datasheets/tufin-orchestration-suite.pdf · The Tufin Orchestration Suite Provides Cybersecurity & Agility with Network

Documents
Tufin Secure Cloud Hybrid Cloud Security –without Compromise · slows business agility. Maintain security without compromising agility. Tufin SecureCloud • Platform API Automate

Tufin Secure Cloud Hybrid Cloud Security –without Compromise · slows business agility. Maintain security without compromising agility. Tufin SecureCloud • Platform API Automate

Documents