Virtualized Datacenter

Problem

As a datacenter manager, you are under pressure to protect your infrastructure and applications from increasingly sophisticated and targeted threats. Meanwhile, your datacenters are embracing technologies like virtualization and cloud computing that require security architectures to be more:

  • Dynamic
  • Automated
  • Services-oriented


Your datacenter needs a high-performance, flexible network security solution that not only safely enables applications and protects against modern threats, but can support the dynamic nature of a virtualized environment.

Solution

Palo Alto Networks next-generation firewalls eliminate the unacceptable compromises you previously faced with your datacenter network security. We enable you to deploy a simplified, high-performance, flexible network security infrastructure that safely enables the complex and growing number of applications in your datacenter. We also address key virtualization and cloud requirements, including:

  • Intra-host inspection of virtual machine traffic ('East-West' traffic).
  • Tracking security policies to virtual machine creation and movement.
  • Integration with cloud orchestration software to automate policy changes.

You can deploy the same centralized management platform for virtualized and physical firewalls, which optimizes visibility, reduces operational complexity, and decreases policy configuration gaps. With consistent next-generation security features, available in physical or virtual form factors, and an optimized low-latency architecture, our firewalls deliver better security for any datacenter design - without compromising performance.

Safe Application Enablement

Palo Alto Networks next-generation firewalls identify, control, and safely enable applications, while also inspecting all content for threats. Visibility into all of your datacenter traffic reduces the scope of attacks by:

  • Controlling non-compliant usage of applications
  • Blocking rogue applications
  • Uncovering unknown traffic

Our firewalls deliver a complete threat protection framework, which, on standard ports, non-standard ports and within encrypted traffic addresses:

  • Targeted attacks
  • Exploits
  • Malware and spyware

Differentiated access to your datacenter applications can be enabled by user/group to support secure anytime, anywhere access by your employees, extended business partners, and mobile users. Applying safe application enablement features to security zones in your datacenter produces meaningful segmentation, limits access, and delivers individual accountability. This helps you meet your compliance mandates.

Virtualization Security Features

The dynamic and services-oriented nature of virtualization and cloud computing technologies require security architectures to be more agile. Palo Alto Networks next-generation firewalls give you the ability to track security policies to virtual machine creation and movement via dynamic address groups. This ensures that you continue to meet your security and regulatory compliance requirements. In addition, the ability to integrate next-generation security policies with cloud orchestration software ensures that security does not slow down the automated nature of virtual workload provisioning.

Flexible Networking Integration

Palo Alto Networks next-generation firewalls support more deployment options than any other device in the network security market. We offer you deployment at L1, L2, L3, and tap modes, (or a mixture of all of these on the same appliance), coupled with:

  • Powerful networking capabilities for integration:
    ·         VLAN trunking
    ·         Link aggregation
  • High availability:
    ·         Separation of data and control planes
    ·         Active/active and active/passive deployment options

This accommodates any datacenter architecture. It also offers you the flexibility to add more security controls without re-architecting your network when the threat or application landscape changes.

High-Performance Architecture

Because delivering applications quickly and reliably is critical in a datacenter, Palo Alto Networks next-generation firewalls support a single-pass software architecture that ensures low latency by processing all security functions once. In addition, our hardware platforms feature a parallel-processing architecture with dedicated, specialized processing for networking, security, and content scanning. This enables us to deliver our full-suite of next-generation features with high throughput and reliability.

Centralized, Consistent Management

Panorama delivers centralized, consistent global management and control over a network of Palo Alto Networks virtualized and physical next-generation firewalls. Panorama allows you to control all aspects of the devices and/or virtual systems you manage:

  • Security
  • NAT
  • QoS
  • Policy-based forwarding
  • Decryption
  • Application override
  • Captive portal
  • DoS protection

You can run centralized logging and reporting across dynamic or logically queried data aggregated from managed virtualized and physical devices.