Start Your Free Trial

Guest Post

Build & test network security architecture using enterprise replicas on AWS & Google Cloud

Author:
Matt Conran
Matt Conran is a Network Architect based out of Ireland and a prolific blogger at Network Insight. In his spare time he writes on topics ranging from SDN, OpenFlow, NFV, OpenStack, Cloud, Automation and Programming.

Colocation with third-party network elements/servers in demilitarized zone (DMZ) is an issue for security architects and puts pressure on network security architecture. How do we connect third party equipment to inhouse security appliances in a flexible way? This is an issue for many large financial & health care institutions, and other enterprises that have to securely connect 3rd party equipment.

Continue reading »

Network security architecture using VXLAN with Palo Alto Networks NG Firewall

Author:
Matt Conran
Matt Conran is a Network Architect based out of Ireland and a prolific blogger at Network Insight. In his spare time he writes on topics ranging from SDN, OpenFlow, NFV, OpenStack, Cloud, Automation and Programming.

Financial institutions and enterprises require flexible network security architecture to accommodate external network devices/servers in their DC/colo facilities. This article provides a way to design and implement such a network security architecture using Border Gateway Protocol (BGP) + VXLAN tunnels along with VM-series firewall from Palo Alto Networks. Ravello Network Smart Labs provides an easy way to test and deploy an architecture before moving it to the enterprise infrastructure.

Continue reading »

Man-in-the-middle Network Security Testing on enterprise environment replicas in AWS & Google Cloud

Author:
Clarence Chio
Clarence is a Security Research Engineer at Shape Security, working on the system that tackles malicious bot intrusion from the angle of big data analysis. Clarence has presented independent research on Machine Learning and Security at Information Security conferences in several countries, and is also the organizer of the “Data Mining for Cyber Security” meetup group in the SF Bay Area.

Have you ever used an unsecured public wifi connection and wondered if someone could be hacking you? Who could possibly be interested in monitoring your browsing activity on the web? In this post, we focus on a particularly active and common type of network hacking – man-in-the-middle (MITM) attacks. Network security testing is essential to discover these attacks, and Ravello cybersecurity labs provide an easy way to replicate enterprise environments on AWS and Google cloud and carry out MITM security testing.

Continue reading »

Penetration testing on AWS: Think like your attacker

Shape Security
Author:
Clarence Chio
Clarence is a Security Research Engineer at Shape Security, working on the system that tackles malicious bot intrusion from the angle of big data analysis. Clarence has presented independent research on Machine Learning and Security at Information Security conferences in several countries, and is also the organizer of the “Data Mining for Cyber Security” meetup group in the SF Bay Area.

In the previous post in the pentest on AWS and Google series, we set up a complete security testing environment to play with. As you have seen, it really isn’t that difficult for an attacker to pwn your network. A lot of what attackers do is observation, trial-and-error, and guesswork. I left most of those parts out of the article, but bad network cleanliness and practices make things a lot simpler for adversaries.

Continue reading »

Pentesting on AWS: Network Penetration Testing Playground

Shape Security
Author:
Clarence Chio
Clarence is a Security Research Engineer at Shape Security, working on the system that tackles malicious bot intrusion from the angle of big data analysis. Clarence has presented independent research on Machine Learning and Security at Information Security conferences in several countries, and is also the organizer of the “Data Mining for Cyber Security” meetup group in the SF Bay Area.

This next post in the network penetration testing lab series will get you acquainted with the technical details of the pentest blueprint and settings required to test security capabilities and run pentesting on AWS or Google Cloud.

Continue reading »

How to run VMware NSX and Cisco Nexus 1000v on AWS & Google Cloud

Author:
Matt Conran
Matt Conran is a Network Architect based out of Ireland and a prolific blogger at Network Insight. In his spare time he writes on topics ranging from SDN, OpenFlow, NFV, OpenStack, Cloud, Automation and Programming.

Network and data-center architects are evaluating network virtualization solutions to bring workload agility to their data-centers. This article (part 3 of a 3 part series) details how to setup fully-functional VMware NSX and Cisco Nexus 1000v deployment on Ravello to evaluate each of the solutions. Part 1 compares the architectural components of Cisco Nexus 1000v and VMware NSX, and Part 2 looks into the capabilities supported by of each.

Continue reading »

Choosing between VMware NSX and Cisco Nexus 1000v

Author:
Matt Conran
Matt Conran is a Network Architect based out of Ireland and a prolific blogger at Network Insight. In his spare time he writes on topics ranging from SDN, OpenFlow, NFV, OpenStack, Cloud, Automation and Programming.

With SDDC (Software Defined Data Center) gaining prominence, network architects, administrators and data-center experts in enterprises around the globe find themselves staring at the inevitable question – should I go for vSphere environment with Cisco Nexus 1000v or VMware’s NSX as the network virtualization solution that facilitates my SDDC? This article (part 2 of 3-part series) compares Cisco Nexus 1000v with VMware NSX from deployment model, components, multi-data-center support and network services perspective. Part 1 compares capabilities supported by Cisco Nexus 1000v and VMware NSX, and Part 3 walks through how to setup a fully functional environment of each on Ravello Networking Smart Labs (powered by nested virtualization and networking overlay).

Continue reading »

VMware NSX and Cisco Nexus 1000v Architecture Demystified

Author:
Matt Conran
Matt Conran is a Network Architect based out of Ireland and a prolific blogger at Network Insight. In his spare time he writes on topics ranging from SDN, OpenFlow, NFV, OpenStack, Cloud, Automation and Programming.

Network virtualization brings many benefits to the table – reduced provisioning time, easier/cheaper network management, agility in bringing-up of sophisticated deployments to name a few. A large number of network and data-center architects around the globe are evaluating VMware NSX and Cisco Nexus 1000v to enable network virtualization in their data-centers. This article (part 1 of 3 part series) walks through the architectural elements of VMware NSX & Cisco Nexus 1000v, and explains how Ravello (powered by nested virtualization and networking overlay) can be used as a platform to run and deploy each of the solutions with a couple of clicks for evaluation during the decision-making process. Part 2 compares capabilities supported by Cisco Nexus 1000v and VMware NSX, and Part 3 walks through steps to create a Cisco Nexus 1000v & VMware NSX deployment on Ravello.

Continue reading »

How to setup and run a penetration testing (pentest) lab on AWS or Google Cloud with Kali Linux, Metasploitable and WebGoat

Author:
Clarence Chio
Clarence works at Shape Security on the system that tackles malicious bot intrusion from the angle of big data analysis. Clarence has presented independent research on Machine Learning and Security at Information Security conferences in several countries, and is also the organizer of the “Data Mining for Cyber Security” meetup group in the SF Bay Area.

In this blog, I describe how you can deploy Kali Linux and run penetration testing (also called pen testing) on AWS or Google Cloud using Ravello System’s nested virtualization technology. This ‘Linux/Web Security Lab’ lets you hit the ground running in a matter of minutes and start exploiting security vulnerabilities. By the way, if you haven’t already seen it, this blog by SimSpace about on-demand Cyber Ranges on Ravello is very interesting as well.

Continue reading »

NFV Orchestration: Setup NFV Orchestration on AWS and Google Cloud (part 4 of 4 post series)

NFV-orchestration
Authors:
Jakub Pavlik
Jakub Pavlik and Ondrej Smola are engineers at tcpcloud – a leading private cloud builder.
Matt Conran
Matt Conran is an independent network architect and consultant, and blogs at network-insight.net

This article details NFV orchestration using public cloud NFVI as a 4 part series. This post details setting up a fully functioning NFV orchestration with firewalling and load balancing services chaining, and comes with a fully-functional NFV service chaining topology with Juniper Contrail service chaining firewall and load-balancer services in a topology that you can access on Ravello and try out.

Continue reading »

Installing and configuring Trend Micro Deep Security, vSphere and NSX environment on AWS and Google Cloud

Trend Micro Deep Security, a security suite providing antivirus, intrusion prevention, firewalling, url filtering and file integrity monitoring for both virtual and physical systems. For virtualized systems, Deep Security can provide you with both client-based as well as clientless solutions providing a single management solution for Virtual Desktops, servers as well as physical systems. In addition, Deep Security can integrate with VMware’s NSX, providing automated network firewalling and security options whenever deep security detects malicious activity on your systems.

In this blogpost, we’ll show how to setup a lab environment for Trend Micro Deep Security using AWS and Google Cloud capacity for both agentless as well as agent-based protection and the integration with VMware vSphere.

Continue reading »

OPNFV Testing on Cloud

opnfv-flower
Author:
Brian Castelli
Brian Castelli is a software developer with Spirent creating test methodologies for today’s networks. His current focus is on SDN and NFV.

The OPNFV project is dedicated to delivering a standard reference architecture for the deployment of carrier-grade Network Function Virtualization (NFV) environments. Testing is critical to the success of the project and to the success of real-world deployments, as evidenced by the many test-related sub-projects of OPNFV. One of those subprojects, VSPERF, is dedicated to benchmarking one of the key NFV components: The virtual switch.

Continue reading »

NFV Orchestration: Networking Automation using Juniper Contrail (part 3 of 4 post series)

NFV-orchestration
Author:
Matt Conran
Matt Conran is a Network Architect based out of Ireland and a prolific blogger at Network Insight. In his spare time he writes on topics ranging from SDN, OpenFlow, NFV, OpenStack, Cloud, Automation and Programming.

This article details NFV orchestration using public cloud NFVI as a 4 part series. This post in the series looks into how service orchestration using Juniper Contrail can help assist with multi-tenancy and workload mobility, and also increase service velocity through NFV orchestration and service chaining.

Continue reading »

NFV Orchestration: Increase service velocity with NFV (part 2 of 4 post series)

NFV-orchestration
Author:
Matt Conran
Matt Conran is a Network Architect based out of Ireland and a prolific blogger at Network Insight. In his spare time he writes on topics ranging from SDN, OpenFlow, NFV, OpenStack, Cloud, Automation and Programming.

In this second part of a 4-post series around NFV orchestration we detail how NFV (Network Function Virtualization) can help alleviate multi-tenancy and network mobility challenges and increase service velocity (pace at which services can be rolled out) across enterprises and service providers.

Continue reading »

Run an NFV Architecture (OPNFV) on AWS and Google – Brahmaputra Edition

opnfv-flower
Author:
Iben Rodriguez
Iben is Cloud consulting and Virtualization Architect. He is trained in agile, ITIL, SOX, PCI-DSS, ISO27000. He is working to shift SDN testing functions out of the test lab and closer to the developers and operators.

Setup and operate your own OPNFV Architecture for dev, test, training using Ravello Systems on AWS and Google Cloud.

Continue reading »

NFV Orchestration: Overcome multi-tenancy challenges (part 1 of 4 post series)

NFV-orchestration
Author:
Matt Conran
Matt Conran is a Network Architect based out of Ireland and a prolific blogger at Network Insight. In his spare time he writes on topics ranging from SDN, OpenFlow, NFV, OpenStack, Cloud, Automation and Programming.

This article details NFV orchestration using public cloud NFVI as a 4 part series. This post looks into challenges traditional networks have with multi-tenancy and workload mobility. In the next, we’ll show how Network Function Virtualization (NFV) fits in and can increase service velocity.

Continue reading »

How to install OpenStack Liberty in your lab using nested KVM

In this blog, we will describe the process of setting up an All-in-One fully functional environment with the latest upstream release of OpenStack Liberty on public cloud. This eliminates the need to have physical hardware and gives capability to build environments that can scale up for testing, demo, training purposes. We have built the environment in Ravello Systems and saved it as a blueprint. Ravello Systems nested virtualization capability enables setup of nested KVM environments required for running OpenStack on AWS and Google Cloud.

Continue reading »

Installing and configuring vRealize Automation 7 lab environment on AWS and Google Cloud

ITQ

Only released a few days ago, vRealize Automation 7 is one of the biggest redesigns of any VMware product. Including a new blueprint canvas, infrastructure-as-code, built-in application deployment and vRealize orchestrator workflows, full integration of VMware NSX, and many more improvements.

Obviously, with a product this new, you’ll want to get familiar with it before even considering deployment in production. Especially considering the full redesign of the blueprint system and features such as vRealize Orchestrator integration, the upgrade path from vRealize Automation 6 to 7 can be quite complicated.

For this reason, we’ll show you how to setup a lab for vRealize Automation 7 using public cloud capacity, without needing to acquire hardware for a testing platform or having to worry about touching your production environment.

Continue reading »