Platform-Based Visibility and Control

The Software-Defined Data Center (SDDC) introduces a paradigm shift in the way storage, networking, computer, and security are deployed.

The Software-Defined Data Center (SDDC) introduces a paradigm shift in the way storage, networking, computer, and security are deployed. Traditionally, networking and security are tied to rigid dedicated hardware, increasing operating expense as well as management complexity. Software-Defined Networking (SDN) changes how we think of and interact with network and security services, abstracting the service attributes and creating network fabric overlays for on-demand policy orchestration as well as consistency and visibility in the data center.

The Software-Defined Security Framework

Fortinet has introduced the Software-Defined Security Framework to define how security solutions must evolve in all layers of network architecture for Next-Generation Data Centers and Clouds, and to integrate with leading SDN and SDDC platforms:

  • Data Plane – Augment runtime enforcement with virtual appliance/service flexibility
  • Control Plane - Enable agility by coordinating with underlying SDN & infrastructure platforms

Management Plane - Provide unified view of policy and events across physical, virtual and cloud

VMware NSX

Fortinet integrates with the VMware NSX API to protect east and west traffic. Network traffic patterns have shifted drastically from primarily north-south to east-west inside the data center perimeter by securing from the VMware hypervisor kernel. The solution with VMware’s API eliminates the past hair-pinning process and serves the first hop of security gateway to allow policy based firewall controls on each vNICs in the entire data center for east-west traffic inspection (i.e. Web-tier to App-tier).

Fortinet’s auto-scales the advanced features locally available on each Hypervisor joined to the security cluster where consistent policies and firewall rules are applied. Network security policies defined in FortiGate-VMX Service Manager are provisioned upon application workloads automatically and inserted into the virtual network’s logical pipeline.

Cisco ACI 

Cisco Application Centric Infrastructure (ACI) takes in FortiGate appliances, physical and virtual, as L4-L7 security firewall services where all policy orchestration, provisioning and scaling are automatic and centrally profiled based on application heuristics and workloads. Cisco ACI’s unique approach uses a common policy-based operating model across a network that overcomes IT silos and drastically reducing costs and complexity. In ACI, security policies on the FortiGate physical or virtual appliances become attributes of ACI Application Network Profiles (ANP) which define application policies and enforce the Layer 4 - 7 traffic through FortiGate for security firewall protection by using a standard programmatic interface.

While an innovator and leader in ASIC-based hardware, Fortinet has also long-invested in having the largest range of virtual appliances, nearly a dozen – that can provide better visibility and control of virtual network traffic. Virtual appliances also facilitate scale-out elasticity, automation, and orchestration due to the containerization within a VM form factor. Fortinet also provides out-of-the-box integration or rich RESTful API extensibility so that security policy can be seamlessly applied in logical and dynamic environments.

Fortinet’s SDN solution is certified by leading SDN, Network Function Virtualization (NFV) platforms and can be applied to data center, private cloud and virtualized environments.

Open-Stack-Based SDN

OpenStack-Based Clouds have been focused on providing the environment needed for elastic, on-demand multi-tenant applications, while securing data and user traffic in a multi-tenant environment has been left unclear. Fortinet SDN solution plugs into leading OpenStack SDN solution for the deployment of FortiGate Virtual Firewalls, creating an infrastructure that provides both north-south as well as east-west protection.

Highlights

  • Support for leading network virtualization and SDN platforms including VMware NSX, Cisco ACI, HP VAN , and OpenStack SDN
  • Multi-tenant support and virtual domain support for network segmentation and security service function deployment
  • Extensible management interface – API’s for cloud automation and orchestration
  • Integrated single-pane-of-glass management for consistent policy control and monitoring
  • Single security platform delivers new style of IT services
  • Unmatched breadth of security portfolio and easiness of deployment with appliance, chassis-based, and virtual machine options for enterprise data center upgrades