|
When the network structure inside the data center is undergoing earth-shaking changes, the security field that is inseparable from the network will also usher in a new round of challenges. "Under the cloud computing system, data centers need to be virtualized first, and this puts new demands on network structure and network security. In addition, it is compatible with the development of large-volume data centers and cloud data centers, and large-traffic network security devices. It will become a must.” Mr. Li Hongkai, President of Fortinet China, said in an interview with ChinaByte Bitnet. “Because the current equipment is more mobile, it needs to access the cloud background. The security equipment will also function. There will be adjustments, and the focus of research and development will change."
Li Hongkai, President of Fortinet China
Adapting to virtualization does not mean full virtualization
When the data center is fully transitioning to virtualization, Fortinet believes that security products do not necessarily need to be fully virtualized. As an independent security vendor, Fortinet has plans to cooperate with the corresponding virtualization vendors on the interface and on the engine flow. “However, virtualization at the background host level will cause the security product to lose its original hardware acceleration capability, which contradicts the high performance requirements in the virtual environment; on the other hand, how to invoke the proprietary security of each manufacturer in the virtualized environment. Service and unified management will also be an important issue," Li Hongkai said. "So, from the perspective of management and efficiency, the virtualization of the security platform needs to adapt to the actual network resource deployment in the cloud data center. Virtualization security combined with server systems is required, but at the data center level, the front-end is still recommended to deploy high-performance security devices with independent virtualization capabilities to achieve security control of the service area."
Further, the cloud data center is also evolving, and the security issues it faces will also change due to changes in the IT architecture. "Data center virtualization is an inevitable direction, but the management of data centers, the interaction between virtual machines, and the chain problems that arise after the emergence of cloud data will now be dominated by professional virtualization vendors. In this sense, Security manufacturers are the helpers, you have to follow the mainstream. When the structure of the data center changes, your security system will be completely different." Mr. Li Hongkai said, "especially independent security manufacturers, we focus on security defense technology. However, we will not have the opportunity to decide on the network architecture, virtualization, SDN, which IT system will eventually form in the data center, and now it is clear and certain. Therefore, Fortinet provides virtualization technology in addition to the current independent security platform. At the same time, it also provides server-side virtualization software, and is also actively preparing for the security defense architecture under the new SDN system to adapt to the future new data center network system."
Safety needs to accumulate
Then, independent security vendors have little impact on the network structure. Does this mean that Cisco, Hewlett-Packard, IBM, EMC and other vendors with strong infrastructure in the infrastructure sector will have more in the security field? The answer given by Fortinet is clearly no. "The big vendors control the architecture and there are advantages in this respect. There is no doubt that security is an indispensable complement to an architecture. They are the architects of the architecture, but they cannot decide on a secure service." Li Hongkai said "The industry has a specialization, Fortinet has core technology in the security field, and has accumulated more than ten years of security experience and capital. Fortinet's cloud network collects various security issues all the time. This accumulation is not a change in code. And changing a firewall product can be achieved. Most importantly, even if they control the overall security architecture, they may not achieve the best security results."
Taking security services as an example, the cloud computing center has become a very large computing center, and the data flow is not only north-south, but also east-west. In this area, how to do security is not conclusive, but it can be confirmed that many traditional security measures still have positive significance in the cloud data center. In other words, at the level of the whole system, the traditional structure and the cloud environment also emphasize scheduling, emphasizing how the security resources are dispatched into a whole platform to become a part of themselves, including supporting services, intelligence and so on.
Security products need to change in the cloud environment
In the cloud environment, security products and services have a side that can be inherited, and there is also a need to change. “The IT product strategy is many, but it becomes very difficult to implement the security product implementation strategy. Because it involves the traditional architecture and cloud data center resource scheduling configuration, this requires the product to be adjusted to integrate policy management and cloud resource scheduling. Accelerate the migration of secure resources in the cloud environment or the supporting functions of security services." Li Hongkai believes, "On the other hand, you can't achieve foolproof deployment in a cloud computing environment. Therefore, in the cloud computing environment, the most It is important to be able to recover quickly and return to the state before the security problem occurred."
In addition, in the cloud computing environment, the combination of network and security is more closely. Traditionally, only content security vendors need to fill the network as soon as possible. "In the current computing environment, the security device is first and foremost a network device. Fortinet has proposed its own network model at the beginning of development, which allows us to better adapt to the current cloud computing environment than those (the security vendors)." Li Hongkai said, "The past is a single flow, and now it is a very complicated business flow. Therefore, first of all, you must provide ultra-high-performance equipment, and then it is to judge whether there is a problem with security, and judge according to the needs of users."
|
