I’m Too Sexy For My Shirt

The title of this blog post is accurate and illumio killed it with their #NFD19 presentation. In order to get the attention of your audience, you have to keep them engaged! Do yourself a favor, subscribe to the Tech Field Day YouTube channel below and you’ll understand where I’m coming from.

The representatives from illumio included:

  • PJ Kirner, CTO and Founder
  • Wendy Yale, VP of Marketing
  • Matthew Glenn, VP Product Marketing (pictured above)
  • Anand Ghody, Technical Marketing Engineer

Wendy provided us with an illumio overview. The company was founded in 2013 but went to market in 2014. The focus of the company is Micro-Segmentation (aka Cyber Resilience), which breaks down the data center in smaller segments and by doing so, it reduces the attack surface.

Why is this necessary? Please consider the following cybersecurity statistics:

  • 225%+ breach increase since 2010
  • 172 days average bad actor dwell time

How can illumio help? It prevents the spread of breaches inside the data center and cloud. illumio’s Adaptive Security Platform that starts with real time visibility that includes application dependency mapping tells you what’s communicating inside your environment with an end goal that should tell you what should or should not be communicating and vulnerability mapping to show where connections are most vulnerable.

The PCE Supercluster was described by PJ Kirner as a federated security control plane for 100,000+ workloads. It includes a global security policy and real-time app dependency mapping with automated disaster recovery for global security policies. Illumio’s architecture is 100% software delivery (no hardware required) and includes the following components: 

  • VEN (Virtual Enforcement Node) – an agent that gets installed on workloads (datacenter or cloud environments). Supports Windows and Linux workloads.
  • PCE (Policy Compute Engine) aka the Central Brain. The PCE functions to compile instructions and then implement\execute the policy back into the VENs, then the controls are implemented in terms of IP tables or Windows filtering platform.
  • ASP (Adaptive Security Platform) activates and controls the sensors and environment points that you already own while also collecting data.

The PCE Supercluster was designed for Global Enterprise Reliability that includes High Availability (HA) and Disaster Recovery (DR), Global enterprise scale and it is deployed in production at scale today. The benefits of PCE are listed below:

  • Broader width for policy updates that includes faster propagation of policy to large number of workloads
  • Local vs. Global balanced
    • Supporting global connected applications
    • Also optimized for applications that may be local to a region
  • Greater control of PCE cluster placement
    • Enabling local pairing with global policy
  • Central configuration of non-policy PCE settings
  • Continued separation of infrastructure from security policy
  • Supports fault isolation

Why do other architectures fail? A few examples are listed below:

Single centralized system:

  • Won’t scale
  • WAN bandwidth impacts the collection of data
  • Risky “Placing all of your eggs in ONE basket”

Non-Federated Systems:

  • Burden of synchronization across disconnected control planes is the customer’s responsibility
    • Workload and policy objects
    • Cross region flows policy needs to be handled multiple times
  • Lack of organization-wide visibility is a challenge for policy creation\validation

To close out the presentation, Matthew Glenn and Anand Ghody worked in perfection as a tandem as they provided the Tech Field Day delegates 5 (YES FIVE) demos of PCE which can be delivered via SAAS or On-Premises (2×2 or 4×2 cluster options). The demos included a three region Supercluster with a fourth region as a disaster cluster. The names for each of the demos is listed below with a hyperlink for your convenience.

I snapped a few photos and they can be found here and included a few tweets (see below):

For more information about illumio, Tech Field Day and how to become a TFD – please click on the links below:

Please take a moment to subscribe to the YouTube channel which also includes watching the various videos that were posted throughout the day. Kudos to PrimeImage Media for recording the live sessions.

Credit also goes to Stephen Foskett, Tom Hollingsworth, Ben Gage, Mel Zura and the entire Tech Field Day staff for coordinating a seamless event.

One thought on “I’m Too Sexy For My Shirt

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: