Santhoshkumar Saravanan

Mhmm. Can you give me 2 minutes, actually? Hello? Hi. Good evening. This is Santosh Kumar. I have around 16 years of experience on networking, especially on enterprise networking, data center, multi cloud. So I'm currently working at, uh, multi cloud for almost last 4 years along with SDN. So previous to my role, I was with the VMware working on SCN platform, especially on VM and MSX, uh, migrating customer from MSX way to MSX t. And uh, before to that, I was with Cognizant as a senior in, uh, to take the helping customers from migrating from on premise to cloud, especially on AWS. So I have almost migrated a a 100 plus applications from an on premise to a cloud infrastructure. And previous to that, I was with, uh, uh, AXA, uh, managing the regional data center where we have a mixed product of Cisco ACI fixes, uh, various switches, load balances, firewalls, and other security devices like checkpoints, Palo Alto, and Cisco. It was kind of a data center engineer by me used to manage customers across the globe, helping them to onboard their applications on the hosted data center in Singapore, uh, helping for their applications to be deployed, exposed to, uh, in small world balances. So during those days there was a refresh for Cisco Cisco AC getting end of life to, uh, a file would pattern So so that was the overall background in terms of networkings. And and previous to that, I was with, uh, AT and T working for IBM as a client setting me up all the enterprise, um, land infrastructure. It's a with those pretty background, especially on cold networking. So recent 5 years, I would say I have gained application moments better understanding beyond the infrastructure capability. I also try to understand the application landscape so that that becomes easy to define a platform, and we are migrating to a cloud. So it is not going to be, like, migrating a monolithic application to monolithic instance based application. Right? So we refactors certain applications so that the application can be hosted as a serverless or it can go as a microservices or it can be kind of, uh, uh, easy to based application. So this one may, yes, which I've been spending around, uh, my career and networking and cloud

Yep. When integrating an SSL VPN to an existing network, basically, you need to consider about various connection option, right? Whether you want to have a full tunnel or you want to have a split tunnel, when you want to have a full tunnel, how do you want to direct to an Internet traffic, uh, for the clients? Uh, when you have a split, and what specifically, uh, application you want to publish it over, uh, the VPN tunnel. Right? So so, uh, SSL VPN when it comes to SSL VPN, you also think about your identity and authorization. Right? So when I say identity and access management, right, so you have a, uh, a rich user need to access which profile. Like, basically, you have a different set of team members, uh, who's working across for various, uh, department. Right? So you have a, you know, profile created for each of the department who who need to access which kind of a resource. Right? So that is one thing which you need to look at for setting up your SSL VPN. Right? So similarly, when you already are connecting to multiple cloud. Right? Uh, so that is also one important aspects. Uh, so having a sing single VPN connection trying to connect to resources to various locations, right, or various cloud provider. Right? So that is also one one important thing which you need to look at. So from a design perspective, you need to think about, uh, what type of a tunnel you want to, uh, let them know. Support tunnel or a split tunnel. So when it is a split tunnel, how you want to handle the Internet traffic for the users. So whether it's a local breakout or it is through your centralized Internet access, or do you have any sort of uh, a cloud proxy which allows the user to connect to Internet in a more secure device so that by this way, you are protecting your corporate devices as well. Right? The other thing is that, uh, in terms of, uh, SSL VPN. Right? Do you do you have any sort of, uh, recent, uh, threat, right, with the help of your recent kind of a Sassy kind of solution. Right? You can protect the end user in terms of identity, and you can also, uh, restrict the, uh, the access to the user. So based on the authorization, based on the, uh, the level of access, the access can be granted. So that is what the SaaS it does. Most of the things you might become across Zscaler with talks about private access, Zscaler, Internet access, Zscaler, uh, client, right? So their use of full flexibility When it comes to, uh, Cisco solutions, right, if there are now SSL VPN has got integration with advanced threat security with the help of cloud DNS or with the help of umbrella kind of a solution where you can specifically provide uh, more control to the user in terms of threat. Right? And in terms of, uh, access to the resources, whatever they want. And, um, in terms of, connectivity, right, what type of connectivity they want. So they whether they want to connect to the corporate land, they want to connect to the cloud, or they want to connect to a a specific application which can be published. Right? So that that is also a thing

In some right? There is something called cost. Right? That is something called cost. It's access a layer 2. Right? Class of, uh, service. Other one is quality of service. Right? So there is an IP precedence value for it where you try to prioritize those class of services as well as quality of services. With the help of those IP precedents, you can prioritize your wide traffic over your LAN switches as well as this can be also updated over your NPLS brand or your private van. Uh, if nowadays you have your SD WAN devices, which can prioritize the business traffic where you can provide, uh, precedence to those, factors which is matching towards traffic. So it says highly business critical, uh, business critical so that it has a specific treatment in terms of, uh, packet handling. So that when it is crossing across various LAN devices, it has got the highest quality of services so that the packet never get dropped. Right? So that is one way of handling it. Right? So go will nobody is all the, uh, uh, if you are doing it manually on your Cisco LAN switches, you try to create the QoS, uh, class map so that you can match the IP packets matching to those word traffic. So once it is matching the quality of services, you can apply exit interface, uh, to the public wherever it is time to send them the traffic action. So that is one option which you can think about migrating the packet loss, uh, during your peak utilization. Right? Uh, that is an option, uh, today, uh, in terms of quality of services you want to provide for your

Of security devices, Palo Alto. Right? So, basically, you try to, uh, have restriction. Right? Basically, when it comes to any security devices. Right? Uh, you will have the most very limited access to be given for. So the priority of your goals to be categorized, let us say, which, uh, acts type of access they need to be granted. So it may it may not be IP to IP traffic, so you try to the access to the network in terms of TCP, UDP. Again, in TCP, you have a limited way of creating the rule. Right? So it comes with the sequence and it starts with saying 2030. So, uh, the higher the sequence takes the priority. Right? When you say higher the sequence, uh, line number 10 takes the 1st priority, line number 20 takes the 2nd priority, line number 30 takes priority, line number 30 takes priority. And following whether default deny deny goal, right? So Subsequently, it tend to match for the another set of rules, which has been configured for various network access or various connections. So that is one way. So in respect of your parallel to our respective security devices, um, you would, uh, try to understand the, uh, connection. Uh, you would try to understand the uh, connection which all is being requested, uh, between, uh, the source and the destination. Based on the source and destination, type of the traffic, if it is TCP or UDP, you will define those firewall rule. Again, within the firewall rule, you have the sequence. Right? Which is 3 to b category as first. Let us say if you want to connect to Internet, it is very evident that you will try to allow, uh, DNS traffic to be, uh, allowed first followed by your HTTP or HTTPS traffic. So you will create a rule first matching to a DNS, second one matching to HTTPS traffic. Right? And the third one would be your denial, and you'll be very specific with your IP address and your target IP address. Right? Let us say if you're trying to allow a user from a subnet, you will try to restrict user only from those submit. And similarly, on your destination, you will create a group, uh, specific group where you will allow those destination or the domain name specifically on your destination target and limited with your protocol actually. Right? So this is something uh, you need to take a step for creating a firewall rule, not only with your Palo Alto devices, it could be of any devices, uh, any security devices you create a role. Right? When you go with your cloud security, you have the native cloud security, uh, road security groups, which will also, uh, get applied specifically to instance specifically, each instance has got its own security group. Again, all the security group, you have a sequence number and you have a kind of, uh, ingress, uh, as well as, uh, your egress. Right? So, right, specifically, when any kind of a device, uh, firewall are stateful and it's stateful, Right? So automatically, that has been allowed, uh, when you define a firewall rules, uh, for

SD WAN capable devices. It could be where, uh, lab or it could be your band. That is something called your orchestrator. So orchestrator can be, uh, kept across any places. It could be on your cloud or it could be on your, uh, LAN or it could be on your data center. So there is an, uh, orchestrator which need to be configured fast, uh, which is the first way to go. After that, you have something Let us take an example. You have a Cisco, uh, of a Cisco device. You have your orchestrator. It's even orchestrate. After that, there is something called, uh, v one. Right? V one is a very critical device for any sort of SD WAN devices so that it try to orchestrate your SD WAN edge devices connecting back to your orchestrator. Right? Let us see for an example. When you have your SD WAN s device trying to, uh, get registered with SD event orchestrator. Basically, it will try to connect to z t p dot 5thella dot com. So, uh, the the the registered SD, uh, reborn cap is is the, uh, is the only device which will try to identify the edge SD WAN edge device based on the serial or the MAC. And it will try to register your SD WAN devices to your SD WAN orchestrator. So, basically, there are 3 components to it. 1 is we manage. It's called nothing but we're SDN orchestrator. We bought which will help to, uh, attach all your SD WAN edge devices to your v manage, uh, which is all your v bond. And, uh, the edge actual edge SD one edge devices, it could be a physical device or it could be a virtual device so that it gets, uh, registered to your reborn. And any odd policy. Right? So, basically, the b manager or the SDV orchestrator takes care of 2 things here. 1 is to define the policies for your edge edge devices. The other 1 is that if trying to, uh, when I say policy, like, it can create all sort of configuration for your all your edge devices, right, managing the edge devices, right. Once the management is managing is done, right? Uh, the routing, right, the data plane is left out with your SD WAN edge devices. All the cloud capabilities are exchanged between these SD WAN edge devices. Right? So that is where you can implement, uh, the SD WAN across a multi regional in a company. So SD WAN can be, uh, SD WAN, SD WAN devices can be placed across any geography. It could be across the geography. So based on the location, right, based on the location, it gets identified on a we manage so that you can manage the devices specifically to each region. Once the devices are identified, you can create your policy, and you can also establish your, uh, SD one overlay tunnel between these SD one s devices. And the last mile for the SD one is devices can be circuit or it could be it could be of any of your LTE capable, uh, network or even it could be your MPLS network. So that with all this underlying, uh, infrastructure, you can build your SD WAN overlay, identifying your business critical application from each of your SD WAN, uh, devices. Right? So when it comes to SD WAN deployment, there are various ways on this have to, uh, uh, there is something spoke to spoke or there can be, uh, have to spoke, uh, uh, topology. Right? There is a full mesh or it could be a kind of a thing which you can

Seamless, basically, uh, to identify your security incident and, uh, management. And, basically, it's an incident, uh, response. Right? So when there is an incident, uh, on your infrastructure, right, how you handle those incident security incident. Basically, it's a kind of operational task, right? You can say it's an operational task when there's a cyber threat, right? It could be after incident in terms of, uh, it could be kind of a network, uh, or it could be kind of you're the access, right, a beach, it could be a device bridge, or it could be access bridge, or it could be anything of your surface attack. So those are being categorized under the sea. When it comes to deal grid data loss protection, right, basically, you will think about how to protect your data when you're trying to exchange between various, uh, stakeholders and assist stakeholders. And you're trying to send a data to an external party. Right? So what sort of a prediction you have? So whether the other data are encrypted during the transmit, right, whether the any confidential data has been exchanged, which is not supposed to be, uh, explained to a third party system. Right? So by this way, so sensitivity data will be scanned by your DLP system and it try to protect the data, right? So basically it's all about the data protection fiber and company. But when it comes to SIM, right, basically talks about incident, uh, event management security, incident event management. In security incident, there could be various thing, you know, threat network, threat system threat, or it could be your application. Right? So various things to it. And when it comes to network threat, there is something called, uh, network denial, uh, DDoS attack. Other one is sync attack. When it comes to DDoS, there is some people, TCP sync attacks, uh, DNS attack, all those stuff. Or, uh, you have when it comes to your identity and access management that the user could be getting compromised, his password is being compromised and being attacked by your, uh, attackers. Right? So those things are being categorized at the same time. So this is the context in terms of network security between the

Cloud. Correct? It is basically, uh, how you do in your, uh, uh, on premise. Right? On your data center. Right? So on your data center, you talk about, uh, network security, uh, compute storage. Right? So when you talk about how you will look at it on premise, right, you talk about how you how does your application has got high availability, whether the application is getting hosted onto another data center location or whether it's within the same location it has been located in a different track. Right? So the same construct applies to the cloud. So when you try to migrate an application to a cloud, right? So in a cloud, there's a various construct. So when you choose a cloud, you specify a region where you want to host your application. Within a region, there is an availability zone that is an easy, but you call us an easy one, easy 2, or whatever it is. Right? So you can have availability zone. Right? If you want to have a high availability within that region, you can choose a a single region deployment. When you want to have a high availability across the region, you can also still do that, uh, by creating a multi region application deployment. So still those can be handled. But when you go for a multiregene deployment, you need to handle those by using a global DNS. Right? Uh, not all 53. Right? As soon as region a fails, region b can take over. But when it comes to an, uh, single region, right, you can have your application This can be connected to both availability zones. So zone a and zone b so that the application can be deployed across both the zones. So that when you have a easy tool and still is only having a case plus 12, you can create a a node between these 2 of the level of results so that, uh, uh, the higher liability is taken care. Right? When it comes to the cloud security, right, so there are 4 things to it. 1 is your network security where you have we are a a network firewalls, uh, security groups, uh, by default, uh, been defined. So when it comes to an application, you have an application load balance like, uh, a bath, uh, or you can also have this cloud armor, right, cloud armor in terms of GCP, in terms of Google, you cloud armor. In terms of AWS, you can use cloud, uh, WAF, Uh, AWS WAF is what we see. And we have something called AWS Shield, which will try to protect you from denial of service attacks so that it will try to identify the the the whitelisted IPs from various places so that, uh, you know, the network VDOS can be prevented. In terms of data transmit, you can use your KMS data protection. Right? So while the data can be protected by doing the transit as well during the rest so that all your data are encrypted at the rest as well on your transmission. Right? And apart from that, you are you have your KMS, right, all your way, uh, encrypted data are encrypted by using a customer managed KMS key. So that is a KMS is one thing. And you also have, uh, sensitive data. Right? You can also try to, uh, be proactive when storing your data on s three bucket so you can use database based so that any sense to it, though, it's getting stored on to your s t bucket. Just notified so that you can take a quick actions in terms of, data, uh, since 2 data getting stored on to your, uh, any of your S3 bucket. Right? So that is also one thing which you can look at. Which can be having a password or getting notated for every 30 days or 2 month 2 months or whatever it is, uh, you will tend to choose that. So by this

Try to identify whether it's a legitimate traffic, uh, so that there is a spike in the network. So whether it's purely a demand for an application access, right, or whether it's a single IP, which is demanding so much of bandwidth, whether it's coming from multiple location or it is coming from a single location. And whether it is a kind of long existing connection or really anything a new connection which is getting established very frequently. Right? So when it when there is a networks pipe, right, there could be various reasons to it, whether it could be a very legitimate traffic, which is connecting trying to connect to an application. Or it could be, uh, a network or denial of services where you could see TCP sync attack is being thrown so that the application is unable to service back the TCP sync attack. Right? So that could be one other reason for initial spike. Basically, when you talk about initial spike, uh, it is we're kind of attack, which is trying to, uh, exploit your application system. Right? Or what kind of demand which is coming to a network, uh, which is very much unknown. Right? So that is what we need to identify the very first beginning. Right? And the second thing what I would do is that sniff. Uh, basically, there is something called Honeyspot, which we can place it in front of your application or your infrastructure so that the entire traffic can be sniffed to a honeypot so that you can try to understand the behavior of the traffic, uh, which is trying to hit your application infrastructure or your infrastructure. So the honeypot will try to identify what sort of behavior the traffic is meant for your application system. So by this way, you can just check from, uh, which uh, type of traffic, uh, is trying to exploit your network. And you can do, uh, actions to it. Right? Once you identify such thing, you can IDS can do a detection so that the eager infosor IPS to block those traffic entering into your network. So that is the thing which you can do. 1st thing is to identify whether it is a network anomaly or it is a business and social traffic. Right? After that, understand the behavior of your traffic pattern whether it is purely a legitimate or little uh, attack by deploying a honeypot kind of a solution. Once you've deployed that, you can have your IPs or your IPs devices just making your traffic to be dropped at the before it hits your infrastructure. So that is a thing that you can do for, uh, eliminating an initial spike in the network product, or it could be anything as it's sort of a digital in your network also can be

So, basically, right, when it comes to HSRP, uh, basically, it is a Cisco proprietary, uh, protocol asked on by a routing protocol. Right? This gate has got 2 gateways place and one takes the responsibility of responding back to our rate. And, uh, basically, it was Cisco proprietary. When you when you wanna go to which, uh, we are at here, right, which is an open standard, which is made for all the devices. Right? So, uh, there are 2 things to kinda look at. Right? 1st, you identify the network which need to be migrated from your HSRP to VRRP. Right? So you identify all the networks, right, uh, which is defined with the HSRP and which need to be migrated to VRRP. Right? And the second thing is that, uh, what you will do is that you will try to plan your migration from Cisco or from even if it is within your Cisco device, you are trying to move from HSSS HSRP to VRRP. Right? You plan in such a way. Right? Uh, there there should be a downtime here as such. Why? Because we are trying to move the gateway from 1 protocol to another protocol. Right? Uh, uh, in which you will, uh, try to, make a point here is that what kind of, uh, downtime which you are expecting when you're migrating from, uh, doing your migration window. Basically, what you can do here is that, uh, uh, generally what I would advise here is that you can have your oil configuration kept ready. And it can be also placed onto a network system, which can be made as a shutdown. Right? And this can be kept as a shutdown. And during your network, uh, maintenance window, what you can do is really you can quickly go and shut in your head to start here and you can activate your VRP. So by this way, you can just quickly downsize your window, Right? Uh, which can be, uh, instead of doing a changes on the particular maintenance window, you can have it all the changes created, uh, readily available, which can be fired during the maintenance window. It can be kept already which which is in a shutdown place, shutdown state. Right? One other thing is that when you are migrating from 1 routing protocol to another routing protocol, basically you need to flash your R print reads. Basically, you need to flush your R printers. Why? Because any end devices which is trying to connect to the gateway, it has got an R which need to be flashed to all your devices. So basically, what you need to do is that on your LTE devices, as it's on your LTE devices, you need to flush those, mark entries, uh, as well as, uh, you need to, uh, flush those. Uh, we can open the door, uh, flash flash those Mac entries, and you can just, uh, quickly, do the upgrade. So that by this way you can reduce your downtime so that any system which is trying to connect to the new K2P will not have an impact. So that we see this can be handled. Right? So that is something which you can plan during your maintenance window. So that the R countries are not getting stored on your, uh, end devices, which can be flushed easily. So that is one thing that you need to plan. Now secondly, what you need to do is that you need to identify all your business, which is trying to connect by using HSRP. So that those also need to be, uh, arbitrated in such a way. If there is any static map, art table, art created, so that's need to be first down. So those are the things which you will need to consider when you're migrating from

But if we mind, uh, our traditional van or a private MPL is very time consuming process, and it is also very expensive, I would say. Right? It's very expensive, uh, and time consuming, right, for having a private secured not being utilized effectively. And when it comes to this, uh, business critical or a business mission critical application, right, with your private MPLS, you will need to define your class of services, quality of services. And, uh, basically, uh, there is no dynamic way so that when there is no business critical traffic, the left hand bandwidth can be utilized for your other application, right? So there is no such a dynamic way of restricting audio or utilizing your bandwidth on your traditional MPLS network. But when it comes to SD WAN technology, right, basically, it's a very, uh, um, uh, based on your business team and automatically the traffic can be prioritized when there's a huge demand. When there is no demand on your business particular application, the left out bandwidth can be used for your other, uh, non non business applications. And so that way it's very, uh, effective in terms of handling your bandwidth on your traditional MPLS and your SD bandwidth. And another thing is that with your SD bandwidth. Right? Uh, your traditional MPLS will connect from one place to another, and you're limited with the other expanding of your business. Right? But if you're traditionally having your SD band, right, it's just an Internet. You're having an Internet at any location. Placing your SD devices to any location can quickly bring up a bank capabilities. Along with that bank capabilities, it has got a business intelligence. So that each of your application which is running inside where you see an overly tunnel can be, uh, monitored. It could be inspected or it could be optimized. Right? So that there it is having a full visibility of your application whereas in your private MPLS, you have a visibility of an application is very, very limited. And when it comes to manageability of your devices, right, in your traditional NPLS, the manageability of devices is kind of a silo where you don't have a centralized place where you can manage all the devices in one view or in the one click of a button. So any policy which you want to implement onto those traditional MPLS devices, you need to be, uh, independently, uh, this need to be handled, but it can soften as as. Right? So this can be eliminated in a such way that any configuration of this can this can go across seamlessly to all their SD WAN devices, or it can be applied to a specific set of devices as easily as it is. Right? And, uh, MPLS, right, as I said, talking about the configuration, If you need not to have a configuration, you need to go and and really take those configuration away. But in terms of this, given this can be time and a click of a button. And beyond that, there are many other security functionalities which you can add on your SD WAN devices. Right? This can brings you, uh, too many functionalities on your, uh, modern network. It has a easy adoption connecting all to a cloud provider. Right? You can also connect to any of your. And you can also have, uh, Internet access, uh, utilizing uh, centralized Internet access. Uh, it could be also a possible solution by using a SD one devices. Right? So as you hit, so nowadays, beyond SD value, you are thinking about a secured access and secured. So it has got, uh, various functionality added to it, and it brings a much more benefits than what would the NPLS can offer. Right? NPLS is purely a private, uh, connection, uh, between your data center to a remote location, or it could be between your cloud to, on premise. Right?

And change. Right? So, uh, change management as, uh, comes, uh, in a very that could be, uh, user change. That could be an inflection. So, uh, incident management is something that regular routine things what you get to see, uh, another incident. Right? So you can see the spirit incident, uh, fixing to a problem. And problem have a possibility of having a change management. So when you say an incident, repeated incident has been called as a problem. And repeated problem, I will call for new changes. So, basically, uh, uh, the ITL weekly frame of the incident change and problem management is pure eyes. It's very important for the organization so that you have all your, uh, tracking of your, uh, incidents as soon as your problem as this will change. And this can be taken to a various change process, uh, as well as, uh, it has a full visibility of your changes, uh, which is happening with across the organization. And it is a must to have in a IT board. Right? So instead of, uh, this, uh, ITSM has a centralized framework where it try to talks about the various process which you need to get involved before making a change or and there's a problem with a list of stakeholders to be introduced or a list of stakeholders could be intimated, uh, denoting the problem, and, uh, list of updates which need to go over. And there is a problem, surfaces. And, uh, when you try to respond back to the problems, so it should go through a very, uh, process today so that everybody's updated and, uh, notified. So that is the importance of your detail with the frameworks in terms of retro operations and incident management.