Santhoshkumar Saravanan

Can you give me two minutes, actually? Hello? Hi. Good evening. This is Santosh Kumar. I have around 16 years of experience in networking, especially in enterprise networking, data centers, and multi-cloud. So I'm currently working in multi-cloud for almost the last 4 years along with SDN. So previously, I was with VMware working on the SCN platform, especially on VM and vMotion, migrating customers from vMotion to vSphere. And before that, I was with Cognizant as a senior, helping customers migrate from on-premise to cloud, especially on AWS. So I've almost migrated 100 plus applications from on-premise to cloud infrastructure. And previously, I was with AXA, managing the regional data center where we had a mix of products including Cisco ACI, various switches, load balancers, firewalls, and other security devices like Check Point, Palo Alto, and Cisco. It was kind of a data center engineer who used to manage customers across the globe, helping them onboard their applications on the hosted data center in Singapore, and helping their applications be deployed and exposed to the world. During those days, there was a refresh for Cisco ACI getting to the end-of-life, so that was the overall background in terms of networking. And previously, I was with AT&T working for IBM as a consultant, setting up all the enterprise LAN infrastructure. With that kind of background, especially in cloud networking. So over the past 5 years, I've gained a better understanding of application moments beyond infrastructure capabilities. I also try to understand the application landscape so that it becomes easy to define a platform and migrate to the cloud. So it's not just migrating a monolithic application to a monolithic instance-based application. Right? So we refactor certain applications so that the application can be hosted as serverless or it can go as a microservices or it can be an easy-to-based application. So this has been a focus of my career in networking and cloud.

Yep. When integrating an SSL VPN to an existing network, you need to consider various connection options, right? Whether you want to have a full tunnel or a split tunnel, when you want a full tunnel, how do you direct Internet traffic for clients? When you have a split tunnel, which specific applications do you want to publish over the VPN tunnel? So, when it comes to SSL VPN, you also think about identity and authorization, right? So when I say identity and access management, you have a rich user need to access which profile. Like, basically, you have different sets of team members working across various departments, right? You have a profile created for each department that needs to access which kind of resource, right? That's one thing you need to look at for setting up your SSL VPN. Similarly, when connecting to multiple clouds, that's also an important aspect. Having a single VPN connection trying to connect to resources at various locations or various cloud providers is also important, right? From a design perspective, you need to think about the type of tunnel you want to support, a full tunnel or a split tunnel. When it's a split tunnel, how do you handle Internet traffic for users? Whether it's local breakout or through your centralized Internet access, or do you have a cloud proxy that allows users to connect to the Internet in a more secure way, protecting corporate devices as well, right? The other thing is, in terms of SSL VPN, do you have any recent threats with the help of your recent SaaS solution? You can protect the end user in terms of identity, and you can also restrict access to users based on authorization and the level of access, right? Based on authorization, access can be granted based on the level of access. That's what SaaS does. Most things you might see with Zscaler are about private access, Zscaler Internet access, and Zscaler client. They offer full flexibility. When it comes to Cisco solutions, if there's no SSL VPN, there's integration with advanced threat security with the help of cloud DNS or with the help of Umbrella, where you can provide more control to users in terms of threats, right? And in terms of access to resources, whatever they want, and in terms of connectivity, what type of connectivity they want. Whether they want to connect to the corporate network, they want to connect to the cloud, or they want to connect to a specific application that can be published, right? That's also a thing.

In some cases, there is something called cost. That is something called cost. It's a layer 2 access. Right? There is a class of service. Other one is quality of service. Right? So there is an IP precedence value for it where you try to prioritize those classes of services as well as quality of services. With the help of those IP precedents, you can prioritize your traffic over your LAN switches as well as this can be updated over your NPS brand or your private VPN. If you have your SD-WAN devices nowadays, which can prioritize the business traffic, you can provide precedence to those factors that match the traffic. So it says highly business critical, business critical, so that it has a specific treatment in terms of packet handling. So that when it crosses various LAN devices, it has the highest quality of service, so that the packet never gets dropped. Right? So that is one way of handling it. Right? So, going nowhere, if you are doing it manually on your Cisco LAN switches, you try to create the QoS class map so that you can match the IP packets matching those work traffic. Once it matches the quality of service, you can apply an exit interface to the port where it's time to send them the traffic. So that is one option you can think about to mitigate packet loss during peak utilization. Right? That is an option, in terms of quality of service, you want to provide for your network.

Of security devices, Palo Alto. Right? So, basically, you try to impose restrictions. Right? Basically, when it comes to any security devices. Right? You will have very limited access given. So, the priority of your goals is to categorize, let's say, which type of access they need to be granted. So it may not be IP to IP traffic, so you try to access the network in terms of TCP, UDP. Again, in TCP, you have a limited way of creating rules. Right? So it comes with a sequence and it starts with saying 2030. So, the higher the sequence number takes the priority. Right? When you say higher the sequence number, line number 10 takes the 1st priority, line number 20 takes the 2nd priority, line number 30 takes priority. And following the default deny policy, right? So subsequently, it tends to match another set of rules, which has been configured for various network access or various connections. So that is one way. In respect of your parallel to our respective security devices, you would try to understand the connection. You would try to understand the connection which all is being requested between the source and the destination. Based on the source and destination, type of the traffic, if it is TCP or UDP, you will define those firewall rules. Again, within the firewall rule, you have the sequence. Right? Which is 3 to b category as first. Let's say if you want to connect to the Internet, it is very evident that you will try to allow DNS traffic to be allowed first, followed by your HTTP or HTTPS traffic. So you will create a rule first matching to DNS, second one matching to HTTPS traffic. Right? And the third one would be your denial, and you'll be very specific with your IP address and your target IP address. Right? Let's say if you're trying to allow a user from a subnet, you will try to restrict users only from those subnets. And similarly, on your destination, you will create a specific group where you will allow those destinations or the domain name specifically on your destination target and limit it with your protocol actually. Right? So this is something you need to take a step for creating a firewall rule, not only with your Palo Alto devices, it could be of any devices, any security devices you create a role. Right? When you go with your cloud security, you have the native cloud security groups, which will also get applied specifically to instances, each instance has got its own security group. Again, all the security groups, you have a sequence number and you have ingress as well as egress. Right? So specifically, when any kind of a device, firewall are stateful, and it's stateful, right? So automatically, that has been allowed when you define a firewall rule.

SD WAN capable devices. It could be located in a lab or it could be your branch. That is something called your orchestrator. So orchestrator can be kept across any places. It could be on your cloud or it could be on your LAN or it could be on your data center. So there is an orchestrator which needs to be configured quickly, which is the first way to go. After that, you have something. Let's take an example. You have a Cisco device. You have your orchestrator. It's even orchestrating. After that, there is something called v one. Right? V one is a very critical device for any sort of SD WAN device so that it tries to orchestrate your SD WAN edge devices connecting back to your orchestrator. Right? Let's take an example. When you have your SD WAN device trying to get registered with SD event orchestrator. Basically, it will try to connect to z t p dot 5thella dot com. So, the registered SD device is the only device which will try to identify the edge SD WAN edge device based on the serial or the MAC. And it will try to register your SD WAN devices to your SD WAN orchestrator. So, basically, there are three components to it. 1 is we manage. It's called nothing but we're SDN orchestrator. We bought which will help to attach all your SD WAN edge devices to your v manage, which is all your v bond. And the edge actual edge SD one edge devices, it could be a physical device or it could be a virtual device, so that it gets registered to your reborn. And any odd policy. Right? So, basically, the b manager or the SDV orchestrator takes care of two things here. 1 is to define the policies for your edge devices. The other 1 is that if trying to, when I say policy, like, it can create all sorts of configurations for your all your edge devices, right, managing the edge devices, right. Once the management is done, right? The routing, right, the data plane is left out with your SD WAN edge devices. All the cloud capabilities are exchanged between these SD WAN edge devices. Right? So that is where you can implement SD WAN across a multi-regional company. So SD WAN can be placed across any geography. It could be across the geography. So based on the location, right, based on the location, it gets identified on a we manage, so that you can manage the devices specifically to each region. Once the devices are identified, you can create your policy, and you can also establish your SD one overlay tunnel between these SD one s devices. And the last mile for the SD one is devices can be circuit or it could be of any of your LTE capable network or even it could be your MPLS network. So that with all this underlying infrastructure, you can build your SD WAN overlay, identifying your business-critical application from each of your SD WAN devices. Right? So when it comes to SD WAN deployment, there are various ways, such as spoke to spoke or hub and spoke topology. Right? There is a full mesh or it could be a hub and spoke topology.

Seamless, basically, to identify your security incident and management. And, basically, it's an incident response. Right? So when there is an incident on your infrastructure, how you handle that security incident. Basically, it's a kind of operational task, right? You can say it's an operational task when there's a cyber threat, right? It could be after an incident in terms of it could be a network issue or it could be access issues, it could be a device breach, or it could be anything on your surface attack. So those are being categorized under the same umbrella. When it comes to data loss protection, right, basically, you will think about how to protect your data when you're trying to exchange between various stakeholders and assist stakeholders. And you're trying to send data to an external party. Right? So what sort of predictions do you have? So whether the data are encrypted during transmission, right, whether any confidential data has been exchanged, which is not supposed to be explained to a third-party system. Right? So by this way, sensitive data will be scanned by your DLP system and it tries to protect the data, right? So basically it's all about data protection for the company. But when it comes to SIM, right, basically, it talks about incident event management security, incident event management. In security incidents, there could be various things, you know, network threats, system threats, or it could be application threats. Right? So various things to it. And when it comes to network threats, there is something called network denial, DDoS attacks. One is TCP SYN attacks, another one is DNS attacks, all those things. Or, you have when it comes to your identity and access management, the user could be getting compromised, his password is being compromised and being attacked by attackers. Right? So those things are being categorized at the same time. So this is the context in terms of network security between the company.

Cloud. Correct? It is basically how you do in your on-premise. Right? On your data center. Right? So on your data center, you talk about network security, compute storage. Right? So when you talk about how you will look at it on premise, right, you talk about how your application has got high availability, whether the application is getting hosted onto another data center location or whether it's within the same location, it has been located in a different track. Right? So the same construct applies to the cloud. So when you try to migrate an application to a cloud, right? So in a cloud, there's a various construct. So when you choose a cloud, you specify a region where you want to host your application. Within a region, there is an availability zone, which is easy to understand, but you call it an availability zone, such as zone 1, zone 2, or whatever it is. Right? So you can have an availability zone. Right? If you want to have a high availability within that region, you can choose a single region deployment. When you want to have a high availability across regions, you can also do that by creating a multi-region application deployment. So still those can be handled. But when you go for a multi-region deployment, you need to handle those by using a global DNS. Not all 53. As soon as one region fails, another region can take over. But when it comes to a single region, right, you can have your application connected to both availability zones, so that the application can be deployed across both zones. So that when you have an issue with zone 1 and zone 2 is only having a few nodes, you can create a node between these two zones so that the higher load is taken care of. Right? When it comes to cloud security, right, so there are four things to it. One is your network security, where you have network firewalls, security groups, which are defined by default. So when it comes to an application, you have an application load balancer, or you can also have cloud armor. In terms of GCP, you have cloud armor. In terms of AWS, you can use AWS WAF. And we have something called AWS Shield, which will try to protect you from denial of service attacks so that it will try to identify the whitelisted IPs from various places so that you know, network-based DDoS can be prevented. In terms of data transmission, you can use your KMS data protection. Right? So while the data can be protected by doing the transit as well during rest, so that all your data are encrypted at rest as well on your transmission. Right? And apart from that, you also have your KMS, right, all your encrypted data are encrypted by using a customer-managed KMS key. So that is a KMS is one thing. And you also have sensitive data. Right? You can also try to be proactive when storing your data on an S3 bucket so you can use database encryption so that any sensitive data is getting stored on to your S3 bucket. Just to notify so that you can take quick actions in terms of data, when data is getting stored on to your any of your S3 bucket. Right? So that is also one thing which can be having a password rotation or getting notified for every 30 days or two months or whatever it is, you will tend to choose that. So by this.

Try to identify whether it's a legitimate traffic, so that there is a spike in the network. So whether it's purely a demand for an application access, or whether it's a single IP, which is demanding so much of bandwidth, whether it's coming from multiple locations or it is coming from a single location. And whether it is a kind of long-existing connection or really a new connection which is getting established very frequently. Right? So when there is a network spike, right, there could be various reasons for it, whether it could be a very legitimate traffic, which is connecting to an application. Or it could be a network denial of services attack where you could see a TCP SYN attack being thrown so that the application is unable to service back the TCP SYN attack. Right? So that could be one other reason for the initial spike. Basically, when you talk about an initial spike, it is an attack, which is trying to exploit your application system. Right? Or what kind of demand is coming to a network, which is very much unknown. Right? So that is what we need to identify first. Right? And the second thing I would do is to sniff. There is something called a honeypot, which we can place in front of your application or your infrastructure so that the entire traffic can be sniffed to a honeypot so that you can try to understand the behavior of the traffic, which is trying to hit your application infrastructure or your infrastructure. So the honeypot will try to identify what sort of behavior the traffic is meant for your application system. So by this way, you can check from which type of traffic is trying to exploit your network. And you can take actions to it. Right? Once you identify such a thing, your IDS can do a detection so that your IPS can block those traffic entering into your network. So that is the thing which you can do. The first thing is to identify whether it is a network anomaly or it is business-as-usual traffic. Right? After that, understand the behavior of your traffic pattern, whether it is purely legitimate or a little attack by deploying a honeypot kind of a solution. Once you've deployed that, you can have your IP addresses or your devices just drop traffic before it hits your infrastructure. So that is a thing that you can do for eliminating an initial spike in the network product, or it could be anything as it's sort of a digital thing in your network also.

So, basically, when it comes to HSRP, it is a Cisco proprietary protocol asked on by a routing protocol. This gate has got two gateways placed and one takes the responsibility of responding back to our route. And, basically, it was Cisco proprietary. When you want to go to which, we are at here, which is an open standard, which is made for all the devices. Right? So, there are two things to look at. Right? 1st, you identify the network which needs to be migrated from HSRP to VRRP. Right? So, you identify all the networks which are defined with the HSRP and which need to be migrated to VRRP. Right? And the second thing is that you will try to plan your migration from Cisco or from even if it is within your Cisco device, you are trying to move from HSRP to VRRP. Right? You plan in such a way. Right? There should be a downtime here as such. Why? Because we are trying to move the gateway from one protocol to another protocol. Right? In which you will try to make a point here is that what kind of downtime you are expecting when you're migrating from doing your migration window. Basically, what you can do here is that you can have your old configuration kept ready. And it can be also placed onto a network system, which can be made as a shutdown. Right? And this can be kept as a shutdown. And during your network maintenance window, what you can do is, you can quickly go and shut in your head to start here and you can activate your VRRP. So, by this way, you can just quickly minimize your window. Right? Which can be instead of doing changes on the particular maintenance window, you can have it all the changes created, readily available, which can be fired during the maintenance window. It can be kept already, which is in a shutdown place, shutdown state. Right? One other thing is that when you are migrating from one routing protocol to another routing protocol, basically, you need to flush your ARP tables. Basically, you need to flush your ARP tables. Why? Because any end devices which are trying to connect to the gateway, it has got an ARP table which needs to be flushed to all your devices. So, basically, what you need to do is that on your end devices, you need to flush those ARP entries, as well as you need to flush those. We can open the door, flash those MAC entries, and you can just quickly do the upgrade. So, that by this way, you can reduce your downtime so that any system which is trying to connect to the new VRRP will not have an impact. So, that we can handle this. Right? So, that is something which you can plan during your maintenance window. So, that the ARP entries are not getting stored on your end devices, which can be flushed easily. So, that is one thing that you need to plan. Now, secondly, what you need to do is that you need to identify all your business devices which are trying to connect by using HSRP. So, that those also need to be arbitrated in such a way. If there is any static route table created, so that needs to be first down. So, those are the things which you will need to consider when you're migrating from HSRP to VRRP.

But if we mind our traditional van or a private MPLS, it's a very time-consuming process, and it is also very expensive, I would say. Right? It's very expensive and time-consuming for having a private, secured network not being utilized effectively. And when it comes to this, business-critical or business-mission-critical applications, right, with your private MPLS, you will need to define your class of services, quality of services. And basically, there is no dynamic way so that when there is no business-critical traffic, the left-hand bandwidth can be utilized for other applications, right? So, there is no such dynamic way of restricting audio or utilizing your bandwidth on your traditional MPLS network. But when it comes to SD-WAN technology, right, it's based on your business needs, and automatically the traffic can be prioritized when there's a huge demand. When there is no demand on your business particular application, the left-out bandwidth can be used for non-business applications. And so, that way it's very effective in terms of handling your bandwidth on your traditional MPLS and your SD-WAN. And another thing is that with your SD-WAN. Right? Your traditional MPLS will connect from one place to another, and you're limited by the other expanding of your business. Right? But if you're traditionally having your SD-WAN, right, it's just an Internet connection. You have an Internet connection at any location. Placing your SD-WAN devices at any location can quickly bring up additional capabilities. Along with that, it has got business intelligence. So, each of your applications running inside the tunnel can be monitored, inspected, or optimized, right? So, that's having a full visibility of your application, whereas in your private MPLS, you have a very limited visibility of the application. And when it comes to the manageability of your devices, right, in your traditional MPLS, the manageability of devices is kind of a silo, where you don't have a centralized place where you can manage all the devices in one view or in one click of a button. So, any policy you want to implement on those traditional MPLS devices, you need to handle independently, but it can be softened. Right? So, this can be eliminated in a way that any configuration can go across seamlessly to all your SD-WAN devices, or it can be applied to a specific set of devices as easily as it is. Right? And, in terms of MPLS configuration, if you need to have a configuration, you need to go and take those configurations away. But in terms of this, it can be done with just a click of a button. And beyond that, there are many other security functionalities you can add on your SD-WAN devices, right? This brings you too many functionalities on your modern network. It has an easy adoption connecting to a cloud provider, right? You can also connect to any of your cloud providers, and you can also have centralized Internet access. It could be also a possible solution by using SD-WAN devices, right? So, as you hit, nowadays, beyond SD-WAN, you're thinking about secured access and secured. It has got various functionalities added to it, and it brings many benefits than what MPLS can offer, right? MPLS is purely a private connection between your data center and a remote location, or it could be between your cloud and on-premise, right?

And change. Right? So, change management as it comes in a very specific user change. That could be an inflection. So, incident management is something that regular routine things what you get to see, another incident. Right? You can see the spirit of incident fixing to a problem. And a problem has a possibility of having a change management. So when you say an incident, a repeated incident has been called a problem. And a repeated problem, I will call for new changes. So, basically, the ITL weekly frame of incident change and problem management is pure eyes. It's very important for the organization so that you have all your tracking of your incidents as soon as your problem as this will change. And this can be taken to various change processes, as well as, it has full visibility of your changes, which is happening across the organization. And it is a must to have in an IT board. Right? So instead of this, ITSM has a centralized framework where it tries to talk about the various processes which you need to get involved before making a change or addressing a problem with a list of stakeholders to be introduced or a list of stakeholders could be informed, denoting the problem, and a list of updates which need to go over. And there is a problem, it surfaces. And when you try to respond back to the problems, so it should go through a very process today so that everybody's updated and notified. So that is the importance of your details with the frameworks in terms of retrospective operations and incident management.