​Firewalling the OpenStack cloud

Mirantis and Palo Alto Networks are securing the OpenStack cloud with virtual security.

Securing the cloud is not easy. Now, Mirantis, the pure-play OpenStack business, and Palo Alto Networks, an important network security company, have joined forces to add firewalls via virtual network function (VNF) to Mirantis OpenStack. The partners claim this combination will protect "applications from cyber threats while taking advantage of the agility, cost savings, and innovation of the OpenStack cloud ecosystem."

Oh, and by the way, it will make securing OpenStack clouds much easier.


They're on to something. It's not enough to simply virtualize a legacy security appliance on clouds. Businesses need an integrated security solution that can deal with virturalized environments.

The two companies are doing this by integrating and validating Palo Alto Networks' VMSeries virtualized next-generation firewall with Mirantis OpenStack. The VM security system is deployed on OpenStack as a Glance image. It is integrated with Mirantis's default software defined networking (SDN) , Juniper Networks' Contrail Networking.

Put all together the companies make the following claims for their security solution:

  • Easy to deploy and provision: Palo Alto Networks' VM-series firewall is quickly deployed on a VM, and run within the OpenStack cloud.
  • Seamless traffic steering to the VM-Series firewall: Traffic is steered by the SDN controller to VM-series firewall without requiring manual configuration changes to virtual networking attributes.
  • Next-generation security for virtualized applications and data: The joint solution offers visibility and control at a user, application and content level with complete carrier-grade network address translation (CGNAT) capability for service providers.
  • Advanced threat protection: VM-Series advanced threat protection addresses the complete attack life-cycle, with protection against exploits, viruses, spyware, malware and known and unknown threats, such as advanced persistent threats (APT).
  • Enforce Zero Trust (never trust, always verify) security model. Enable a Zero Trust security model across your OpenStack cloud to prevent and contain new attacks across the entire attack life-cycle.

The end result, according to Marc Benoit, Palo Alto Network's vice president of technical business development, is a next-generation security solution that will protect OpenStack from successful cyber breaches.

Related Stories: