Orchestrating Security Policy in Large, Complex Networks
Some of the largest enterprises in the world use Tufin Orchestration Suite to manage their network security policies. To meet the requirements of their business, the system must be able to process large numbers of logs and changes, analyze them immediately, and make the results available to the professionals who depend on the system to manage the network.
Tufin offers the most scalable Security Policy Orchestration solution available. Using modern technology and robust infrastructure, the suite can handle more than 1,000 devices and provide real-time, event-driven change tracking, accurate network topology analysis, and automated change provisioning – along with an interactive and responsive user experience.
Tufin Orchestration Suite provides a reliable, flexible platform for central management of large and geographically distributed data centers as well as managed service providers. It supports multiple deployment options to match the needs of various organizations, such as:
The full suite – SecureTrack, SecureChange and SecureApp – can be installed on a single, stand-alone server, either virtual or physical. This deployment is suitable for small to medium environments or for customers that are using SecureTrack only.
Tufin Orchestration Suite can be deployed across two servers. One server is used for monitoring the network and processing changes with SecureTrack and the other is dedicated to change management with SecureChange and, optionally, for application connectivity management with SecureApp.
With this approach, even when SecureTrack is busy processing device changes or generating reports, SecureChange is free to serve users and administrators that want to submit or modify change requests.
- Distribution Servers
Customers with large networks and/or many devices (firewalls, routers, switches and load-balancers) can scale across multiple distribution servers. Rather than monitoring all devices and logs from a single server, this model uses distribution servers to monitor devices, process the logs and communicate the results back to a Central Server. The Central Server stores the database and serves the Web GUI clients.
- Remote Collectors
Organizations with multiple data centers can deploy remote collectors locally at each one. The remote collectors monitor the local devices (firewalls, routers, switches and load-balancers), process the logs and upload compressed data to the Central Server over a secure connection. Completeness of the uploaded data is guaranteed, even over unreliable or slow connections.
High Availability features continuous synchronization between the primary and secondary server as well as a manual or automated failover process. The secondary server can be deployed either locally or in a geographically remote data center.
Tufin offers a federated deployment option for highly distributed federated enterprises that require data separation according to business entity yet still need cooperation across entities for change automation. In this model, each business entity manages its own Tufin deployment (with any of the deployment options above). Collaboration is supported via the back-end to automate the handling of end-to-end changes across the network without exposing sensitive data between entities.
Delivery Options & Scalability
Tufin Orchestration Suite is designed to scale out for the following factors:
- Number of monitored devices
- Size of policies, ACLs and routing tables
- Frequency of changes
- Volume of traffic logs
- Number of users using the system interactively for analysis, change handling, reporting, etc.
- Number and size of change requests
- Number and frequency of API calls
- Number of applications and connectivity dependencies to be managed
Scalability is achieved through a combination of hardware configuration, distributed deployments and code optimization. Tufin provides professional services for achieving a customized, scalable deployment. Tufin’s Professional Services Team can assist large deployments, integrate with other systems and customize the system. Contact us to learn more.