ABSTRACT
A legacy Data Center's (DC) security protection system is designed based on the principles of multi-layer protection, zone-based planning, and hierarchical deployment. Such cloud Data Center Network (DCN) security needs to be delivered to users as a service, capable of adapting to dynamic on-demand deployment and elastic scaling of cloud DCN resources. This chapter describes software-defined networking-related security technologies and solutions, including security groups offering virtualization security, network security, advanced threat detection and defense, and security management. DCN network security has three dimensions: intra-DC intra-Virtual Port Channel security, intra-DC inter-VPC security, and inter-DC security. The chapter discusses two border security technologies: anti-DDoS and intrusion detection. The cybersecurity intelligence system can dynamically detect the security posture of the entire network, investigate attack events, and provide intelligent security policy management. Enterprise network security is usually built at the security border for maximum defense; however, such security boundaries become blurred as a result of increased services, technology evolution, and continuous mode adjustment.
