Cisco Cisco Open SDN Controller 1.0 White Paper

Page 3 of 10

Build a Solution to Secure the Science DMZ

This document explores a solution to secure a Science DMZ in a production environment that meets the policy

requirements of most institutions.

SDN controllers can rapidly respond to changing conditions in the network. In the case of a Science DMZ, the

controller can actively block attacks at the enterprise border and steer huge data flows around firewalls and

intrusion detection systems (IDSs) that would otherwise be overwhelmed by them or limit their performance.

Figures 2 presents an overview of this solution.

Figure 2. Secure Science DMZ Overview

In this solution, the Cisco

Open SDN Controller directs changes in the network. It is a central point that accepts

representational state transfer (REST) commands, updates any applicable state within the controller, and then

constructs the appropriate device-specific action and sends it using the appropriate protocol for that device

(OpenFlow, NETCONF, etc.).

As a powerful event aggregation database with the capability to process arbitrary Python code, Splunk is an

excellent platform to act as a clearinghouse for all security and application events in the science DMZ. In this

solution, Splunk logically sits on top of the Open SDN Controller as an application and ingests information from

three main sources: the Cisco FireSIGHT

Management Center, Cisco Adaptive Security Appliance (ASA) firewall,

and Globus. However, it can collect events from many other devices on the network, such as host-based IDSs,

web-security appliances, and identity services, providing additional situational awareness. Splunk can then

correlate events to identify patterns and thresholds and act on them by sending REST commands to the Open

SDN Controller.