Cisco Cisco Open SDN Controller 1.0 White Paper
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 10
Build a Solution to Secure the Science DMZ
This document explores a solution to secure a Science DMZ in a production environment that meets the policy
requirements of most institutions.
SDN controllers can rapidly respond to changing conditions in the network. In the case of a Science DMZ, the
controller can actively block attacks at the enterprise border and steer huge data flows around firewalls and
intrusion detection systems (IDSs) that would otherwise be overwhelmed by them or limit their performance.
Figures 2 presents an overview of this solution.
Figure 2. Secure Science DMZ Overview
In this solution, the Cisco
®
Open SDN Controller directs changes in the network. It is a central point that accepts
representational state transfer (REST) commands, updates any applicable state within the controller, and then
constructs the appropriate device-specific action and sends it using the appropriate protocol for that device
(OpenFlow, NETCONF, etc.).
As a powerful event aggregation database with the capability to process arbitrary Python code, Splunk is an
excellent platform to act as a clearinghouse for all security and application events in the science DMZ. In this
solution, Splunk logically sits on top of the Open SDN Controller as an application and ingests information from
three main sources: the Cisco FireSIGHT
®
Management Center, Cisco Adaptive Security Appliance (ASA) firewall,
and Globus. However, it can collect events from many other devices on the network, such as host-based IDSs,
web-security appliances, and identity services, providing additional situational awareness. Splunk can then
correlate events to identify patterns and thresholds and act on them by sending REST commands to the Open
SDN Controller.