Open Networking User Group (ONUG) logo


ONUG Fall 2017 October 17 & 18

Software-Defined Security Services

The Software-Defined Security Services Group was created following ONUG Spring 2015, where users prioritized the use case below as one of the top three. The working group continues to meet once a month and collaborate via a dedicated wiki between ONUG Conferences to further develop the use case.

Problem Being Solved:

  • Mitigate software defined data center threats
  • Mitigate lateral moving threats and advanced attacks thanks to increased east-west traffic flows providing new paths of exploit entry
  • Secure increased sharing of data between business units, partners, and customers
  • Authenticate automated provisioning of workloads
    • How to leverage existing security appliances with new virtualized appliances
    • How to create a security fabric that stretches throughout the data center
    • How to automate provisioning of security network services with workload

Open Networking Components:

  • Centralized policy controllers, open provisioning APIs, etc.
  • Common controller mechanism to enforce security policy


  • Lack of compliance/audit tools and procedures to authenticate on-demand IT service creation
  • Common controller mechanism to enforce security policy


  • Enable on-demand IT service delivery securely
  • Provide compliance/auditable trails demonstrating authentication of on-demand workload created
  • Eliminate security appliance configuration delay to speed IT service delivery, matching business requirements/demands
  • Opportunity to leverage centralized security policy with distributed enforcement of existing network devices plus physical and virtual appliances

SDDC Security Fabric


Sign Up To Participate Button