Connection to the cloud and secure communication within the cloud are essential factors for the secure use and provisioning of cloud services. Therefore, Swisscom recommends encrypting data during transfer and making accessible only the services and applications that are sufficiently protected.
You can protect the virtual environments by using the following solutions:
The Edge Gateway (Edge GW) is the interface between the Internet and other networks. In includes a firewall with a packet-filtering function. In addition, the Edge GW can also be used for other functionalities, such as NAT, VPN, load balancing or even DHCP. The Edge GW is a standard VMware product. In a DDC, the Edge GW can be configured in such a way that it meets the respective requirements.
With the DS product, the VCNS Edge GW cannot be managed directly. You can activate the requisite ports by adding connectivity in the DCS portal. As part of that, the product supports the control of the following ports of often used standard protocols:
In addition, you can control additional ports by configuring them directly in the DCS portal.
Firewall appliances from third-party producers
If the architecture requires more complex and more extensive firewall functions (e.g. Stateful Inspection or Deep Inspection), there is the option to use virtual firewall appliances, or even other security appliances from third-party producers. Accordingly, a preconfigured template for a Big IP Firewall from F5 Networks is made available in the public catalogue. You will find additional appliances that can be easily imported at www.vmware.com. However, additional licenses and relevant expertise in terms of configuration are required when using such appliances.
Managed Firewall Service
Instead of operating virtual 3rd party firewalls by yourself, Swisscom offers you a managed service. With the Managed Firewall from “Managed Security Services – individual” (MSS-i), you benefit from basic port handling and many other functions, such as performance tuning, site-to-site VPN, Network Address Translation, zone-based policy, stateful inspection, network segregation, and virtual Local Area Network.
The operation of these virtual systems is identically to an appliances based solution. For Security Services Swisscom has a dedicated 24/7 security operation center (SOC) in Switzerland. The customer will have access to a dashboard and has a personal code to dial-in directly to a Security-Expert. In addition change management, release management, incident management, licence management, configuration management, backup management and vulnerability management with regard to the security service is included. For information in more detail please see www.swisscom.ch/mss-i.