WEBVTT

1
00:00:03.300 --> 00:00:19.500
Nick Lewis - Internet2: hi everyone thanks for joining me, my name is Nick Lewis from Internet to a program manager working in code security thanks for joining for the netflix Palo Alto networks town hall kickoff will be talking about prison to access this month and.

2
00:00:20.520 --> 00:00:36.090
Nick Lewis - Internet2: Just a little housekeeping if you could rename yourself, for your name plus your campus name in June, just so everyone has the context of who you are where you're from and we'll be posting the recording from this call on netflix Palo Alto wiki and.

3
00:00:37.290 --> 00:00:46.770
Nick Lewis - Internet2: Then, if you have any questions feel free to put them in the chat while hunter and I are talking and then add will have a short presentation on.

4
00:00:48.120 --> 00:00:54.510
Nick Lewis - Internet2: Prison access and then we'll have open questions so let's it will get picked out.

5
00:00:56.220 --> 00:00:58.200
Nick Lewis - Internet2: Just a little on the.

6
00:00:59.430 --> 00:01:08.190
Nick Lewis - Internet2: Logistics find the wiki go pretty quick questions that will do a quick overview of the program so for anyone who's not aware of.

7
00:01:08.760 --> 00:01:14.640
Nick Lewis - Internet2: That plus or how not plus program works we're trusting yourself system kaler top quality cloud services.

8
00:01:15.300 --> 00:01:30.960
Nick Lewis - Internet2: you'll see the numbers here around the how many campuses are subscribed to least 381 institution subscribe to at least one net plus service hundred and 17 institutions have contribute to at least one netflix service validation.

9
00:01:32.250 --> 00:01:33.240
Nick Lewis - Internet2: And we've got 20.

10
00:01:34.470 --> 00:01:37.590
Nick Lewis - Internet2: X 24 services to be added, for the last month.

11
00:01:38.610 --> 00:01:54.540
Nick Lewis - Internet2: cloud service and conservation so quick quickly on that key characteristics and requirements for netflix service, we need to have a service scale at least nationally meet the needs of the research and education community needs to use the Community.

12
00:01:55.620 --> 00:02:03.090
Nick Lewis - Internet2: invested network, the global r&d network, they need to adopt the Federated identity standards across the Community.

13
00:02:04.110 --> 00:02:15.720
Nick Lewis - Internet2: Then commits to accessibility, privacy and security and other compliance for the Community and demonstrate seo practices and a business model that aligns with Community expectations.

14
00:02:16.290 --> 00:02:24.720
Nick Lewis - Internet2: And then finally support all that with a comma Community contracting with terms of conditions that are negotiated once by the service evaluation committee.

15
00:02:26.340 --> 00:02:43.590
Nick Lewis - Internet2: And as part of the service evaluation we did a functional assessment we did a technical integration discussion we didn't security compliance review and then we did some business and development around the legal pricing model and how the bundles work together.

16
00:02:45.630 --> 00:02:58.110
Nick Lewis - Internet2: Then, many thanks to our service evaluation campuses Thank you Erin from the University of nebraska for sponsoring and that's the sort of evaluation campus so sticking with us through the pandemic.

17
00:02:59.280 --> 00:03:01.320
Nick Lewis - Internet2: Because it it definitely took a lot.

18
00:03:02.340 --> 00:03:11.880
Nick Lewis - Internet2: To work on this for the Community, so that everyone could get these benefits during our the start of the service evaluation we were hearing feedback of.

19
00:03:12.960 --> 00:03:21.450
Nick Lewis - Internet2: At the start of the service, it should also just when the pandemic restarting we heard feedback from the community that teachers, need to be prepared to educate remotely.

20
00:03:22.050 --> 00:03:30.870
Nick Lewis - Internet2: Obviously that's core to our mission and we went and we heard some campuses that we only have sufficient capacity for our 20% of our remote workforce.

21
00:03:31.350 --> 00:03:43.140
Nick Lewis - Internet2: And so we knew we were hearing like a real challenge for campuses that maybe we can help with and they're done they're heard campus and make comments which we don't have the network capacity for 50% our.

22
00:03:44.430 --> 00:03:53.490
Nick Lewis - Internet2: campus working remotely so we, this is at the start of service validation and we had a plan, and so, then this is what the plan look like, so we started off.

23
00:03:55.410 --> 00:03:58.950
Nick Lewis - Internet2: working through the first couple steps kicking it off.

24
00:04:00.300 --> 00:04:13.290
Nick Lewis - Internet2: And then the pin and rick happen and we took a small on their grip smaller turn so that we could basically address the feedback that would hurt and make Christmas access available to the Community.

25
00:04:14.400 --> 00:04:22.230
Nick Lewis - Internet2: Before we've completed service evaluation so campuses could meet that immediate emerging need, and so, then we went back, we did a short term.

26
00:04:22.590 --> 00:04:32.520
Nick Lewis - Internet2: Legal agreement to suit the campuses could get this benefit, and then we went in and completed the service evaluation at the beginning of this year and.

27
00:04:34.260 --> 00:04:39.840
Nick Lewis - Internet2: So now i'll switch over to hunter for you to talk about the details on that service.

28
00:04:40.530 --> 00:04:46.200
Hunter Ely - Palo Alto Networks: awesome thank Thank you so much, Nick I really appreciate it, and if you can just go to the next slide we'll let it sit here for a minute.

29
00:04:46.980 --> 00:04:56.100
Hunter Ely - Palo Alto Networks: I just want to say you know first, this is the first of several Community calls we're going to be doing the rest of this year we've got three more calls after this going into the other.

30
00:04:56.820 --> 00:05:03.900
Hunter Ely - Palo Alto Networks: bundles that we built around the the service evaluation and they're now part of net plus so today is all about prism access.

31
00:05:04.590 --> 00:05:13.950
Hunter Ely - Palo Alto Networks: But I wanted to give you some you know what why we're here right, you know as as as some of you may know, and and.

32
00:05:14.910 --> 00:05:26.610
Hunter Ely - Palo Alto Networks: And know about Palo Alto networks, we have we've been a partner of education for quite some time, but we were really trying to find ways to become more.

33
00:05:27.090 --> 00:05:34.440
Hunter Ely - Palo Alto Networks: deeply engaged in the Community, because we're working with universities one, at a time and that's great, but we want to figure out what's the what's the value of the Community.

34
00:05:34.890 --> 00:05:44.340
Hunter Ely - Palo Alto Networks: So I came to Palo Alto networks, about two and a half years ago, as the former Soviet Union university and as someone who spent 20 years in the seat, just like Nick.

35
00:05:45.240 --> 00:05:52.140
Hunter Ely - Palo Alto Networks: You know, we understand the dialer Community deeply from the inside, and I wanted to bring some of that passion and bring some of that excitement around.

36
00:05:52.800 --> 00:06:04.260
Hunter Ely - Palo Alto Networks: How we can work with the Community to our company, so I started with this slide I won't read it, but I always start my presentations with this slide because this is, this is my North star we got to support the mission.

37
00:06:04.680 --> 00:06:09.780
Hunter Ely - Palo Alto Networks: And this entire program everything that plus does is built around supporting your mission.

38
00:06:10.260 --> 00:06:23.190
Hunter Ely - Palo Alto Networks: You know, we build great products and we love we love you guys are using them and will you know, continue to use them, but we got to make them meet you at your knee so I always think about this slide is a starting point, and if you want to go to the next slide.

39
00:06:25.680 --> 00:06:31.230
Hunter Ely - Palo Alto Networks: You know before I get too far into the weeds here, I do want to say again, thanks to rick.

40
00:06:32.130 --> 00:06:45.270
Hunter Ely - Palo Alto Networks: You know, university nebraska Lincoln is really tip of the spear when it comes to thinking about security, these days, and we really value the relationships we have with all of our service evaluation Members but university nebraska really.

41
00:06:46.530 --> 00:06:56.400
Hunter Ely - Palo Alto Networks: did a solid here and got us involved in that plus program and and really helped us define what those challenges were and then ultimately we built some solutions around them so.

42
00:06:57.450 --> 00:07:07.740
Hunter Ely - Palo Alto Networks: i'll spend a little bit of time on this, but not much that we get over to the to the meat of the presentation by by someone much smarter than myself, Mr at as well he'll be on in a minute, but.

43
00:07:08.700 --> 00:07:17.010
Hunter Ely - Palo Alto Networks: We spent about six months going over what are the challenges that are you know that really exist in education around security and how are those things changing.

44
00:07:17.340 --> 00:07:28.200
Hunter Ely - Palo Alto Networks: Of course, this massive shift for for online or for remote access is was a direct result of the pandemic, this was something that was changing, but the pandemic just sped it up.

45
00:07:29.700 --> 00:07:30.360
Hunter Ely - Palo Alto Networks: there's this.

46
00:07:31.500 --> 00:07:37.350
Hunter Ely - Palo Alto Networks: All these products that are the cloud, you know there's there's been sort of a sea change when it comes to capital.

47
00:07:37.770 --> 00:07:46.560
Hunter Ely - Palo Alto Networks: Expenditure expenditures versus operational expenditures and that has driven some of the move to the cloud, along with all of the excitement these these technologies bring.

48
00:07:46.890 --> 00:07:58.950
Hunter Ely - Palo Alto Networks: But what that is what that has caused is that these native tools just are not up to the task of of multi cloud environments environments that are partial cloud some on Prem and in security was just hard to do in a consistent way.

49
00:08:00.540 --> 00:08:08.160
Hunter Ely - Palo Alto Networks: The the idea of shadow it continues to get worse, you need more visibility into these byob devices, you know when we.

50
00:08:09.390 --> 00:08:21.390
Hunter Ely - Palo Alto Networks: hire at least always raz the vendors, that would come to us talking about byob because we we had been doing bring your own device since the beginning of time, you know that was nothing new to higher ED and and supporting that was still part of the mission.

51
00:08:22.290 --> 00:08:28.440
Hunter Ely - Palo Alto Networks: Getting this idea contextual alerting between all of the services, you have it's been very difficult.

52
00:08:29.100 --> 00:08:35.610
Hunter Ely - Palo Alto Networks: Best of breed doesn't meet the need anymore so we've got to find ways to alert across the entire.

53
00:08:36.060 --> 00:08:42.420
Hunter Ely - Palo Alto Networks: Infrastructure whether that's on Prem network endpoint offer and everything and really get a contextual view.

54
00:08:42.720 --> 00:08:52.140
Hunter Ely - Palo Alto Networks: And, of course, the thing that we're always excited about compliance and meeting those regulations we've got first but we got hipaa we got physical we got all these things that we've got to.

55
00:08:52.740 --> 00:09:01.020
Hunter Ely - Palo Alto Networks: To think about and if we don't do that in a holistic way there's there's there's not only risk involved in that, but there's risk of a client of being out of compliance.

56
00:09:02.310 --> 00:09:07.110
Hunter Ely - Palo Alto Networks: staffing is something that we've never had a problem with in higher ED we've always been fully staffed and had plenty of.

57
00:09:07.950 --> 00:09:13.710
Hunter Ely - Palo Alto Networks: Plenty of folks taking care of those those needs, for us, I kid right, I mean this has been a problem, since the beginning of time.

58
00:09:14.430 --> 00:09:20.280
Hunter Ely - Palo Alto Networks: You know, when I was at LSE we had 30 plus thousand students in a security operations team of about five people.

59
00:09:20.700 --> 00:09:31.050
Hunter Ely - Palo Alto Networks: that's super common that's that's that's very much the way this world works in in this Community, so we have to find ways to to be more efficient operate in a more automated way.

60
00:09:31.530 --> 00:09:44.370
Hunter Ely - Palo Alto Networks: And then you know i've already talked about this, but too many security products too little value and too much time wasted on that these were the things that we were thinking about and came out of those conversations, so we took these challenges and executing the switch the next slide.

61
00:09:45.420 --> 00:09:56.010
Hunter Ely - Palo Alto Networks: We we categorize them and sort of four buckets that met both the need of the challenges and our capabilities as a company and we're known as a firewall company.

62
00:09:56.850 --> 00:10:02.550
Hunter Ely - Palo Alto Networks: But we do so much more and and lately i've been talking about how we do full lifecycle security now, which is really.

63
00:10:02.940 --> 00:10:13.380
Hunter Ely - Palo Alto Networks: Really, you know where we where we needed to get to so we can we can do everything from preparing for in architecture security solutions, all the way to responding to.

64
00:10:13.980 --> 00:10:27.750
Hunter Ely - Palo Alto Networks: breaches and attacks, so the The great thing there is that all of our portfolio is integrated in a way that that makes that easier and automates those things where they can be automated and makes it makes it more efficient so.

65
00:10:29.100 --> 00:10:36.720
Hunter Ely - Palo Alto Networks: Now that we're now that we have met that that milestone for ourselves, we figured out these four areas where we could help.

66
00:10:37.590 --> 00:10:47.850
Hunter Ely - Palo Alto Networks: Higher ED immediately and then of course the service evaluation committee agreed to this, because this is, this is really not us saying this is the service evaluation number saying.

67
00:10:48.720 --> 00:10:56.670
Hunter Ely - Palo Alto Networks: So today we're talking about secure remote access for all use cases everywhere, this is prison access i'm not gonna dig into that right now, because i'll let it.

68
00:10:57.540 --> 00:11:05.910
Hunter Ely - Palo Alto Networks: Can characterize it a much better way than I did over the next three calls after this we'll be talking about cloud native security so think about.

69
00:11:06.630 --> 00:11:18.780
Hunter Ely - Palo Alto Networks: You know, almost 100% of the universities, I talked to our multi cloud universities So how do you how do you protect aws in a consistent way with tcp and and in Microsoft azure.

70
00:11:19.260 --> 00:11:27.720
Hunter Ely - Palo Alto Networks: We have a we have a prism a cloud that can sit on top of things and help you manage things like configuration management and compliance and things like that.

71
00:11:28.140 --> 00:11:46.110
Hunter Ely - Palo Alto Networks: Then we'll go into the next meeting will be about next generation detection and response, this is what traditionally has been held by the antivirus clients, but now is a bigger problem called end point detection and response, we have two products around that next Dr and Dr pro.

72
00:11:47.400 --> 00:11:53.970
Hunter Ely - Palo Alto Networks: That will be in August that will talk about those and then in September we'll talk about how bring how you bring it all together.

73
00:11:54.510 --> 00:12:08.490
Hunter Ely - Palo Alto Networks: And automate all of those things that that you can as an example, our automation platform can take in a phishing email create an alert alert the staff do some sort of remedial action, and you can automate all of that.

74
00:12:08.940 --> 00:12:14.910
Hunter Ely - Palo Alto Networks: We have 400 plus integrations with that, so I really look forward to the conversation we have around these next.

75
00:12:15.390 --> 00:12:27.480
Hunter Ely - Palo Alto Networks: Three use cases but they're really you know, together with sock automation is going to be going to be where It all starts to really make sense, so I encourage everyone on this call to continue listening to these calls, as we go on, and you can go the next slide.

76
00:12:29.850 --> 00:12:39.780
Hunter Ely - Palo Alto Networks: So restated in a different way, including our product lines are these four pillars that I just described, you can read left to right.

77
00:12:40.200 --> 00:12:53.580
Hunter Ely - Palo Alto Networks: As remote access cloud native SDR and automation and what this tells you is is basically the challenges where you know we were defining with this service Evaluation Group, the benefits that we see and the components of that bundle.

78
00:12:54.420 --> 00:12:59.250
Hunter Ely - Palo Alto Networks: We want to get too caught up in this, because one of the things Internet to has.

79
00:13:00.420 --> 00:13:04.050
Hunter Ely - Palo Alto Networks: has really helped us out on this is, is it helping us understand that.

80
00:13:04.500 --> 00:13:15.390
Hunter Ely - Palo Alto Networks: or we're all working together to understand that these are not one size fits all these bundles can be can be adjusted to your specific need, but we wanted to make sure that we were looking at things and sort of a.

81
00:13:16.050 --> 00:13:25.050
Hunter Ely - Palo Alto Networks: Simpler view so that we can we can help you know move the needle in a in a meaningful way when it comes to your own cyber security posture.

82
00:13:25.740 --> 00:13:34.740
Hunter Ely - Palo Alto Networks: So this is, this is the slide that tells you everything is but it gives you a good view of how we ended up here and Nick you want to go to the next one.

83
00:13:36.510 --> 00:13:38.730
Hunter Ely - Palo Alto Networks: So today is all about this channel.

84
00:13:39.870 --> 00:13:40.680
Hunter Ely - Palo Alto Networks: We want to.

85
00:13:42.480 --> 00:13:52.470
Hunter Ely - Palo Alto Networks: tackle the old vpn problem, we want to tackle the I need secure access that I don't necessarily want all of that traffic going through my own network.

86
00:13:52.830 --> 00:13:58.290
Hunter Ely - Palo Alto Networks: I want to be able to do this in a cloud delivered way and that's what prism access is all about.

87
00:13:58.950 --> 00:14:04.320
Hunter Ely - Palo Alto Networks: This bundle will include prism access, which is, which is our cloud delivered firewall as a service and it.

88
00:14:04.770 --> 00:14:16.140
Hunter Ely - Palo Alto Networks: It may correct me a little bit on that, but that's that's basically what that is cortex data lake which allows you to contextualize those logs panorama to manage it global protect which is.

89
00:14:17.130 --> 00:14:23.880
Hunter Ely - Palo Alto Networks: The on Prem vpn client So if you need to get some on Prem work done, we can we can include global protect in that.

90
00:14:24.390 --> 00:14:36.720
Hunter Ely - Palo Alto Networks: In that bundle as well and, of course, support wrapped around it, so that you're successful on day one, so with that I will I will certainly pass it on to someone smarter and and better at.

91
00:14:37.410 --> 00:14:38.700
Hunter Ely - Palo Alto Networks: describing these things to.

92
00:14:38.790 --> 00:14:39.690
Ed Caswell: You know, to you guys.

93
00:14:40.110 --> 00:14:41.850
Hunter Ely - Palo Alto Networks: And you know I try not to talk.

94
00:14:42.270 --> 00:14:43.410
Ed Caswell: Too much about head, but.

95
00:14:44.040 --> 00:14:44.460
Ed Caswell: You know.

96
00:14:44.850 --> 00:14:47.310
Hunter Ely - Palo Alto Networks: He knows what he's doing and i'm glad to have him here so.

97
00:14:48.180 --> 00:14:52.050
Hunter Ely - Palo Alto Networks: As we go through this and will and we'll do a.

98
00:14:52.650 --> 00:14:53.940
Ed Caswell: top to bottom, on this with a.

99
00:14:54.180 --> 00:14:55.920
Ed Caswell: little bit of a DEMO and then.

100
00:14:56.100 --> 00:14:58.890
Hunter Ely - Palo Alto Networks: we'll ask questions so with that and i've talked to you up enough.

101
00:14:58.980 --> 00:14:59.370
Ed Caswell: Here you go.

102
00:15:01.980 --> 00:15:06.990
Ed Caswell: Setting expectations are, I hope I can deliver on them, but uh hey folks please excuse the headsets.

103
00:15:07.890 --> 00:15:23.100
Ed Caswell: i'm a former soldier, so my hearing is not as good as it used to be so you get to look at these big ugly headsets that I have on here so listen spot on all the way around tons or and Nick great conversation let's kind of look at.

104
00:15:24.540 --> 00:15:28.170
Ed Caswell: And I love the zoom controller hang on there we go.

105
00:15:29.940 --> 00:15:34.320
Ed Caswell: and present there we go alright so.

106
00:15:35.640 --> 00:15:38.160
Ed Caswell: proves my access and sassy.

107
00:15:39.450 --> 00:15:46.620
Ed Caswell: secure access service edge it's an interesting turn right in quite frankly, as you look across the marketplace.

108
00:15:47.370 --> 00:15:56.310
Ed Caswell: Every vendor out there has a different view of the architecture, how are they delivering sassy How are they delivering service access and there's no right or wrong.

109
00:15:56.730 --> 00:16:05.520
Ed Caswell: it's just different vendors have chosen different ways to deliver it right and what i'm going to talk about specifically today is how Paul also chose to deliver it.

110
00:16:06.120 --> 00:16:16.890
Ed Caswell: it's a little bit interesting it's a little bit different than the other folks are in this market and again i'm not here to tell you that we're doing it the right way i'm just here to tell you how we're doing it and the logic behind it so.

111
00:16:19.170 --> 00:16:27.750
Ed Caswell: Really, as we look at this and I want to get really anecdotal here and I want to talk about covert 19 I don't think i've talked to you folks since we've really been in the throes.

112
00:16:28.230 --> 00:16:36.120
Ed Caswell: of code 19 so I really want to talk to you about last March, but let's let's talk about how we got here first so.

113
00:16:36.900 --> 00:16:48.540
Ed Caswell: i'm a 25 actually 30 year security professional 15 years with Cisco operationally for 10 years before that so i've been here this drawing is busy drawing.

114
00:16:49.080 --> 00:16:54.210
Ed Caswell: Controls in different places different controls different configurations on those controls.

115
00:16:54.750 --> 00:17:02.850
Ed Caswell: and, frankly, for me personally it wasn't a bad thing, because in the operational world not many people understood those controls, not many people.

116
00:17:03.120 --> 00:17:12.480
Ed Caswell: understood how to put a security policy against those controls, I happen to be one of them, so kept me employed for 10 or so years so, but the problem is.

117
00:17:13.590 --> 00:17:15.750
Ed Caswell: Man if you're managing the side of it right.

118
00:17:17.280 --> 00:17:27.750
Ed Caswell: Different different configurations different vendors different controls all together right and you as a security professional had to bring us all together in a coherent policy.

119
00:17:28.200 --> 00:17:37.230
Ed Caswell: It was a challenge right now going back 15 years 15 and 10 years right, we still have legacy out there, but this is really kind of grown from where it is, I think.

120
00:17:37.530 --> 00:17:45.270
Ed Caswell: Maybe this last little bit of an exaggeration, where we typically are, but it makes a good point right let's say you have 10 different vendors.

121
00:17:45.780 --> 00:17:57.300
Ed Caswell: Even managing 10 vendors it's a challenge if you could take those 10 and get them down to three or four or five you're gaining ground right so anyway, I like to show this slide it's really pretty good.

122
00:17:59.670 --> 00:18:07.080
Ed Caswell: This is kind of the look and feel let me get this bar out of the way if you folks saying yep this is really the look and feel.

123
00:18:07.920 --> 00:18:15.990
Ed Caswell: Of what sassy use for Palo Alto networks, and we really come at it for two different directions network as a service and security as a service.

124
00:18:16.740 --> 00:18:24.540
Ed Caswell: security as a service or problem with the networks that should be easy for everybody We grew up next gen firewall that's where we came from that's who we are.

125
00:18:24.990 --> 00:18:35.460
Ed Caswell: In we apply the next gen firewall that we've had around for 12 and 13 years to prison the access meaning it grew up as a security architecture.

126
00:18:36.060 --> 00:18:46.380
Ed Caswell: Now, as a key phrase there i'm using architecture right as I talked to folks about prison access, a lot of folks are like okay it's a gateway in the cloud.

127
00:18:47.430 --> 00:18:56.550
Ed Caswell: It is but it's how we deliver that gateway in the cloud that makes it very special okay so i'm going to jump off in the whiteboard here in a second and.

128
00:18:57.060 --> 00:19:01.800
Ed Caswell: Have patients will be will buy whiteboard, but I think I can get the fundamental across what this looks like.

129
00:19:02.400 --> 00:19:11.640
Ed Caswell: So we're a security company right so three years ago we said Okay, we want to deliver security in the public cloud, another key for is there.

130
00:19:12.150 --> 00:19:21.090
Ed Caswell: So I talked about architectures Palo Alto networks with prison access decided to deliver this architecture in the public cloud I was actually.

131
00:19:21.510 --> 00:19:30.480
Ed Caswell: kind of knows as well, I was actually in on some of those initial conversations, it was a very pointed decision of why we wanted to go to the public cloud.

132
00:19:31.140 --> 00:19:36.960
Ed Caswell: One is for mobile users there's a great feature in the public cloud environment it's called auto scaling right.

133
00:19:37.590 --> 00:19:47.820
Ed Caswell: So agility we wanted to have an agile platform that scaled wildly right and we knew that the public cloud platforms offered auto scaling for all.

134
00:19:48.210 --> 00:19:56.790
Ed Caswell: types of applications, not just for the security as a service with in prison access so that's one of the reasons why we chose to go the public cloud the other reason being.

135
00:19:57.450 --> 00:20:06.900
Ed Caswell: Billions had been sent had been spent on the infrastructure of the public cloud meaning Palo Alto networks, three years ago had their own private cloud world.

136
00:20:07.560 --> 00:20:14.250
Ed Caswell: Actually wildfire, which is our sandbox environment had been around for quite some time, it was built on Palo Alto networks private cloud.

137
00:20:14.700 --> 00:20:25.860
Ed Caswell: So we could have gone the private cloud direction we specifically chose to go to public cloud, in fact, the reason i'm at Palo Alto networks is because we tried to go.

138
00:20:26.310 --> 00:20:38.070
Ed Caswell: Or we decided to go to public cloud world I came in as a public cloud consulting engineer, and then, and since it into prison access so very specific reason why we did that.

139
00:20:39.240 --> 00:20:48.270
Ed Caswell: anecdotally want to share something with you last March, everybody remembers it right what were you doing last March, I can tell you what I was doing.

140
00:20:48.810 --> 00:21:01.290
Ed Caswell: I was trying to keep up with a company companies around the world that had an infrastructure built to support 20% of their remote users, that was now 100%.

141
00:21:01.800 --> 00:21:10.350
Ed Caswell: of their remote users and they were looking to deliver those services in 24 hours and i'm talking about companies that were supporting.

142
00:21:10.950 --> 00:21:24.060
Ed Caswell: 20,000 users that now had to support 250,000 users and literally in a 24 hour time frame so listen we it wasn't smooth right.

143
00:21:24.630 --> 00:21:32.790
Ed Caswell: It was a challenge, thank God we're in the public cloud world now it wasn't all roses in the public cloud world as well.

144
00:21:33.210 --> 00:21:37.350
Ed Caswell: There were limits to the scalability of public cloud, and we had to work with the public cloud.

145
00:21:37.710 --> 00:21:45.510
Ed Caswell: providers that we're working with to make sure that there were compute and resources available, but the reason we had to do that is because we were talking about.

146
00:21:46.290 --> 00:21:51.480
Ed Caswell: In certain regions, going from supporting 50,000 users to supporting half a million.

147
00:21:52.350 --> 00:21:59.160
Ed Caswell: In literally in a 24 hour 48 hour time frame and those public cloud providers were great they had the resources available.

148
00:21:59.850 --> 00:22:13.320
Ed Caswell: We work through it we started supporting those users in literally at least we weren't fighting the battle of having compute and memory, there were other battles that we were fighting around ISP an ISP.

149
00:22:15.030 --> 00:22:25.500
Ed Caswell: The amount of bandwidth that they had and facilities that they had it wasn't all roses some tell you, but at least we were flooding the public cloud world and literally.

150
00:22:26.130 --> 00:22:35.970
Ed Caswell: We started in March we started actually we started in February, we were heavy in it by March by April and probably towards the end of April.

151
00:22:36.570 --> 00:22:46.650
Ed Caswell: We had some huge customers that are running at 100% of their users offline offer mode accessing their applications and doing what they needed to do.

152
00:22:47.190 --> 00:22:54.390
Ed Caswell: So anecdotally that's what prism access to in the public cloud that's the side of this was in prison access.

153
00:22:54.750 --> 00:23:05.220
Ed Caswell: That it does that auto scaling feature, the ability to be agile, to bring regions up around the world that you don't have today to be able to bring them up tomorrow and have them up and running so.

154
00:23:05.730 --> 00:23:14.130
Ed Caswell: that's the sales pitch anyway every way tells me to be anecdotal so security as a service i'll get back to this presentation.

155
00:23:15.990 --> 00:23:29.880
Ed Caswell: should be very straightforward right we've been doing this for years, the network as a service part of this may seem a little strange, he was Palo Alto networks so network as a service and i'm going to go on the whiteboard here in a second just take five minutes with do some white boarding.

156
00:23:31.200 --> 00:23:40.980
Ed Caswell: Our system is unique in that we are standing up an architecture that is made up of 10s of hundreds of security processing those.

157
00:23:41.580 --> 00:23:52.050
Ed Caswell: Those security processing, those are basically pan ios devices, now we have automation in scripting and orchestration that runs automatically that connects all these together.

158
00:23:52.530 --> 00:24:00.870
Ed Caswell: Throughout the public cloud environments and today is Google cloud platform and then Amazon web servers we stand up our architecture and both of those today.

159
00:24:01.740 --> 00:24:10.380
Ed Caswell: And we do all the connectivity between all those devices together what you have to do is get the traffic from either your mobile user.

160
00:24:10.980 --> 00:24:21.390
Ed Caswell: into that cloud environment and then give that mobile user access into your data centers with your private Apps or they just go up to the cloud or up to the Internet.

161
00:24:21.960 --> 00:24:37.710
Ed Caswell: Security they're logging is there the whole bit, but you have to get people connected to it that's the network as a service portion of this now three years ago, when I first started working on this, the network as a service portion.

162
00:24:38.730 --> 00:24:49.680
Ed Caswell: Was we would connect to basically any device that would provide an IP SEC tunnel anywhere Cisco juniper checkpoint.

163
00:24:52.020 --> 00:24:59.130
Ed Caswell: Every SP when vendor the south of the whole bit now the only issue with that was there was really no automation right there was no.

164
00:24:59.550 --> 00:25:05.460
Ed Caswell: Once you had to hit those devices, it was really a manual configuration some of those devices, like the silver peak St wins.

165
00:25:05.820 --> 00:25:12.900
Ed Caswell: The VIP tell St wins did have a management console and some automation, but it really didn't tie into what we do the prison.

166
00:25:13.830 --> 00:25:25.350
Ed Caswell: We acquire acquire cloud genetics, a year ago, so now called prism St when they're one of the reasons that we acquired them is they had already started building automation between prism access.

167
00:25:25.830 --> 00:25:35.760
Ed Caswell: And their St when product now they are part of us in now the network of the service includes our own St when device out there, so.

168
00:25:36.360 --> 00:25:43.710
Ed Caswell: That sassy solution network as a service and security as a service if you guys will bear with me for a second, I just want to make sure we.

169
00:25:44.370 --> 00:25:51.300
Ed Caswell: kind of drive this point home so i'm going to attempt to do a whiteboard nobody laughed at my whiteboard you skills, but I just want to get the point across.

170
00:25:52.140 --> 00:26:01.380
Ed Caswell: So, this would be prism access in the public cloud environment, what we do is in the public cloud whether it's Google or aws.

171
00:26:01.860 --> 00:26:08.580
Ed Caswell: We set up security processing those and depending on how many regions, and how larger scale is many of those.

172
00:26:09.540 --> 00:26:13.980
Ed Caswell: What we do through automation and orchestration is we connect them all together.

173
00:26:14.880 --> 00:26:23.880
Ed Caswell: And that gives the connectivity, for all these devices to talk to each other in prison access is a fully routed IP based solution meeting.

174
00:26:24.300 --> 00:26:32.160
Ed Caswell: You connect to it packets come out to us and it's fully routed internally and then externally to you as well, so.

175
00:26:32.940 --> 00:26:51.900
Ed Caswell: This is what we talked about network as a service, so we have to get your traffic to us as the mobile workstation right, this could be anywhere in 100 locations around the world IP SEC tunnel to a gateway here this gateway has access out to the Internet.

176
00:26:52.920 --> 00:27:01.800
Ed Caswell: You now have distributed Internet that you basically any one of these users can come into any one of these regions you're not back calling to your data Center for Internet traffic.

177
00:27:02.460 --> 00:27:10.170
Ed Caswell: we're setting security policy right here same security policy, you would set your data Center we're logging here to give you visibility.

178
00:27:10.740 --> 00:27:15.720
Ed Caswell: But there's no backhaul we send it right directly out to the Internet, then it comes back in.

179
00:27:16.680 --> 00:27:22.860
Ed Caswell: This is what the public cloud environment gives us right, this is what we're trying to do, but the other side of this is.

180
00:27:23.340 --> 00:27:32.280
Ed Caswell: If you are private data Center over here now that private data Center could be anything anywhere it could be in public cloud world it could be a physical data Center somewhere.

181
00:27:32.910 --> 00:27:41.670
Ed Caswell: We also give you private data set or private application access via this routed infrastructure that we built here.

182
00:27:42.390 --> 00:27:52.140
Ed Caswell: But the key point here is to realize that prison access is not a product it's an architecture it's a whole bunch of these devices that are stood up and the connectivity between them.

183
00:27:52.920 --> 00:28:02.220
Ed Caswell: So that's really what I wanted to show you on the whiteboard to show you this is what this thing is we've stop share for a second, let me go back.

184
00:28:02.850 --> 00:28:13.140
Ed Caswell: To the presentation that hopefully this starts to make sense of network as a service and security as a service so when the sassy model, this is Palo Alto networks version sassy one.

185
00:28:14.160 --> 00:28:27.180
Ed Caswell: The security processing those I showed out there that set the policy that's panel West policy if you've been working with Palo Alto networks for however many years same policy no difference we've delivered it in a cloud format.

186
00:28:29.220 --> 00:28:32.220
Ed Caswell: So, as I don't advance hang on there we go okay.

187
00:28:33.570 --> 00:28:45.300
Ed Caswell: We talked about this here we go now This also makes this quite interesting so one of the first things I saw when I first started talking is that charisma access is a security based solution.

188
00:28:45.810 --> 00:28:58.860
Ed Caswell: It is a security based solution, it was born and raised in the pan, ios environment meaning we offer all of this right, so there's an interesting point in here and zero trust network architecture.

189
00:28:59.640 --> 00:29:10.860
Ed Caswell: there's a lot of talk in the industry now ETA right is kind of the the term that's going around everybody says hey we support a cta so within Palo Alto networks.

190
00:29:11.850 --> 00:29:18.780
Ed Caswell: One of the things that customers ask me all the time, and I have a lab that I do demos on I show them connectivity show them.

191
00:29:19.470 --> 00:29:28.860
Ed Caswell: connections of the Internet, I show them logging, one of the biggest questions they asking us, can you show me a best practice for zero trust network architecture.

192
00:29:29.460 --> 00:29:36.360
Ed Caswell: And I literally have nine policies and my panelists those nine policies, let specific applications out to the Internet.

193
00:29:36.990 --> 00:29:44.190
Ed Caswell: At the very end of it to denial so really our version in in going back 10 years our version of zero trust has been.

194
00:29:44.940 --> 00:29:56.370
Ed Caswell: We have user ID we have APP lucky we have posture assessment we have all of these things that we can put into a policy if you pass those you can access to the Internet, if you don't pass those.

195
00:29:56.880 --> 00:30:05.640
Ed Caswell: You don't get access anywhere, so when we set up prism access to that automation and orchestration I talked about it is zero trust.

196
00:30:06.210 --> 00:30:14.280
Ed Caswell: Even to the to the level of policies, meaning when you first on board, which is the initial configuration prism access.

197
00:30:14.970 --> 00:30:31.050
Ed Caswell: There is no connectivity to anything, it is literally set up to be zero trust in until you start enabling access in very specifically enabling access it's zero trust, so we deliver zero trust we also do ssl decryption.

198
00:30:32.100 --> 00:30:45.510
Ed Caswell: Because we do auto scaling for mobile users and ssl decryption is a huge part of this, so, in other words, if you have 1000 users and 3000 want to, we want to join in that region.

199
00:30:46.020 --> 00:30:54.120
Ed Caswell: We watch a whole lot of things that are out there and I can't share them in a public forum but we watch a whole lot of things that are out there in those.

200
00:30:54.810 --> 00:31:04.530
Ed Caswell: Security crossing notes, we scale delivering ssl decryption and basically any policy you want to deliver out there in the security processing knows.

201
00:31:05.130 --> 00:31:16.140
Ed Caswell: We did dlp we do DNS we do firewalls a service, we also do a secure web gateway and it will talk about that in a second and then have the network service layer

202
00:31:17.100 --> 00:31:27.630
Ed Caswell: policy based forwarding meaning if it's a router solution internally, so if you want to send traffic to your data Center based on URL and a few other things you can do that.

203
00:31:28.170 --> 00:31:37.440
Ed Caswell: network as a service we're providing all of that transportation going back and forth connectivity through IP SEC vpn you can also connect to ssl vpn.

204
00:31:38.070 --> 00:31:46.680
Ed Caswell: St when we talked about, and then quality service so that's what really kind of makes a solution little bit different in that we're an IP routing solution.

205
00:31:47.970 --> 00:31:52.680
Ed Caswell: We, the use cases that we could support a really quite substantial because of that.

206
00:31:54.240 --> 00:32:05.130
Ed Caswell: This is just an example hundred plus locations of 76 countries a lot of people ask me hey How was the system really we can literally set up processing those.

207
00:32:05.850 --> 00:32:13.950
Ed Caswell: In about an hour in any one of these locations that you need to that's set up was path number one network as a service.

208
00:32:14.430 --> 00:32:24.690
Ed Caswell: Policy and logging in an hour literally if you tell me go right now in an hour, we can have a security platform up and running in a place that you don't have it today.

209
00:32:25.200 --> 00:32:32.280
Ed Caswell: And through automation it's all connected to what you want to connect to it really is an agile system, and you can connect to it in a whole lot of different places.

210
00:32:34.320 --> 00:32:42.510
Ed Caswell: Mobile users is the big one right with coven 100% 90% of my time for last year is all been around mobile users.

211
00:32:45.510 --> 00:32:50.400
Ed Caswell: Here we go right just the original thing and I touched on this a little bit in my whiteboard which is.

212
00:32:51.810 --> 00:33:02.400
Ed Caswell: And it's flexible how you want to do this, we give you the ability to distribute the Internet access, meaning if you're running in 100 different locations.

213
00:33:02.940 --> 00:33:10.770
Ed Caswell: We distribute that Internet access to 100 different locations you don't have to back all the data Center you don't have to backhaul to a regional hub.

214
00:33:11.250 --> 00:33:18.150
Ed Caswell: When you connect to that gateway you have access to the Internet, through policy, this policy is delivered locally.

215
00:33:18.810 --> 00:33:26.400
Ed Caswell: that's what we're talking about here there's no need to backhaul back to a data Center to set policy or to give yourself visibility.

216
00:33:26.820 --> 00:33:35.100
Ed Caswell: Really distributed system, all the way across so quite brilliant that way, in my humble opinion, anyway, and you get all that with auto scaling as well.

217
00:33:35.520 --> 00:33:42.660
Ed Caswell: meaning if there's an auto scaling event, if you go from 1000 users to 5000 users tomorrow, for some reason, just to throw some numbers up.

218
00:33:43.320 --> 00:34:00.150
Ed Caswell: We will stand up gateways to support that number of users, when we stand those gateways up we're setting policy and giving you logging and visibility to same time so literally you don't have to touch anything we scale up to it, and you can be rest assured that you have policy visibility.

219
00:34:02.460 --> 00:34:08.220
Ed Caswell: We talked about that as well there's a second use case not quite so pocket with the covert 19 which is.

220
00:34:09.480 --> 00:34:17.250
Ed Caswell: Really branch branch St when that connectivity it's outside of the mobile users right So if you have a branch you want to connect to this.

221
00:34:17.910 --> 00:34:26.550
Ed Caswell: it's the same policy basically right, so you connect through our IP SEC tunnel or IP SEC vpn whatever you want to call it.

222
00:34:27.120 --> 00:34:43.020
Ed Caswell: From a device to prison access meaning is not a client running on a workstation it's actually a routing solution routed over an IP SEC tunnel out to us, so there were some use cases same policy same logging same everything.

223
00:34:45.300 --> 00:34:53.700
Ed Caswell: Just and then of course the deep dive we kind of did that already I showed you the whiteboard or what that thing really is, or what this thing really is.

224
00:34:54.690 --> 00:35:00.360
Ed Caswell: The one thing I didn't talk about is management, we have a management system has been around for quite some time it's called panorama.

225
00:35:01.110 --> 00:35:07.530
Ed Caswell: A lot of people use panorama or existing Palo Alto networks customers to they use panorama to manage your firewalls.

226
00:35:08.250 --> 00:35:13.710
Ed Caswell: really what it's designed to do is set up a centralized security policy that's pushed out to all your devices.

227
00:35:14.700 --> 00:35:19.620
Ed Caswell: including all of the devices prismatic access, so if you've already set up a security policy.

228
00:35:20.220 --> 00:35:27.570
Ed Caswell: Typically, you can take that and push it out to prison access as well, and not have to manage from a different different look and feel different going that type of thing.

229
00:35:28.140 --> 00:35:33.180
Ed Caswell: We also have a cloud managed platform that we're actually selling more and more of as well.

230
00:35:33.750 --> 00:35:43.110
Ed Caswell: No need to host a management system it's actually run in the cloud it's a portal that we set up for you becoming very, very popular so.

231
00:35:43.530 --> 00:35:52.860
Ed Caswell: Especially for white space customers that are coming in, no need to set up that panorama they actually do it from the portal everything looks and feels, you have the same policy same access.

232
00:35:55.170 --> 00:35:56.580
Ed Caswell: vpn we're talking about that.

233
00:35:58.080 --> 00:36:12.660
Ed Caswell: Zero trust really talked about that as well, I can't really stress that enough, we haven't been talking about zero trust for a year we've been talking about it for 10 years, those of you that don't know us we actually have a gentleman working for us name john.

234
00:36:14.190 --> 00:36:22.080
Ed Caswell: john wrote the book originally and that argument to be made as well, but I know john i've read, I read his book in the early days.

235
00:36:22.470 --> 00:36:34.740
Ed Caswell: He was really one of the ones who who fostered and pioneered the thought of zero trust don't trust anything in the network, you know, have all traffic and and network looked at it has security policy set against it.

236
00:36:35.760 --> 00:36:40.560
Ed Caswell: So Nick how am I do want to guess time is the time for some questions now, or if I still got some time to go through.

237
00:36:40.890 --> 00:36:46.830
Nick Lewis - Internet2: you've got like I don't know five ish minutes but there's been a couple of questions that have come in and chat.

238
00:36:47.190 --> 00:36:50.220
Nick Lewis - Internet2: So maybe pause for a second and yeah.

239
00:36:50.310 --> 00:36:51.060
Ed Caswell: let's do that.

240
00:36:51.870 --> 00:36:55.350
Nick Lewis - Internet2: So there was a question in chat when you're talking about the network.

241
00:36:56.010 --> 00:37:03.180
Nick Lewis - Internet2: peering around if it's if the parents parents are as your express route or an oracle fast connect so.

242
00:37:03.450 --> 00:37:20.370
Nick Lewis - Internet2: The as part of the netflix service evaluation we did look at the network peering with present access to the Internet, using the Internet to network four campuses so you can get to tcp or he gave us know, and so we did test that but I don't know about.

243
00:37:20.490 --> 00:37:21.810
Nick Lewis - Internet2: Four is your Oracle.

244
00:37:23.490 --> 00:37:32.550
Ed Caswell: yeah so so we've done connectivity into azure I have not done Oracle I have to admit i've done all as your tcp and aws.

245
00:37:33.060 --> 00:37:41.910
Ed Caswell: In kind of the flexibility of the system is literally all it takes is an IP SEC tunnel as you're typically that IP SEC tunnel is is to a virtual gateway.

246
00:37:42.330 --> 00:37:53.220
Ed Caswell: or an MSP this running with a one of the Venus and then it's just routing from there on out it's literally just rounding in traffic flow going back and forth have done a lot of those.

247
00:37:54.420 --> 00:38:02.160
Ed Caswell: it's funny that the flexibility of the system is fantastic some folks that look at it say well it's too flexible right it's a little bit.

248
00:38:02.580 --> 00:38:05.820
Ed Caswell: You know it's a little bit complicated it's a little bit difficult to set up.

249
00:38:06.360 --> 00:38:15.030
Ed Caswell: The flexibility of the system is also like is its complication but the beauty of it is literally, there are many, as you know, neck, as you looked at it right.

250
00:38:15.330 --> 00:38:27.780
Ed Caswell: There are many, many use cases that you can use to connect as you're a positive have no issue there whatsoever Oracle i'm assuming because they'll they will terminate an IP SEC tunnel as well, but I just haven't done a personal that's all.

251
00:38:28.710 --> 00:38:30.600
Nick Lewis - Internet2: Thanks and so when we did test the.

252
00:38:31.470 --> 00:38:32.850
Nick Lewis - Internet2: Internet to network, it was.

253
00:38:35.130 --> 00:38:44.820
Nick Lewis - Internet2: Basically there's no nothing outside of outside the local network that needs to be configured by the campuses and so that they just go over their regular Internet to.

254
00:38:45.300 --> 00:38:53.940
Nick Lewis - Internet2: Network connection and they get that high speed network connection and appearance, that we can say off the commodity, so that they could say off the commodity.

255
00:38:55.410 --> 00:38:57.660
Nick Lewis - Internet2: Any other questions or comments on that.

256
00:39:02.460 --> 00:39:04.140
Nick Lewis - Internet2: And Paul did I answer your question.

257
00:39:07.110 --> 00:39:07.890
Nick Lewis - Internet2: Oh good thank.

258
00:39:09.210 --> 00:39:13.470
Rick Haugerud (U of Nebraska): You know nick's something that you might add to that, as we also spent some time managing or monitoring.

259
00:39:13.980 --> 00:39:23.340
Rick Haugerud (U of Nebraska): What the impact on those peering connections were for some of that typical traffic, so that we could provide advanced notification in case somebody was going to exceed what they had available for period.

260
00:39:24.120 --> 00:39:24.360
yep.

261
00:39:25.410 --> 00:39:28.230
Ed Caswell: yep yeah thanks yeah absolutely.

262
00:39:29.280 --> 00:39:36.090
Ed Caswell: yeah yeah and you know and and rick you bring up a really good point to which is one of the challenges that we have, especially in coven.

263
00:39:36.570 --> 00:39:43.620
Ed Caswell: is actually scaling those connections, because the requirements of those connections was just astronomical almost instantly so.

264
00:39:44.280 --> 00:39:55.440
Ed Caswell: Just keeping up with that scale and being able to to do that, but routing is routing right there are ways around that, but you have to be really familiar with routing to pull it off so yeah good point.

265
00:40:01.020 --> 00:40:03.630
Ed Caswell: what's the next one that's all.

266
00:40:03.690 --> 00:40:05.670
Nick Lewis - Internet2: that's the questions that have come in.

267
00:40:07.800 --> 00:40:09.210
Nick Lewis - Internet2: so good, and do you have any.

268
00:40:09.390 --> 00:40:12.210
Nick Lewis - Internet2: Last couple slides and then we'll any other questions.

269
00:40:14.580 --> 00:40:17.040
Nick Lewis - Internet2: yeah oh yeah sorry go ahead.

270
00:40:18.780 --> 00:40:31.140
Ed Caswell: I heard somebody yeah so no more slides um listen, as you look at these systems as you look at the sassy world literally you know everybody's got a different architecture for different reasons.

271
00:40:32.190 --> 00:40:41.520
Ed Caswell: As i'm trying to really what i'm trying to do here and what Connor and Nick have asked me to do is explain what we've done and why we've done it right and that's really what i'm trying to do here.

272
00:40:42.360 --> 00:40:54.510
Ed Caswell: I do believe in a public cloud i've been in the public cloud for about 10 years now, with a couple of different companies, including Palo Alto networks, you know I believe in public cloud there are huge advantages to using it.

273
00:40:55.890 --> 00:41:01.830
Ed Caswell: You know this summit version to public cloud, especially when it comes to security, I think a lot of that's lightening up now.

274
00:41:02.220 --> 00:41:13.170
Ed Caswell: I think a lot of folks that have had security policies were pretty hard and against public cloud are starting to look at the advantages of public cloud not saying that it fits every use case for every.

275
00:41:13.650 --> 00:41:22.560
Ed Caswell: thing that's out there, but a lot of folks initially would say no, no way no how are starting to kind of look at it and say Okay, there are some use cases that really makes sense.

276
00:41:23.070 --> 00:41:30.870
Ed Caswell: And because prison access is really transport, I think that it starts to make sense to be able to use a public cloud for secure transport.

277
00:41:31.890 --> 00:41:37.080
Ed Caswell: And just to let you know prison access to saku Type two, which is really kind of an operational.

278
00:41:37.710 --> 00:41:43.950
Ed Caswell: Compliance he as well, but we're also fed ramp atl at this point as well, which is a hardcore security.

279
00:41:44.730 --> 00:41:58.770
Ed Caswell: Compliance he as well, so trust me that core through third party audit and free third party looking at it is secure so that's just my spine yeah go ahead, Nick and it's part of the service evaluation.

280
00:41:58.770 --> 00:42:02.160
Nick Lewis - Internet2: We did look at the Palo Alto networks tech that.

281
00:42:02.760 --> 00:42:03.960
Nick Lewis - Internet2: And so we went through the.

282
00:42:04.320 --> 00:42:05.400
Nick Lewis - Internet2: That review and gave them.

283
00:42:05.400 --> 00:42:09.870
Nick Lewis - Internet2: Feedback so that's prepared for when your campus get wants to go and look at the.

284
00:42:11.310 --> 00:42:19.410
Nick Lewis - Internet2: heck fat for the netflix Palo Alto networks service to help with evaluating the security service spirit campus.

285
00:42:20.190 --> 00:42:21.120
Nick Lewis - Internet2: So it looks like.

286
00:42:21.180 --> 00:42:22.200
There was.

287
00:42:23.280 --> 00:42:24.240
Nick Lewis - Internet2: So a couple more.

288
00:42:25.440 --> 00:42:31.740
Nick Lewis - Internet2: Questions one of the things that i've heard from campuses particularly around like that you were talking in the beginning, and around the beanie to pat.

289
00:42:32.220 --> 00:42:48.060
Nick Lewis - Internet2: pandemic and the rapid move to using working from remotely using a self managed unmanaged devices was i've heard campuses talk about how do I do posture checking to see about what's the.

290
00:42:48.090 --> 00:42:49.110
Nick Lewis - Internet2: Security look like.

291
00:42:49.260 --> 00:42:50.430
Ed Caswell: On the endpoint that's.

292
00:42:50.430 --> 00:42:52.140
Nick Lewis - Internet2: Connecting to my Apps and.

293
00:42:52.140 --> 00:42:54.570
Nick Lewis - Internet2: Things like that, and the in higher ED This is where there.

294
00:42:54.600 --> 00:42:57.030
Nick Lewis - Internet2: may be a big challenge because there's lots of.

295
00:42:58.560 --> 00:43:05.280
Nick Lewis - Internet2: individually or self managed machines or non managed machines depending on your point of view.

296
00:43:05.640 --> 00:43:07.920
Nick Lewis - Internet2: And so, trying to figure out how to.

297
00:43:08.340 --> 00:43:15.870
Nick Lewis - Internet2: Understand who's connecting and what the security of the of those devices are anything any thing to say about that.

298
00:43:17.100 --> 00:43:20.520
Ed Caswell: yeah kindle blog would be proud of us talking about this just kidding.

299
00:43:21.900 --> 00:43:29.790
Ed Caswell: You know it's an interesting conversation it's almost religion, I am literally brought into consult with people with customers every day.

300
00:43:30.300 --> 00:43:45.480
Ed Caswell: And one of the first questions that everybody comes up to me and says is hey why a client why vpn client it's agent it's clunky people are moving away from that why a client a client brings things to the party and one of them is posture assessment.

301
00:43:46.680 --> 00:43:50.160
Ed Caswell: We do run with a GP a client with our global protect clients.

302
00:43:51.300 --> 00:44:02.790
Ed Caswell: In it does do posture assessment, it does it actually quite well we do the entire oh sweet, what is it 1700 objects now, I think that are pre program plus you can do custom objects as well.

303
00:44:04.140 --> 00:44:13.950
Ed Caswell: If you read, if you read kinvara or if you follow his blog at all, one of the things he talks about zero trust it's not just the traffic flows and what's going on it's also the device right.

304
00:44:14.700 --> 00:44:22.920
Ed Caswell: I believe, someone old time security guy I believe in posture assessment know who is connecting to your network and what they've got under system right.

305
00:44:23.280 --> 00:44:29.100
Ed Caswell: If it's wide open if there's no there's no firewall if it hasn't been patched in 20 years.

306
00:44:29.850 --> 00:44:37.170
Ed Caswell: And maybe not so much right and that's what the posture assessment gives that so in the prison access world right we run a client.

307
00:44:37.620 --> 00:44:44.640
Ed Caswell: We when GP we also offer client list but, quite frankly, best practice, at least for me is to run the client the GP client.

308
00:44:45.090 --> 00:44:55.170
Ed Caswell: That gives you that posture assessment, you can go to any level you want with that and I really believe that that's part of the zero trust network architecture as well, so there you go there's my soapbox.

309
00:45:01.830 --> 00:45:16.860
Nick Lewis - Internet2: Actually excellent thanks, and so, then there's another follow up comment from Paul about the about the peering just be clear universities are leveraging Internet to as a kind of at the various cloud providers yep totally understand that using their existing hearing and they don't.

310
00:45:17.070 --> 00:45:19.050
Nick Lewis - Internet2: You don't need to set up something specific.

311
00:45:20.220 --> 00:45:28.650
Nick Lewis - Internet2: For express route direct connect physical connections to utilize the period, the Internet to has in place with Palo Alto networks.

312
00:45:29.460 --> 00:45:32.220
Nick Lewis - Internet2: And so that's what some campuses are doing.

313
00:45:32.700 --> 00:45:34.740
Nick Lewis - Internet2: Express route direct connect or.

314
00:45:35.100 --> 00:45:49.110
Nick Lewis - Internet2: Internet to cloud connect as part of using dedicated connections for sending their data Center and other things like that, but that's outside of the that that's not something you need to do for the necklace Palo Alto.

315
00:45:50.250 --> 00:45:52.560
Nick Lewis - Internet2: Networks charisma access connections.

316
00:45:54.600 --> 00:45:57.750
Nick Lewis - Internet2: Any other questions from the group.

317
00:46:00.720 --> 00:46:02.640
Ed Caswell: Great questions, by the way, phenomenal.

318
00:46:06.570 --> 00:46:14.760
Hunter Ely - Palo Alto Networks: Nick I wanted to uh well, we got a little moment here, I wanted to just put rick haggard on the spot and to see him on the call I won't.

319
00:46:15.240 --> 00:46:18.960
Hunter Ely - Palo Alto Networks: I won't put too much on the spot rate, but I just want to get sort of a general.

320
00:46:19.020 --> 00:46:20.940
Ed Caswell: If you're ready, yes, sir.

321
00:46:22.140 --> 00:46:30.090
Hunter Ely - Palo Alto Networks: It you get your general sense of how your transition went from your you know, whatever your old solution was to prison access just.

322
00:46:30.540 --> 00:46:43.740
Hunter Ely - Palo Alto Networks: I think it's important this Community now i'm going to know you know the capabilities that we bring to bear here but but really you know again back to the mission how how was that transition, and you know let's let's hear it sort of warts and all.

323
00:46:45.210 --> 00:47:00.000
Rick Haugerud (U of Nebraska): I think the first thing I would offer is that it wasn't plug and play there was some fairly significant customization that needed to happen, specifically because of how we had engineered our on premise solution for years, we were using.

324
00:47:02.040 --> 00:47:04.080
Rick Haugerud (U of Nebraska): Some technologies in our our.

325
00:47:05.400 --> 00:47:16.440
Rick Haugerud (U of Nebraska): Identity and access management portfolio like grouper to put people in specific groups to try to enforce some segmentation from the remote access side and prevent.

326
00:47:18.570 --> 00:47:25.080
Rick Haugerud (U of Nebraska): Certain customer sets of getting the things that they didn't need to get to and so when we went to to deploy this in the cloud it just.

327
00:47:26.130 --> 00:47:31.170
Rick Haugerud (U of Nebraska): created a need for some more engineering in conversation around how much of that did we want to replicate.

328
00:47:32.730 --> 00:47:42.090
Rick Haugerud (U of Nebraska): Where we're going to meet the needs of some of those groups on campus one of them was fire life safety, you know, obviously didn't want anybody to be able to remotely access any of their stuff if they weren't.

329
00:47:43.170 --> 00:47:53.160
Rick Haugerud (U of Nebraska): A member of their staff, but once we got through that we've been migrating people for probably about the last 90 days, I think the first group we reached out to was.

330
00:47:53.760 --> 00:48:02.460
Rick Haugerud (U of Nebraska): A set of about 30 to 40 distributed it folks that belong in the academic colleges on the three campuses that we support and just ask them to.

331
00:48:03.090 --> 00:48:20.130
Rick Haugerud (U of Nebraska): To go out to some of the most frequent users and have them download the client and access it and and go about their day and see that all the things that they needed to do could still happen and for the most part we've we've made very few alterations once we got through.

332
00:48:21.390 --> 00:48:23.910
Rick Haugerud (U of Nebraska): Some of the addressing that we were struggling with.

333
00:48:25.200 --> 00:48:26.070
Rick Haugerud (U of Nebraska): And so I think we've.

334
00:48:27.600 --> 00:48:41.970
Rick Haugerud (U of Nebraska): we're about 1000 thousand users left to migrate them they've got till June 30 probably 750 of those are wait till July, first to download the new client if if norm stay the same as they do with any other kind of an it change project.

335
00:48:43.050 --> 00:48:47.190
Rick Haugerud (U of Nebraska): But our trouble ticket traffic has been pretty small there have been a few.

336
00:48:49.260 --> 00:48:55.590
Rick Haugerud (U of Nebraska): Few in consistencies with browsers that people are using that aren't quite up to date, that when they're session.

337
00:48:57.180 --> 00:48:59.190
Rick Haugerud (U of Nebraska): Either times out because the machine goes to sleep.

338
00:49:00.270 --> 00:49:08.130
Rick Haugerud (U of Nebraska): It doesn't automatically restart and we've been able to work through most of those pretty quickly so anytime I reach out to our health services group.

339
00:49:08.850 --> 00:49:23.670
Rick Haugerud (U of Nebraska): To get an update on the kinds of tickets they're they're seeing there there's a they have to work to find the ones that they found are are pretty easy fixes that take care of themselves when they update to it was browsers and newest versions of operating systems.

340
00:49:27.150 --> 00:49:35.370
Hunter Ely - Palo Alto Networks: awesome thanks rick, I just wanted to get your perspective sort of unvarnished that we can we can understand you know that we all have these challenges, when we move to a new system, but I.

341
00:49:35.790 --> 00:49:46.350
Hunter Ely - Palo Alto Networks: was very nice to have that story out there, as a follow up to that and and I apologize, I will need to drop off this meeting here in a minute, but i'll leave in others capable hands but.

342
00:49:47.970 --> 00:50:05.370
Hunter Ely - Palo Alto Networks: As a follow up to that have you have you seen other processes related to the way you were doing vpn network that have become easier simpler changed in a more into a more modern way because you've been moved moved to this platform or you've moved to this methodology remote access.

343
00:50:07.980 --> 00:50:09.300
Rick Haugerud (U of Nebraska): say that again I was typing in the chat.

344
00:50:09.900 --> 00:50:16.920
Hunter Ely - Palo Alto Networks: Hello sorry I was gonna say, have you seen Have you had other processes that were more complex.

345
00:50:17.220 --> 00:50:26.340
Hunter Ely - Palo Alto Networks: That you you've been able to let fall away or tools that you had that you've had to manage that fall away so you've been able to sort of simplify in a way, I just want to get your thoughts around that.

346
00:50:27.300 --> 00:50:29.610
Rick Haugerud (U of Nebraska): I think I think we have you know, we had.

347
00:50:30.630 --> 00:50:35.400
Rick Haugerud (U of Nebraska): For probably the last five years we've really focused on pushing out full tunnel encryption to all of our users and.

348
00:50:35.880 --> 00:50:43.920
Rick Haugerud (U of Nebraska): And many of them that were doing any work from home wanted to have split tunnel, because they were doing gaming or or whatever else, but we were also struggling with.

349
00:50:44.430 --> 00:50:52.890
Rick Haugerud (U of Nebraska): You know faculty and professional staff that were traveling that weren't really comprehending some of the risks of using free public publicly available wi fi.

350
00:50:53.430 --> 00:50:59.700
Rick Haugerud (U of Nebraska): And what that might do to them when all of their traffic was unencrypted so you know, we had really pushed for this full tunnel.

351
00:51:00.540 --> 00:51:14.970
Rick Haugerud (U of Nebraska): The first thing our Community pushed us to do, once we started talking about going full remote was what go ahead and turn into this split tunnel and we didn't want to do that, and so, while we were able to maintain that after a couple of bumps with her on campus services.

352
00:51:16.680 --> 00:51:18.990
Rick Haugerud (U of Nebraska): prism access gave us the opportunity to provide.

353
00:51:20.310 --> 00:51:26.730
Rick Haugerud (U of Nebraska): That split testing service it met an immediate need of our campus Police Office, where they were having a conflict between their body cameras.

354
00:51:27.360 --> 00:51:35.970
Rick Haugerud (U of Nebraska): That were running on the universities private network and then their access to the State patrol criminal database that they had to be on the State patrols.

355
00:51:37.200 --> 00:51:52.920
Rick Haugerud (U of Nebraska): Secure network and the minute we were able to bring up a prison access we could create both of those tunnels both encrypted met both parties requirements and they were happy, as can be those were the first 50 customers that we had on the production service probably.

356
00:51:54.090 --> 00:51:56.160
Rick Haugerud (U of Nebraska): Probably mid year about mid year last year.

357
00:51:57.330 --> 00:51:58.830
Rick Haugerud (U of Nebraska): So I think that was super helpful.

358
00:52:02.490 --> 00:52:04.260
So thanks right thanks.

359
00:52:05.880 --> 00:52:17.490
Nick Lewis - Internet2: So just the last couple slides to tell you about the program and the getting ready for our next call so we've got a couple ways for you to participate in the Program.

360
00:52:18.030 --> 00:52:23.850
Nick Lewis - Internet2: We of course want you to sign up for the net plus Palo Alto service and to come for the.

361
00:52:24.450 --> 00:52:34.740
Nick Lewis - Internet2: contract and pricing stay for the Community that community is that the part that we're going to be working together to try to build and help each other share best practices and how to.

362
00:52:35.520 --> 00:52:44.910
Nick Lewis - Internet2: solve our Community problems and then we'll be there's you can join the net plus advisory board that open summer open and net plus subscribers.

363
00:52:45.330 --> 00:52:49.650
Nick Lewis - Internet2: will be starting in that plus Palo Alto networks advisory board as the program matures.

364
00:52:50.280 --> 00:52:55.380
Nick Lewis - Internet2: we've got a number of working groups that are open to the Community.

365
00:52:55.710 --> 00:53:05.550
Nick Lewis - Internet2: Then we've got options for volunteering for service evaluations direct recommends team and now their service validation campuses without you volunteering and your campus volunteering.

366
00:53:05.910 --> 00:53:18.660
Nick Lewis - Internet2: For service evaluations, we don't have we can bring in new services, and so we need your active engagement and bringing new services and engaging in in the Community, keeping everything fresh and alive.

367
00:53:19.470 --> 00:53:31.950
Nick Lewis - Internet2: And then we've got a number of it online virtual events that spans the gamut of topics and then we've got future net plus Palo Alto networks Community calls.

368
00:53:35.580 --> 00:53:44.250
Nick Lewis - Internet2: And we've got a wiki and the Community email list and our next call is on July 15 and we'll be talking about.

369
00:53:45.750 --> 00:54:01.950
Nick Lewis - Internet2: The cloud native security and here's the next call us to that is on xdr than I security automation then we'll do a wrap up and then we're talking about something potentially on threat intelligence and then make then an open.

370
00:54:02.820 --> 00:54:10.200
Nick Lewis - Internet2: topic in December, so if you have any questions for future calls or for the anything else that we talked about today, please feel free to reach out to me.

371
00:54:12.060 --> 00:54:28.200
Nick Lewis - Internet2: If you have any questions or the Palo Alto team and here's our contact information and thanks for put for chime in and comments in chat around the Internet to networks and thanks for your time are going to pull up next month, thank you bye.