Cisco has just released a customer case study (PDF) of CareCore National, a 1200 person healthcare insurance company located in South Carolina. CareCore’s use case demonstrates how Cisco’s Virtual Security Gateway (VSG) for the Nexus 1000V can be used in a virtualized data center to logically isolate virtual machines running on shared application servers to meet compliance requirements.
The CareCore IT team needed an efficient way to isolate training server VMs from production server VMs. The training VMs and production server VMs belong to the same network domain, so isolating training VMs previously required four pages of security rules, based on source and destination IP addresses. Enforcing firewall security policies based on VM attributes instead of IP addresses would lower management overhead and the risk of configuration error.
CareCore National significantly simplified firewall security policies by creating logical trust zones using the Cisco Virtual Security Gateway (VSG) for the Cisco Nexus 1000V Switch. “The Cisco VSG met our VM security needs, and its VM-aware rule engine allowed us to re-think the way we write security policies,” says William Moore, executive vice president and chief technology officer for CareCore National.
CareCore applications are hosted on a private cloud built with Vblock Infrastructure Platforms, which include Cisco UCS B-Series Blade Servers, Cisco Nexus 7010 at the backbone, and Cisco Nexus 1000V Distributed Virtual Switches at the access layer. Doctors and nurses access CareCore’s decision-support systems to obtain prior authorization for procedures such as magnetic resonance imaging (MRI).
As a result of using VSG to create VM-oriented policies, CareCore greatly simplified their security policies, increased their flexibility in migrating applications between resources, lowered server costs, and reduced the time to deploy servers and applications. As I discussed in an earlier blog post, Forrester Research shows that the market is going in the direction of virtual security solutions to address the unique compliance requirements and virtualization challenges of mission critical applications. CareCore National is an exciting example of this trend and the benefits organizations can achieve as a result.
On the heels of the CareCore case study, LightReading.com has also done a test of VSG in a typical three-tier web scenario and released the analysis here. The Executive Summary indicated, “Cisco’s Virtual Security Gateway successfully applies policies between virtual machines, and continues to do so as VMs are migrated from hardware to hardware.”
As we announced earlier this week, the new VSG release 1.3 includes several new features including support for VXLAN and the ability to separate the VSG firewall from protected VMs over a layer 3 network to support cloud networks and to achieve greater deployment flexibility. With visibility to VM-specific attributes, what policies would you be able to enforce with VSG in your environment?