TrustSec - Secret Weapon for Flattening Networks
Ever feel like Doctor Evil? You know those scenes where the ‘secret weapon’ is about to be revealed? Am a personal fan of Sharks with Laser Beams on their foreheads… but notwithstanding those are hard to get into the office on Tuesday afternoons I’ll settle for today’s secret weapon- Cisco TrustSec.
Colin McNamara did a quick write-up on his blog here. that talks a bit about how TrustSec works to provide a layer of abstraction between the users address and the users security policy. (editorial note: you can replace user with server, application, VM, etc)
Why is this important? Well remember the good ol’ days? Not back so far as to when we walked along train-tracks with BB Guns whistling ‘Stand By Me’ but more the days when we used the 3rd Octet of the subnet to equal the VLAN number which in turn mapped to the HSRP group number and then mapped to the subinterface number in a classic campus design? Those days were simple! We didn’t have 15-500 different groups of security with segmentation rights and per-user policy and such.
TrustSec helps us get back to that simple concept of building the network you need with the addressing structure you want, then overlaying hte right policy and segmentation implementation in a scalable and manageable way.
This means you can build a flatter network. One where we could all be on the same subnet, yet have differentiated policies. This then lends itself very easily to a world of VM portability where the security policy moves with the VM.
Thus, the secret weapon 
Thoughts? I’ll be interested to hear the feedback as people ‘cowboy up’ and try this technology out in labs and such…
dg
Posted by Douglas Gourlay at 03:20PM PST
Cisco Around the Web