Luxembourg-based CETREL Uses Nexus 1000V to Ease Virtual Network Administration
For today’s post, I’m very pleased to introduce our guest blogger, Vincent Rosolen, a Cisco Sales Engineer in Luxembourg, who developed a brief Nexus 1000V case study of his customer, CETREL, the largest PCI payment card services vendor in the country. CETREL speaks highly of the ability of the Nexus 1000V to return administrative controls to the network policy team, as well as the consistency in managing and deploying Nexus 1000V with other Cisco physical network gear (all running NX-OS).
Before I turn it over to Vincent, this is probably a good reminder that the beta version of Nexus 1000V for Microsoft Hyper-V is now widely available to practically anyone who wants to evaluate it. For more details, if you missed it, check out my recent blog or the Nexus 1000V community page for more details. And now, over to Vincent…
CETREL is the leading actor in the PCI sector in Luxembourg, serving the complete electronic payment value chain from the cardholder to the merchant accepting electronic payments.
Member of Swiss SIX Group, CETREL is investing in new applications to support its business growth into an international market. CETREL is also active in the sector of IT Services, supporting the Luxembourg Financial Industry with infrastructure and application management services.
Over recent years, Intel architecture servers, be it under Windows or Linux OS, have taken over a growing part of CETREL’s server workload. To optimize IT infrastructure and control costs, most of these ix86 servers are deployed as VMWare virtual machines.
As CETREL operates in a highly regulated environment (PCI-DSS and local governance requirements), security and operational procedures are two primary concerns. In a traditional VMWare deployment, however, the VMWare operator, typically the Systems team, controls all aspects of server connectivity and networking. Hence the separation of duties between Systems and Networking or Security teams cannot be enforced.
To make matters worse, the typical virtual switch implementation in VMWare lacks most of the features required for operational robustness and security enforcement, like advanced QoS mechanisms, access lists, ERSPAN, etc.
To regain control of server networking in a virtualized deployment, Michel Lanners, Associate Director and Head of Client/server & Networking at CETREL, turned to Cisco’s Nexus 1000V virtual switch.
“The Nexus 1000V virtual switch has allowed us to set all VMNICs to default disabled. Thus, the Systems team cannot connect servers to the network without our help. In addition, we now have the complete feature set of Cisco’s NX-OS available on the virtual switches, which makes my network engineers immediately comfortable in configuring the Nexus 1000V virtual switch. They feel at home with all their beloved commands and tools available to them.”
— Michel Lanners, Associate Director, CETREL
The Nexus 1000V has allowed the network security team to tighten VM access control while preserving agile operations in terms of VM deployment, by regaining the separation of duties mandated for compliancy.
At the same time, the Nexus 1000V is the foundation on which CETREL will be able to build future virtualized services in the datacenter. Indeed, an increasing number of datacenter IT functions, be it firewalls, load balancers or other security devices, are offered in a virtual appliance form factor. Implementing these virtual appliances would not have been possible without a virtual switch in the hands of the Network team.Tags: