In a blog post earlier this year, I highlighted the Nexus 1010-X virtual services appliance announced at Cisco Live! in London, and why virtual services can be best deployed on a separate UCS-based appliance running NX-OS. The Nexus 1010 and 1010-X are dedicated platforms for hosting virtual service nodes, like the Nexus 1000V virtual supervisor module (VSM), virtual firewalls, and our virtual network analysis module (NAM). All these services run in virtual machines on the Nexus 1010, rather than taking up valuable resources on application servers, and allow for easier manageability by the networking and security teams (rather than the server team).
Continuing on the same theme, this week at Cisco live! San Diego (my how time flies between these shows!), web application firewall (WAF) manufacturer, Imperva, announced that their SecureSphere WAF would soon be available on the Cisco Nexus 1010-X virtual services appliance (Q4 CY 2012). This is the first third-party virtual service announced on either the Nexus 1010 or 1010-X appliance, and provides additional security capabilities on top of Cisco’s virtualization infrastructure for cloud applications.
By moving the WAF from the application server to a virtual services appliance, the virtual solution will provide separation of duties between the security administrator and server administrators, while offloading security processing from application servers to a dedicated appliance. Maintaining separation of duties is a key objective of many compliance initiatives, including the Payment Card Industry (PCI) Data Security Standard specification, e.g.
The solution will help organizations secure their virtualized infrastructure with Imperva’s SecureSphere Web Application Firewall along with Cisco’s Virtual Security Gateway (VSG), Network Analysis Module (NAM) and Data Center Network Manager (DCNM), all of which can be hosted on a single Nexus 1010-X appliance platform (or, better yet, an HA fault-tolerant pair). Up to 10 virtual service modules can be deployed on the more beefy Nexus 1010-X. IT administrators will now be able to utilize Cisco Nexus 1010-X more effectively across multiple networking services, while simplifying operational processes across the server and network security teams.
SecureSphere WAF provides protection against a variety of web-based attacks, including the Open Web Application Security Project (OWASP) Top Ten attacks, such as SQL Injection, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The Imperva WAF does not compete with any Cisco products since we discontinued our own ACE web application firewall in 2010. The Imperva WAF will only be available from Imperva, not through Cisco sales or channels. For more detailed information on the Imperva WAF and the new Nexus 1010 version, check out their announcement (http://blog.imperva.com/2012/06/imperva-c.html).