I recently interviewed Mike Geller, a 15-year Cisco veteran and a security architect, who focuses on securing infrastructure, devices, and services delivered by service and cloud providers to governments, enterprises, and end users. I asked Mike to discuss three key feature sets that firewalls should have today to enable users to securely access the applications in the data center. This topic is very timely as application control is quite the “in vogue” topic.

#1: Network Integration

Mike takes the position that security is an attribute of the network versus a siloed, bolt-on element. With applications delivered from a combination of the cloud, service provider or hosted data center (the on premise data center at the enterprise or the mobile endpoint), security is pervasive across all domains. Integrating security into the network fabric that is used to deliver key business applications is the only way to offer services at the size and scale of today and tomorrow. How do you approach full integration of security?  Let’s break it down.  Read More »

Tags: application aware routers, ASA, ASA 1000V, byod, cloud, data center, firewall, integrated security, network integration, secure infrastructure, SecureX, security

This week, as part of a major cloud launch that also introduced the Nexus 6000 series and updates to our Cisco ONE portfolio, Cisco unveiled its Nexus 1000V InterCloud solution, which provides a seamless and secure extension of virtual networks from on-premises data centers to cloud service providers. In part 1 of our introductory blog series to this new technology, we discussed the architecture and components of Nexus 1000V InterCloud for creating secure, on-demand virtual private cloud (VPC) containers in a hybrid cloud.  In a pre-launch post earlier in January, we looked at some new Forrester research data on hybrid cloud business drivers and how some organizations were looking to overcome the challenges to real hybrid cloud integration. Today, in part 2 of our InterCloud series, we are going into more depth about the hybrid cloud management component, Virtual Network Management Center (VNMC) InterCloud.

VNMC InterCloud provides a single pane view of VM and cloud resources across the on-premises resources and those at the cloud provider. It interfaces to orchestration tools and service provider management systems, as well as virtual machine managers.

Read More »

Tags: ASA 1000V, Cisco ONE, Hybrid Cloud, Intelligent Automation for Cloud, Microsoft SCVMM, Nexus 1000V InterCloud, vCenter, Virtual Network Management Center, Virtual Security Gateway, VNMC InterCloud, vsg

After we announced the Free and Advanced Editions of the new Nexus 1000V release in October we were inundated with beta requests. Well, we are excited to announce that new version is now GA and available for download ahead of schedule. Note that this initial GA version currently runs only on VMware’s hypervisor, but versions for other hypervisors are coming.

Cisco’s newest release of the Nexus 1000V greatly improves the effort of installing, upgrading and managing the virtual switch fabric.  New management features like the vCenter plugin and vTracker help monitor the virtual network by both the system administrator and the server administrator.  The enhanced upgrade process and the intstaller app simplify deployments.  Redundancy across datacenters is greatly enhanced by the introduction of support for virtual supervisor module (VSM) pairs in remote datacenters.  Moreover, there is also an option in this release to extend the data center to branches, with support for branch virtual Ethernet modules (VEMs).

Nexus1000V is a feature-rich Cisco virtual switch that is now available in both Essential and Advanced editions.  The Advanced version has the option of an annual technical support contract for $174 per CPU socket. The no-cost Essential edition has the option of a technical support contract for $39 per CPU socket. These support contracts provide excellent Cisco TAC help, 7x24, providing all the help and advice needed for maintaining your virtual network environment.

Existing customers of Nexus 1000V who have already purchased a license for the 1.x release will automatically upgrade to the ver 2.1 Advanced Edition (see my earlier Freemium Edition Q&A post).  They can download the software from CCO and re-use their existing licenses. They will also be upgraded with the Virtual Security Gateway (VSG) license at no-cost.

Not only that, there are promotionally priced bundles of Nexus 1000V and the ASA 1000V Cloud Firewall, starting at $2495 for 1 CPU (including Nexus 1000V Advanced Edition with VSG, ASA 1000V and Virtual Network Management Center).

In addition to these major benefits and new features, Nexus 1000V is the foundation for our programmable virtual network overlays within our Cisco ONE platform for network programmability. VXLAN, which we discuss a lot in this forum, forms the secure overlay tunnels, and the Nexus 1000V virtual supervisor module (VSM) will be programmable with OpenStack Quantum and other API’s in future releases as part of our SDN strategy.

As always, stay tuned to this space for more details, tutorials, tips and news on the Nexus 1000V virtual switch and Cisco’s virtual networking infrastructure.

Tags: ASA 1000V, Nexus 1000v, Virtual Security Gateway, vsg

[See Also: Follow-Up Q&A on Freemium Pricing Model]

[Update 11/26/12: the free Nexus 1000V virtual switch is available for download from here.]

Following on the heels of the announcement of our Nexus 1000V 2.1 release last month, Cisco is today announcing a new pricing and packaging strategy for its flagship virtual switch portfolio. Starting with that new 2.1 release, which is now in beta, we will have two editions of the Nexus 1000V, an Essential Edition and an Advanced Edition. The Nexus 1000V Essential Edition will be available for free, plus a nominal annual support fee, in a move that we believe will encourage customers and our partners to proliferate what has already become the most popular virtual switch in the industry with over 6,000 customers to date.

The Nexus 1000V Essential Edition provides all the rich Layer-2 networking features to connect virtual applications to the network and integrate into VMware environments, including: VXLAN capability, Cisco vPath service insertion, integration with vCloud Director, and a plug-in for management and monitoring in VMware’s vCenter Server. This free version will enable rapid, low-risk adoption of Cisco’s virtual network technology environments.

The Advanced Edition, priced at $695 per CPU, the same price as the current 1.5 release, includes:

• The Cisco Virtual Security Gateway (VSG) for Nexus 1000V, a virtual firewall with visibility to virtual machine attributes for building sophisticated compliance policies, and logical trust zones between applications (VSG was previously sold as a separate product).
• Support for advanced capabilities, such as DHCP snooping, IP Source Guard, Dynamic ARP inspection and Cisco TrustSec Security Group Access (SGA).

Read More »

Tags: ASA 1000V, Cisco ONE, Cisco TrustSec, KVM, Nexus 1000v, Nexus 1100, OpenStack, SDN, virtual network overlays, Virtual Security Gateway, vPath, vsg, VXLAN, Xen

Cisco partner Imperva formally announced plans this week to deploy and host their SecureSphere Web Application Firewall (WAF) on the Nexus 1010 and 1110 Virtual Service Appliances. The SecureSphere WAF will be the first third party virtual service available on the Cisco virtual service appliances, joining Cisco virtual services such as the Virtual Security Gateway (VSG), the ASA 1000V Cloud Firewall, virtual Network Analysis Module (vNAM), Data Center Network Manager (DCNM), and the Nexus 1000V Virtual Supervisor Module (VSM).

In earlier posts, I have described how virtual services can be best deployed on a separate UCS-based appliance running NX-OS. The Nexus 1100 series are dedicated platforms for hosting virtual service nodes that run in a virtual machine, rather than taking up valuable resources on application servers, and allow for easier manageability by the networking and security teams (rather than the server team).  Read More »

Tags: ASA 1000V, Cloud Firewall, Data Center Network Manager, DCNM, Imperva, Network Analysis Module, Nexus 1000v, Nexus 1100, pci, SecureSphere, UCS, Virtual Security Gateway, virtual services appliance, vsg, Web Application Firewall