In earlier posts, I have described how virtual services can be best deployed on a separate UCS-based appliance running NX-OS. The Nexus 1100 series are dedicated platforms for hosting virtual service nodes that run in a virtual machine, rather than taking up valuable resources on application servers, and allow for easier manageability by the networking and security teams (rather than the server team). Read More »
We had to dig further, past our initial meetings internally and determine what would make this particular story unique from previous ones we have told this year. As it turns out, we had plenty of material to share but three really good shows done earlier, now provide great context for appreciating the innovation we talk about in this one.
So topically, Security in the Data Center is an easy hit of course. It almost sounds like an Oxymoron as many are convinced it is some kind of insurmountable obstacle. Nothing could be further from the truth. It seems to top many lists. [Watch 'Defending the Data Center' Right Now.]
As Cisco broadens the tool set with new models and deployment options, we broke this one down along party lines:
Cisco is unveiling a new beefed up line of virtual services appliances this week called the Nexus 1100 series, the next generation of our Nexus 1010 appliances. These virtual service appliances are integral to the deployment of scalable virtual security and management nodes in the data center, for offloading application servers from running virtual service modules, and for empowering the networking team to retain control of network and security policies in a platform that they manage.
VNMC 2.0 is a template-driven policy management tool that is now bundled with Cisco Virtual Security Gateway (VSG) and Cisco ASA 1000V Cloud Firewall. This new release now has expanded capabilities to configure the security of your virtual cloud environment. Because VNMC 2.0 is such a step up from prior releases, and fewer people are familiar with its functionality, this is going to be a bit longer of a post than usual (but with lots of screen shots).
Let’s take a look at some of the key VNMC features and how it works with the two virtual firewalls:
Resource Objects for ASA 1000V
Cisco VNMC abstracts the devices it manages. As part of provisioning, devices are configured to point to Cisco VNMC for policy management. Cisco VNMC discovers all devices and lists them under the Resources pane. In addition to the ASA 1000V, the Resources pane has other resources such as Cisco VSGs, VSMs, and VMs.
Virtualization news continues to move to the forefront as we head towards the start of VMworld in San Francisco. Last week we unveiled the upcoming Nexus 1000V 2.1 major release here. Perhaps the biggest news on the virtual security front is the availability last week of the ASA 1000V Cloud Firewall (download a free trial here). We’re also announcing special introductory pricing on the ASA 1000V of 50% off the list price, which also includes our new Virtual Network Management Center (VNMC) 2.0. Other promotional pricing bundles are available as well.
We’re excited about the ASA 1000V because it brings virtually all the features of our physical ASA appliances to virtual environments, providing greater consistency across the physical, virtual and cloud domains, however your applications are deployed. The ASA 1000V will primarily be deployed to protect tenants in a multi-tenant cloud environment with traditional edge security services including VPN, NAT, attack prevention and DHCP. This will complement our Virtual Security Gateway (VSG) firewall which has greater visibility to VM-specific policy attributes, and will be used to isolate VM-VM traffic within a tenant.
Both ASA 1000V and VSG use vPath 2.0 in the new Nexus 1000V to steer appropriate traffic to the right firewall, or other virtual service nodes, in the right sequence, while automatically keeping policies consistent and the service paths properly configured after vMotion events. And the ASA 1000V comes bundled with the new Virtual Network Management Center (VNMC) 2.0 that we announced this week as well, for easy management and deployment of virtual security policies.
But since there’s still a lot to do prepping for this week’s activities, like #v0dgeball, I’ll wrap up here and let Jimmy Ray from TechWiseTV share some of his thoughts on ASA 1000V and VSG (and remember, if you are around #VMworld this week, give us a shout out on twitter using Cisco hash tag #ciscovmw or to me @gkinghorn).: