We had to dig further, past our initial meetings internally and determine what would make this particular story unique from previous ones we have told this year. As it turns out, we had plenty of material to share but three really good shows done earlier, now provide great context for appreciating the innovation we talk about in this one.
So topically, Security in the Data Center is an easy hit of course. It almost sounds like an Oxymoron as many are convinced it is some kind of insurmountable obstacle. Nothing could be further from the truth. It seems to top many lists. [Watch 'Defending the Data Center' Right Now.]
As Cisco broadens the tool set with new models and deployment options, we broke this one down along party lines:
Cisco is unveiling a new beefed up line of virtual services appliances this week called the Nexus 1100 series, the next generation of our Nexus 1010 appliances. These virtual service appliances are integral to the deployment of scalable virtual security and management nodes in the data center, for offloading application servers from running virtual service modules, and for empowering the networking team to retain control of network and security policies in a platform that they manage.
Cisco customers deploying Nexus 1000V virtual switches as the foundation for their virtual networks and virtual overlays typically deploy the Virtual Supervisor Module (VSM), the virtual switch’s management plane, in the Nexus 1100, along with some combination of Virtual Security Gateway (VSG) firewalls, virtual Prime Network Analysis Modules (NAM), Data Center Network Manager (DCNM) for both LAN and SAN networks, and soon, even the Imperva SecureSphere Web Application Firewall (WAF). The Nexus 1100 is a UCS-based appliance for hosting the service VM’s, but it runs the NX-OS operating system, so it can be managed like a network device and retains policy controls for the networking team. Read More »
As VMworld swings into high gear on a bright Monday morning in San Francisco (well it promises to be bright, once the sun comes up here), we continue our series on the virtualization product updates we are unveiling this week (see earlier news on the new Nexus 1000V and the ASA Cloud Firewall). One of the exciting new components of our Nexus 1000V virtualization stack is the Cisco Virtual Network Management Center (VNMC) 2.0, part of the Intelligent Automation portfolio.
VNMC 2.0 is a template-driven policy management tool that is now bundled with Cisco Virtual Security Gateway (VSG) and Cisco ASA 1000V Cloud Firewall. This new release now has expanded capabilities to configure the security of your virtual cloud environment. Because VNMC 2.0 is such a step up from prior releases, and fewer people are familiar with its functionality, this is going to be a bit longer of a post than usual (but with lots of screen shots).
Let’s take a look at some of the key VNMC features and how it works with the two virtual firewalls:
Resource Objects for ASA 1000V
Cisco VNMC abstracts the devices it manages. As part of provisioning, devices are configured to point to Cisco VNMC for policy management. Cisco VNMC discovers all devices and lists them under the Resources pane. In addition to the ASA 1000V, the Resources pane has other resources such as Cisco VSGs, VSMs, and VMs.
Virtualization news continues to move to the forefront as we head towards the start of VMworld in San Francisco. Last week we unveiled the upcoming Nexus 1000V 2.1 major release here. Perhaps the biggest news on the virtual security front is the availability last week of the ASA 1000V Cloud Firewall (download a free trial here). We’re also announcing special introductory pricing on the ASA 1000V of 50% off the list price, which also includes our new Virtual Network Management Center (VNMC) 2.0. Other promotional pricing bundles are available as well.
We’re excited about the ASA 1000V because it brings virtually all the features of our physical ASA appliances to virtual environments, providing greater consistency across the physical, virtual and cloud domains, however your applications are deployed. The ASA 1000V will primarily be deployed to protect tenants in a multi-tenant cloud environment with traditional edge security services including VPN, NAT, attack prevention and DHCP. This will complement our Virtual Security Gateway (VSG) firewall which has greater visibility to VM-specific policy attributes, and will be used to isolate VM-VM traffic within a tenant.
Both ASA 1000V and VSG use vPath 2.0 in the new Nexus 1000V to steer appropriate traffic to the right firewall, or other virtual service nodes, in the right sequence, while automatically keeping policies consistent and the service paths properly configured after vMotion events. And the ASA 1000V comes bundled with the new Virtual Network Management Center (VNMC) 2.0 that we announced this week as well, for easy management and deployment of virtual security policies.
But since there’s still a lot to do prepping for this week’s activities, like #v0dgeball, I’ll wrap up here and let Jimmy Ray from TechWiseTV share some of his thoughts on ASA 1000V and VSG (and remember, if you are around #VMworld this week, give us a shout out on twitter using Cisco hash tag #ciscovmw or to me @gkinghorn).:
Nothing sits around and gets stale for long at Cisco (outside the break rooms anyway). On the heels of shipping our Nexus 1000V 1.5.2 release earlier this week (which you can download from here), we are ramping up to show the upcoming generation of the virtual switch next week at VMworld in San Francisco. This new major release 2.1 will be going into beta in October, and will represent a quantum leap in ease of deployment and management, as well as greater security for cloud environments.
vCenter Plug-in – Provides a holistic view of the virtual network to the server administrator from within VMware vCenter. A Nexus 1000V dashboard in vCenter shows the virtual supervisor module (VSM) and virtual ethernet module (VEM) details, such as VSM health status, license information, PNIC information, connected VM’s, et al.
Support for Cisco TrustSec -- Extends Cisco TrustSec security solutions for network-based segmentation of users and physical workloads to virtual workloads, leveraging Security Group Tags (SGT) for defining security segments. Data center segmentation and consistent security policy enforcement can now be implemented across physical and virtual workloads.
Cross Data Center High-availability – Supports split Active and Standby Nexus 1000V Virtual Supervisor Modules (VSMs) across two data centers to implement cross-DC clusters and VM mobility while ensuring high availability. In addition, VSM’s in the data center can support VEM’s at remote branch offices. Read More »
