It’s no secret that enterprise data centers are in a state of transformation – they always are. There’s a constant need to scale data center operations to meet the seemingly insatiable demand for connection and throughput speeds, as well as the number of concurrent sessions. In fact, experts anticipate that these performance demands will increase by as much as 30X over the next few years. While that statistic alone is remarkable enough, that’s just part of the story. Adding to the dramatic changes is the trend toward virtualization – with over half of all workloads expected to be virtualized by next year; and the fact that employees currently use an average of more than three mobile devices to access enterprise networks.
All of these trends are fundamentally changing data center operations today. And while the obvious impact of these changes is the need for performance scalability to meet the increasing demands, they also inherently change how data centers are secured. It’s this second impact that is often overlooked. While security is certainly important to data center administrators, it isn’t their only concern. Oftentimes their primary focus is maintaining business-IT alignment and avoiding chokepoints that can degrade performance and jeopardize their SLAs. As a result, security is frequently put on the backburner while the entire operation continues to upscale – opening the door to the perfect storm for a major security breach.
Unfortunately, most security products are “bolted on” as an afterthought, so they’re not capable of meeting the robust and dynamically changing needs of enterprise data centers. But Cisco handles security very differently than the rest of the industry. By leveraging the SecureX Architecture, Cisco security solutions are built into the network fabric. 70 percent of the world’s Internet traffic and 35 percent of the world’s email traffic flows through Cisco networks, putting Cisco in the best position to see and proactively protect against threats before they affect customers’ networks. Cisco gains intelligence from throughout the network to enable more informed security decisions, and has used that intelligence to integrate security throughout the network infrastructure to provide comprehensive policy enforcement.
To this end, today Cisco made a series of product announcements that help provide modern data centers with what they need to remain secure, while enabling them to meet their business needs:
Cisco ASA Software Release 9.0, which is a major release of the core operating system which powers the entire line of ASA security appliances, adding data center-class performance and next-generation firewall capabilities
The Cisco ASA 1000V Cloud Firewall, a new multi-tenant edge firewall that uses the same base ASA code that runs the physical ASA appliances, but is optimized for virtual and cloud environments
Cisco IPS 4500 Series Sensors, a new series of standalone enterprise-class IPS appliances that provide up to 10 Gbps of IPS throughput in a single blade –four times the performance density of the closest competitor
Cisco Security Manager 4.3, which delivers several important capabilities for up to an 80% improvement in operational efficiency, as well as northbound APIs that enable customers to more efficiently deploy comprehensive security solutions
With these new product announcements, in addition to the rest of the SecureX Architecture, Cisco makes security a deployment decision, just like the rest of your network, with consistent security that enables policies to work throughout hybrid environments – physical, virtual, and cloud. Because we’re part of the network fabric, rather than a bolted-on point product vendor, we deliver security when, where, and how you need it to deliver a flexible, comprehensive security solution. As a result, Cisco can provide high levels of network security, while enabling enterprise data centers to maintain business-IT alignment and avoid chokepoints that can degrade performance and jeopardize SLAs. And since we enable one layer of security policies to work throughout the hybrid environment, we provide a high level of security while significantly decreasing complexity.
Virtualization news continues to move to the forefront as we head towards the start of VMworld in San Francisco. Last week we unveiled the upcoming Nexus 1000V 2.1 major release here. Perhaps the biggest news on the virtual security front is the availability last week of the ASA 1000V Cloud Firewall (download a free trial here). We’re also announcing special introductory pricing on the ASA 1000V of 50% off the list price, which also includes our new Virtual Network Management Center (VNMC) 2.0. Other promotional pricing bundles are available as well.
We’re excited about the ASA 1000V because it brings virtually all the features of our physical ASA appliances to virtual environments, providing greater consistency across the physical, virtual and cloud domains, however your applications are deployed. The ASA 1000V will primarily be deployed to protect tenants in a multi-tenant cloud environment with traditional edge security services including VPN, NAT, attack prevention and DHCP. This will complement our Virtual Security Gateway (VSG) firewall which has greater visibility to VM-specific policy attributes, and will be used to isolate VM-VM traffic within a tenant.
Both ASA 1000V and VSG use vPath 2.0 in the new Nexus 1000V to steer appropriate traffic to the right firewall, or other virtual service nodes, in the right sequence, while automatically keeping policies consistent and the service paths properly configured after vMotion events. And the ASA 1000V comes bundled with the new Virtual Network Management Center (VNMC) 2.0 that we announced this week as well, for easy management and deployment of virtual security policies.
But since there’s still a lot to do prepping for this week’s activities, like #v0dgeball, I’ll wrap up here and let Jimmy Ray from TechWiseTV share some of his thoughts on ASA 1000V and VSG (and remember, if you are around #VMworld this week, give us a shout out on twitter using Cisco hash tag #ciscovmw or to me @gkinghorn).:
What is vPath? Well, if VXLANs can set up secure tunnels over a shared, multi-tenant virtual network, vPath is a feature of the Nexus 1000V virtual switch that can redirect traffic to virtual application services before the switch sends the packets down into the virtual machine. Very important stuff, but how does it do that? I find that my blog posts are more popular the less I type, and the more I embed cool TechWiseTV videos that illustrate the concept, so I’m dusting off this classic from the TWTV team on just how vPath does that with our Virtual Security Gateway (VSG). Take it away Robb…
Mobility enables the extension of IT resources and application availability to anytime, anyplace, any way. Initially people thought that the “mobility movement” was just hype; however, it is definitely a reality, as it has become ubiquitous with efficiency. All of these new devices and social applications are bringing potential security risks to the enterprise and public sector organizations. The threat landscape ranges from potential data leakage to lost and stolen devices that may contain corporate and private information.
The question now is how can we address the customers’ challenge of enhancing productivity without compromising network security. Cisco’s AnyConnect Secure Mobility Client and the Cisco ASA 5500 Series Adaptive Security Appliances enable desktop and mobile users to connect to the corporate network, giving access to the network from any device based on comprehensive secure access policies. Cisco AnyConnect Secure Mobility Client works in conjunction with Cisco’s IronPort Web security appliance, the Cisco ASA appliance, and also provides integration with ScanSafe, an in-the-cloud Web security solution.