In part one of our series on Cisco’s Secure Data Center Strategy, we did a deeper dive on segmentation. As a refresh, segmentation can be broke into three key areas. The first, the need to create boundaries is caused because perimeters are beginning to dissolve and many environments are no longer trusted forcing us to segment compute resources, the network and virtualized attributes and environments. Along with segmenting physical components, policies must be segmented by function, device, and organizational division. Lastly, segmenting access control around networks and resources whether they are compute, network, or applications offers a higher level of granularity and control. This includes role-based access and context based access. Ensuring policy transition across the boundaries is of primary concern. To learn more on segmentation go here.
Today we will dive deeper into Cisco’s security value-add of threat defense.
Technology trends such as cloud computing, proliferation of personal devices, and collaboration are enabling more efficient business practices, but they are also putting a strain on the data center and adding new security risks. As technology becomes more sophisticated, so are targeted attacks, and these security breaches, as a result, are far more costly. The next figure is from Information Weeks 2012 Strategic Security Survey and illustrates top security breaches over the previous year.
Last week Cisco announced several new products in it’s Defending the Data Center launch. These included the Cisco Adaptive Security Appliance Software Release 9.0, Cisco IPS 4500 Series Sensors, Cisco Security Manager 4.3, and the Cisco ASA 1000V Cloud Firewall, adding enhanced performance, management, and threat defense capabilities. Core to this launch was also Cisco’s new strategy for developing Secure Data Center Solutions, a holistic approach similar to what Cisco previously did with Secure BYOD. This new strategy integrates Cisco security products into Cisco’s networking and data center portfolio to create validated designs and smart solutions. Organizations that lack bandwidth and resources or the know how to test and validate holistic designs can simply deploy template configurations based on pre-tested environments that cover complete data center infrastructures. These designs enable predictable, reliable deployment of solutions and business services and allow customers infrastructures to evolve as their data center needs change.
In developing this strategy we interviewed numerous customers, partners and field-sales reps to formulate the role of security in the data center and how to effectively get to the next step in the data center evolution or journey, whether you are just beginning to virtualize or have already advanced to exploring various cloud models. Three security priorities consistently came up and became the core of our strategy of delivering the security added value. They are Segmentation, Threat-Defense and Visibility. This blog series, beginning with segmentation, will provide a deeper dive into these three pillars.
Segmentation itself can be broken into three key areas. Perimeters are beginning to dissolve and many environments are no longer trusted, forcing us to segment compute resources, the network, and virtualized environments to create new boundaries, or zones. Along with segmenting physical components, policies must include segmentation of virtual networks and virtual machines, as well as by function, device, and logical association. Lastly, segmenting access control around networks and resources whether they are compute, network or applications offers a higher level of granularity and control. This includes role-based access and context based access. Let’s discuss even deeper.
It’s that time of year again. Time to gather new supplies and prepare for the inevitable dodgeball match. Sure, it is the start of the school year, but also VMworld 2012! Find Cisco at Booth 1213 and beyond. Here’s what’s happening:
Have you ever been behind the wheel of your car moving at 5 mph? Visualize this: as I wait patiently for my turn to merge onto Interstate 880 N, based on the honor system because there is no meter, a brightly colored Fiat rolls by on the left shoulder. A few seconds later, a Smart Car inches up and squeezes itself between my car and the narrow right shoulder passing me as well. The Smart Car has a bumper sticker that says “Please don’t hit me. I’m not sure about my coverage.” Hmm…
Now that you’re probably done giggling at my experience, let’s analyze the scenario above. Designing a network of highways takes a lot. A smart highway system not only reduces congestion and prevents collision, but also provides expedient information, such as signage and speed sensors, to improve driver response times. Civil engineers consider more than just current traffic and road conditions when they design highway systems. They also consider how to scale for the future, taking into account urbanization, seasonal factors, and future uncertainties such as mini cars. Sound familiar?
Many of the design and management considerations for an Internet wide area network—such as bandwidth management, application response time, and centralized control—are similar to highway system design.
Cisco continues its cloud computing performance leadership with the announcement of VMware® VMmark™ 2.1 benchmark result published on July 10th 2012.
The Cisco UCS B200 M3 Blade Server’sscore of 11.30@10 tiles on the VMware VMmark 2.1 benchmark outperforming all other 2-socket blade servers. The world-record score demonstrates how well a system’s servers, network, and storage components support virtual machine movement, storage migration, and virtual machine provisioning.
First generation VMmark (VMmark 1.x) was a server consolidation workload. It measured how many VMs that can be run on a single server. VMmark 2.x is the next generation benchmark from VMware that was introduced in December 2010. The VMmark 2.1 benchmark uses a tiled design that incorporates six real-world workloads to determine a virtualization score. Then it factors VMware vMotion, Storage vMotion, and virtual machine provisioning times to determine an infrastructure score. The combination of these scores is the total benchmark score. Because Cisco UCS is a truly unified system, it delivers both virtualization and infrastructure performance.