In part one of our series on Cisco’s Secure Data Center Strategy, we did a deeper dive on segmentation. As a refresh, segmentation can be broke into three key areas. The first, the need to create boundaries is caused because perimeters are beginning to dissolve and many environments are no longer trusted forcing us to segment compute resources, the network and virtualized attributes and environments. Along with segmenting physical components, policies must be segmented by function, device, and organizational division. Lastly, segmenting access control around networks and resources whether they are compute, network, or applications offers a higher level of granularity and control. This includes role-based access and context based access. Ensuring policy transition across the boundaries is of primary concern. To learn more on segmentation go here.
Today we will dive deeper into Cisco’s security value-add of threat defense.
Technology trends such as cloud computing, proliferation of personal devices, and collaboration are enabling more efficient business practices, but they are also putting a strain on the data center and adding new security risks. As technology becomes more sophisticated, so are targeted attacks, and these security breaches, as a result, are far more costly. The next figure is from Information Weeks 2012 Strategic Security Survey and illustrates top security breaches over the previous year.
Read More »
Tags: Cisco ASA, cisco firewall, Cisco Security, cisco sio, Cisco UCS, cloud, data center, data center security, DC, firewall, intrusion prevention, IPS, it security, network security, pci-dss, security, server, threat defense, virtual, virtualization
Last week Cisco announced several new products in it’s Defending the Data Center launch. These included the Cisco Adaptive Security Appliance Software Release 9.0, Cisco IPS 4500 Series Sensors, Cisco Security Manager 4.3, and the Cisco ASA 1000V Cloud Firewall, adding enhanced performance, management, and threat defense capabilities. Core to this launch was also Cisco’s new strategy for developing Secure Data Center Solutions, a holistic approach similar to what Cisco previously did with Secure BYOD. This new strategy integrates Cisco security products into Cisco’s networking and data center portfolio to create validated designs and smart solutions. Organizations that lack bandwidth and resources or the know how to test and validate holistic designs can simply deploy template configurations based on pre-tested environments that cover complete data center infrastructures. These designs enable predictable, reliable deployment of solutions and business services and allow customers infrastructures to evolve as their data center needs change.
In developing this strategy we interviewed numerous customers, partners and field-sales reps to formulate the role of security in the data center and how to effectively get to the next step in the data center evolution or journey, whether you are just beginning to virtualize or have already advanced to exploring various cloud models. Three security priorities consistently came up and became the core of our strategy of delivering the security added value. They are Segmentation, Threat-Defense and Visibility. This blog series, beginning with segmentation, will provide a deeper dive into these three pillars.
Segmentation itself can be broken into three key areas. Perimeters are beginning to dissolve and many environments are no longer trusted, forcing us to segment compute resources, the network, and virtualized environments to create new boundaries, or zones. Along with segmenting physical components, policies must include segmentation of virtual networks and virtual machines, as well as by function, device, and logical association. Lastly, segmenting access control around networks and resources whether they are compute, network or applications offers a higher level of granularity and control. This includes role-based access and context based access. Let’s discuss even deeper.
Read More »
Tags: Cisco ASA, cisco firewall, Cisco Security, Cisco UCS, cloud, data center, data center security, DC, firewall, intrusion prevention, IPS, it security, network security, pci-dss, security, server, virtual, virtualization
Cisco continues its cloud computing performance leadership with the announcement of Industry’s First VMware vSphere 5.1 Benchmark Result published on September 5th 2012.
With this world-record-setting 8-node VMware VMmark 2.1 score of 42.79@36 tiles, Cisco UCS is best in performance, best in scalability, and the result is the first to incorporate VMware vSphere 5.1—all critical contributors to effective cloud computing environments.
UCS has established many records for Cisco and for the industry with this benchmark result.
- Cisco is best in performance, with a result more than double HP’s best result of 18.27@18 tiles.
- Cisco is best in scalability, outperforming Fujitsu’s result of 36.07@36 tiles by more than 18 percent.
- The Cisco UCS results show that eight 2-socket Cisco UCS B200 M3 servers outperform four 4-socket Fujitsu servers, contradicting the conventional wisdom that vertical scaling outperforms horizontal scaling.
- Cisco is the first to publish VMmark benchmark results on VMware vSphere 5.1, demonstrating the speed at which Cisco UCS can adapt to support new environments and surpass the competition
Read More »
Tags: Benchmark Performance, Cisco UCS Performance, cloud, performance, virtualization, VMware VMmark 2.1
It’s no secret that enterprise data centers are in a state of transformation – they always are. There’s a constant need to scale data center operations to meet the seemingly insatiable demand for connection and throughput speeds, as well as the number of concurrent sessions. In fact, experts anticipate that these performance demands will increase by as much as 30X over the next few years. While that statistic alone is remarkable enough, that’s just part of the story. Adding to the dramatic changes is the trend toward virtualization – with over half of all workloads expected to be virtualized by next year; and the fact that employees currently use an average of more than three mobile devices to access enterprise networks.
All of these trends are fundamentally changing data center operations today. And while the obvious impact of these changes is the need for performance scalability to meet the increasing demands, they also inherently change how data centers are secured. It’s this second impact that is often overlooked. While security is certainly important to data center administrators, it isn’t their only concern. Oftentimes their primary focus is maintaining business-IT alignment and avoiding chokepoints that can degrade performance and jeopardize their SLAs. As a result, security is frequently put on the backburner while the entire operation continues to upscale – opening the door to the perfect storm for a major security breach.
Unfortunately, most security products are “bolted on” as an afterthought, so they’re not capable of meeting the robust and dynamically changing needs of enterprise data centers. But Cisco handles security very differently than the rest of the industry. By leveraging the SecureX Architecture, Cisco security solutions are built into the network fabric. 70 percent of the world’s Internet traffic and 35 percent of the world’s email traffic flows through Cisco networks, putting Cisco in the best position to see and proactively protect against threats before they affect customers’ networks. Cisco gains intelligence from throughout the network to enable more informed security decisions, and has used that intelligence to integrate security throughout the network infrastructure to provide comprehensive policy enforcement.
To this end, today Cisco made a series of product announcements that help provide modern data centers with what they need to remain secure, while enabling them to meet their business needs:
- Cisco ASA Software Release 9.0, which is a major release of the core operating system which powers the entire line of ASA security appliances, adding data center-class performance and next-generation firewall capabilities
- The Cisco ASA 1000V Cloud Firewall, a new multi-tenant edge firewall that uses the same base ASA code that runs the physical ASA appliances, but is optimized for virtual and cloud environments
- Cisco IPS 4500 Series Sensors, a new series of standalone enterprise-class IPS appliances that provide up to 10 Gbps of IPS throughput in a single blade –four times the performance density of the closest competitor
- Cisco Security Manager 4.3, which delivers several important capabilities for up to an 80% improvement in operational efficiency, as well as northbound APIs that enable customers to more efficiently deploy comprehensive security solutions
With these new product announcements, in addition to the rest of the SecureX Architecture, Cisco makes security a deployment decision, just like the rest of your network, with consistent security that enables policies to work throughout hybrid environments – physical, virtual, and cloud. Because we’re part of the network fabric, rather than a bolted-on point product vendor, we deliver security when, where, and how you need it to deliver a flexible, comprehensive security solution. As a result, Cisco can provide high levels of network security, while enabling enterprise data centers to maintain business-IT alignment and avoid chokepoints that can degrade performance and jeopardize SLAs. And since we enable one layer of security policies to work throughout the hybrid environment, we provide a high level of security while significantly decreasing complexity.
For more information, please visit http://www.cisco.com/go/securedc.
Tags: ASA, cloud, data center, firewall, network security, security, Virtual Security Gateway, virtualization
It’s no secret that Cisco Unified Computing Sytem (UCS) has had some tremendous success in terms of customer adoption. In just three short years, UCS is nipping at the heals of IBM for the #2 spot for Worldwide x86 blade server revenue with 15.2% market share, compared to IBM’s 15.4%. In fact, Cisco now has over 15,000 customers that have moved from legacy architectures to a more “Unified” approach, combining compute, network and storage access into a single, easy to manage solution.
So what’s missing?
Well, believe it or not, until now it was relatively hard to do business with Cisco. Quoting and ordering took days instead of minutes. Well Cisco is changing that with the release of its new online presence called “Cisco Build and Price“, offering direct access to blade server pricing and rack server pricing.
A Simple Approach to Building and Pricing Cisco UCS Servers
Read More »
Tags: blade server, cloud, Cloud Computing, data center, server, server pricing, UCS, unified computing system