Cisco Blogs


Cisco Blog > Security

Repackage or Reimagine? Virtualization and the Potential for a New Security Regime

I started my professional life using a mainframe. Back then the people running the mainframe world were known as the “data center guys.” These guys had a certain DNA combination that created an expanding waistline, a retreating hairline, a belt buckle the size (and shape) of Texas, and a penchant for big iron. This crowd ruled the data center for a long time, but virtualization in the data center is now driving a radical shift that seems to be changing everything.

Instead of having an application running on a dedicated tower of hardware power, apps are now free from the limitations of the infrastructure underneath. Hardware is evolving rapidly into dynamic blocks of utility computing (and storage and networking) that can be standardized, widely deployed, and efficiently utilized. This change is good news, as it can cut data center costs by 50 percent or more. If the big iron crowd from the mainframe days doesn’t adopt this fundamental shift, they’ll be hanging up their Texas belt buckles in the computer museum next to the punch card, the VAX, and a replica of the ILLIAC.

The same shift is also happening with security. Since most security products are primarily software based, it is not much of an effort to repackage these products as “virtual security.” But merely repackaging security products misses the point. Today’s security architecture was built at a time when the workplace was very different than it is today. End users would come into the office and work on a PC, which sat on a desk and was connected by a wire to a port on the wall. At this time, the IP address was a pretty good proxy for the user’s identity. And applications would each run on their own tower of power—hardware that was often running in a unique data center rack or racks. Therefore segmenting the data center in this era was relatively easy; it was based on IP address ranges and, later, on virtual LANs (or VLANs).

But the workplace of today (and tomorrow) looks very different. We’re no longer tied to a specific lump of hardware. We expect to access our apps in the cloud from any device, at any time, from anywhere. Therefore the IP address is a less useful means of defining data center boundaries.

We need a new capability that allows the security team to maintain its meaningful policy enforcement capability, while enabling that policy to be relevant across all infrastructure—physical and virtual. An important nuance here is that the policy should be consistently enforced across physical infrastructure as well as across virtual infrastructure from any virtualization vendor. This level of enforcement requires special access to the hypervisor. Without this access, a virtual security solution can’t see traffic between two virtual machines (VMs).

How the various security vendors plan to address hypervisor access is still an open question. And how that question gets answered is significant—and is likely to reshape the security vendor landscape.

So as we consider various virtual security solutions, simply repackaging today’s security software as a VM running in a cluster of other VMs is extremely uninteresting. Instead we must reimagine the way that we build and deploy security solutions. How do we bridge the policy model from today’s hardware-based firewalls to the virtual firewalls of tomorrow? How can we maintain a separation of duties, so that security policy definition is separate from traditional network operations? And how will we orchestrate all of these components in the dynamic, nimble data center of tomorrow? These are not small issues. But of course, that’s what makes my job fun.

Tags: , ,

Two Partners Offer Advice on How to Drive Sales with the Cius and AppHQ

“Use it. Know it. Sell it.” That’s what Ken Snyder, emerging technology solutions manager at partner CDW, has to say about the Cisco Cius, the ultra-portable enterprise tablet that’s changing the way that businesses work.

With its integrated Wi-Fi, 4G data, 720p HD video, and interoperability with Cisco TelePresence systems, not to mention its inclusion of one-click access to WebEx meetings and AppHQ, the new application ecosystem built specifically for Cius, the Cius can be a powerful tool that can help customers collaborate and work from remote locations, both seamlessly and securely.

The Cius enables multiple opportunities for partners to drive sales, offer professional services and expand their customer base, according to Richard McLeod, Cisco’s senior director of collaboration sales in the Worldwide Partner Organization. He says there are opportunities for partners to upgrade their customers’ networks, particularly since it cuts across Cisco’s technology architectures: Collaboration, Data Center and Virtualization, and Borderless Networks.

And that’s definitely what I heard when I chatted with Ken, as well as with Steve Reese, director of solutions marketing for partner Nexus IS, Inc., about their experiences using the Cius and selling it to customers. Ken and Steve also offered advice to partners looking to include in the Cius in their portfolio.

Seamless Team Communications, Anywhere Read More »

Tags: , , , , , , , , , ,

Cloudy With a Chance of Data Center Savings

Ah, weather – one of life’s multi-purpose tools.  Conversation filler (“Quite the weather we’re having.”), alleged indicator of world’s end and source of inspiration for comic book writers to empower heroes and villains alike.

Weather can also be a Data Center’s best friend.  Solar energy can be harvested to help generate power, for instance, such as is happening at Cisco’s Data Center in Allen, Texas.  (Look for the 100 kW solar array on the right side of the Data Center’s roof.)  Wind energy as well.  Rainwater can even be collected for cooling system usage or to irrigate landscaping.

Read More »

Tags: , , , , , , , ,

Virtual Desktops: To Brazil and Back

I must confess, the first time I heard about virtual desktop infrastructure it made me think of a scene from the 1985 movie Brazil.  (The movie is old enough that I trust I’m not spoiling anything here.  If it’s sitting in your Netflix queue and you don’t want anything revealed, though, skip the next paragraph.)

In the scene Sam Lowry, the movie’s main character, struggles to work at his too-small desk that adjoins a nearby wall.  The desk shifts, and begins to retract into said wall, causing Sam to yank mightily on it in hopes of recovering some usable desk space.  After a brief tug of war, he discovers the source of the problem.

Fortunately, that’s not how virtual desktop technology truly works.

This week’s Data Center Deconstructed question raises the issue of how to determine the ratio of physical servers to virtual desktop instances.  As my meandering thoughts of Brazil indicate, I’m not your go-to guy for such information.  Ashok Rajagopalan, a product manager in Cisco’s Server Access Virtualization Technology Group, steps in to addresses the topic.

Tags: , , , , , ,

IDC Commentary on Service Provider Cloud Service Opportunity

Summers tend to be a bit cool in San Francisco, but acceptance of Cisco’s Unified Service Delivery (USD) solution by Service Providers searching for the best path to cloud is heating up. We’re excited at the progress so far – including recent records set by the Cisco Unified Computing System (UCS) which just placed 3rd globally in the x86 blades category in a recent IDC report. A little over two years ago people questioned Cisco’s entry into the compute segment of the data center. The large number of Cisco customers have proven that innovation that brings new levels of efficiency to the data center wins out every time. We’re proud of our customers and the services they’re bringing to market more quickly using the Cisco USD solution and its key foundation technologies like Cisco UCS.

Industry analysts are also seeing a need for an end-to-end solution like Cisco USD and noting the importance of resource optimization, management consolidation, service improvements, and cost reduction as fundamental tenets of efficient cloud service delivery.

Below is a short video commentary by IDC analyst, Courtney Munroe, VP, Worldwide Telecommunications. Courtney talks about the market challenges SPs face and how they can benefit from a transition to Cloud-delivered services. Pay special attention to the core things he believes SPs must address for Cloud: virtualized fabric for the computing platform in the data center, how the data center and the network work together and security across the entire delivery chain.


Cloud Services: Challenges and Opportunities for Service Providers

Read More »

Tags: , , , , , , , , , ,