Cisco Blogs


Cisco Blog > Security

Securing Linux Based Products With CSDL

The theme for this year’s SecCon was “Building on a Foundation of Security.” The breadth of topics discussed that are relevant to being a trusted vendor and producing trustworthy products is quite significant. Naturally many of the discussions revolved around the Cisco Secure Development Lifecycle (CSDL), Cisco’s approach to building secure products and solutions. As Graham Holmes mentioned in a recent blog post, CSDL takes a layered approach, with one of the key components being the security of the underlying operating system. As a standard part of the development process, Cisco’s product teams implement a comprehensive set of CSDL requirements to harden the base OS. These requirements were created not only by leveraging Cisco’s significant in-house security expertise, but also drawing from best practices available in the industry.

In keeping with the theme of SecCon 2012, we have decided to publish these foundational OS security requirements to enhance the knowledge of our partner ecosystem, and advance the industry as a whole. As of today, Cisco is releasing two documents that have been an integral part of CSDL: “Linux Hardening Recommendations For Cisco Products” and “Product Security Baseline Linux Distribution Requirements.” Read More »

Tags: , , , , ,

Accelerate UNIX to Linux Migrations with FlexPod – RedHat Summit 2012

June 27, 2012 at 5:30 am PST

Over the past years, with the growing success of UCS, the partnership between Cisco and Redhat  has been stronger and stronger. Cisco is a Gold Sponsor of the RedHat Summit 2012 in Boston, and the UCS platform has been once more again praised on stage in front of the 3000 participants . During his keynote address yesterday SAP Sybase’s Irfan Khan, senior vice president and chief technology officer, announced that  in two-tier SAP Sales and Distribution (SD) standard application benchmarks, Red Hat Enterprise Virtualization and its Kernel-based Virtual Machine (KVM) hypervisor running the SAP ERP 6.0 application achieved leading performance results  running on… Cisco UCS  servers *.

If UCS attracts more and more SAP customers, the Oracle customers can also rely on this platform to gain significant performances and reduce cost as they migrate from a Risc migration environment to Cisco UCS .Check the blogs from Cisco Timothy Stack on this topic.

One of the best way to achieve this migration from Unix to Linux, is certainly in deploying a solution such as Flexpod, presented at RedHat Summit 2012 by NetApp, which is a Silver Sponsor (see NetApp activities here) -- So I ask  Jon Benedict  (@CaptainKVM) , oVirt board member and NetApp Sr Virtualization Solutions Architect to share with us what Flexpod can provide in this context.

“Anyone who has had to maintain a rigid, outdated infrastructure knows it’s a time-consuming and painful process. Prior to joining NetApp I was a Red Hat solution architect and led a mainframe migration project for a large financial services company running both Red Hat Enterprise Linux (RHEL) and Solaris. We were confronted with an issue that impacted both platforms; getting the issue resolved with Red Hat and the newer Solaris versions was relatively straightforward but custom-tweaked applications running on older, end of life platforms required a ridiculously expensive per system financial investment. A key outcome of the project was the requirement that the IT team create a plan for migrating older Solaris-based applications from UNIX to Linux.

FlexPod would have been a great way to handle this, but unfortunately this project was pre-FlexPod.

The Cisco Unified Computing System represents an ideal computing platform for Linux-based applications while the joint collaboration between Cisco, NetApp and Red Hat is key to accelerating this type of transition. Instead of just upgrading servers and the operating system, our pre-validated FlexPod data center platform enables you to modernize your infrastructure holistically with an integrated solution including Cisco UCS servers, Cisco Nexus switches, and NetApp FAS storage. As my marketing guys love to say, “It’s a platform capable of meeting your needs today and scaling to meet your needs in the future.”  Like me, the comment looks fluffy but it’s solid.

Read More »

Tags: , , , , ,

2010+ networking software: how to open up, how to speed new ideas to market

June 15, 2012 at 4:46 am PST

The onePK announcement Ric describes in the previous blog entry is game changing. It also intersects a trend which has gone fairly unnoticed in the networking standards areas. The importance of new standards is declining relative to advances in software and hardware. Read More »

Tags: , , , , , ,

Cisco Open Source Conference 2012

We’ve held our annual Cisco Open Source event this week, on May 1st in San Jose. I’m very impressed to see the large turnout and the ultra positive feedback after the keynote and 5 tracks on Linux, SDN, Big Data, Emerging Technologies and Community Development. Wonderful to see Irving Wladawsky-Berger from IBM, Jim Zemlin from the Linux Foundation, Simon Crosby from Bromium and the great discussions that ensued. Next time we’ll have to open this event up to more than just one afternoon, there is just so much open collaboration that is taking place. My thanks to our track leads, Michael Hein who helped me put together the Linux track, Jan Medved and Dave Ward on SDN, Mark Voelker and Ed Warnicke on Big Data, Fabio Maino and Flavio Bonomi on Emerging Technologies, and Peter Saint-Andre for the Community Management and Tools — these guys have already left their mark on timeless and enduring open standards, but it’s amazing to see how good they are in open source!  We’ll have to post the key takeaways in these next blog entries, for now to all those of you who came, contributed and enjoyed this event, we salute you! Open at Cisco is a vibrant and growing community.

Tags: , , , ,

Hiring Linux Kernel hackers

April 22, 2012 at 7:02 pm PST

Just in case you didn’t see my tweet: my group is hiring!

We need some Linux kernel hackers for some high-performance networking stuff.  This includes MPI and other verticals.

I believe that the official job description is still working its way through channels before it appears on the official external Cisco job-posting site, but the gist of it is Linux kernel work for Cisco x86 servers (blades and rack-mount) and NICs in high performance networking scenarios.

Are you interested?  If so, send me an email with your resume — I’m jsquyres at cisco dot com.

Tags: , ,