Cisco Blogs


Cisco Blog > Data Center and Cloud

VSG: Vive la difference! A Tutorial for HP

One of the things I admire about Cisco marketing, and I think generates a lot of respect for us from our customers, is how we approach competitive marketing. Most importantly, we hardly ever do it. Sure, we arm our sales teams with specific comparison data, but it’s rare we feel the need to compare ourselves publically or to bash competitors. When you bash a competitor, it really only serves to give them credibility, and highlights that they must be doing something important to occupy your mindshare, or that of your customer’s.  Occasionally though, we are faced with not only having to take the gloves off a little more, but responding to the inevitable FUD that gets thrown our way.

This brings us to a blog post written by HP about Cisco’s Virtual Security Gateway (VSG), which unfortunately contains a number of inaccuracies and misrepresentations of our product that we have to clear up.

Let’s start with this example:

Cisco has a product called the Virtual Security Gateway (VSG) for the Nexus 1000V Series. It is a virtual firewall that lets you enforce policy and segmentation virtual environments. All associated security profiles are configured to include trust-zone definitions and access control lists (ACLs) or rules. They also support VM mobility when properly configured. If there’s one thing the company is good at, it is those good-old ACLs developed back in the early 90s!

The strength of VSG’s firewall capabilities is its awareness of the virtual machine environment, and specifically the ability to write firewall rules based on the attributes of the virtual machine, attributes such as the NAME of the VM. This gives tremendous power to establish policies in virtual environments, such as logically isolating tenants running on the same machine, or separating VMs based on operating system or application type in virtual desktop environments, a use case I wrote about earlier. To imply VSG is enforcing good-old ACL’s from the 90’s is disingenuous at best. Read More »

Tags: , , , ,

Short note on Cisco – VMware joint solutions demos at Cisco Live

At Cisco Live earlier today, I had opportunity to talk with my very good friend Sean Gilbert (VMware’s Global Technical Alliance Manager for Cisco) about all the cool stuff that VMware is showcasing in their booth at Cisco Live. I was particularly interested in the demos and Cisco specific integration that will help our joint customers accelerate journey to private and hybrid clouds.

I was impressed with what I heard and thought it would be nice to share the highlights of the conversation I had with Sean. Here it is…should not be more than 5 minutes read :)

Read More »

Tags: , , , , , ,

Now Available – CVD Deployment Guide for enabling Enhanced Secure Multi-Tenancy on FlexPod

Last week Cisco, VMware, and NetApp published a very detailed CVD deployment guide to further simplify and accelerate the deployments of Enhanced Secure Multi-Tenancy (ESMT) solution on FlexPod for VMware. ESMT is a key FlexPod add-on feature that allows secure hosting and protection of virtualized data centers for multiple tenants on the same, shared FlexPod infrastructure. Availability, Secure Separation, Service Assurance, and Management are the key foundational pillars of the ESMT architecture. Each of these pillars is enabled by innovative technologies from Cisco, NetApp, and VMware.

Read More »

Tags: , , , , , , , , , , , , , , ,

Cisco Virtual Machine Fabric Extender (VM-FEX) and Cisco VIC

What is VM-FEX? VM-FEX is the consolidation of the virtual switch and physical switch into a single management point.

This sounds funny to say, but it amazes me how many people still use standard VMware vSwitches.  In the enterprise there are just too many things that can be missed on standard vSwtiches and we need consistency. This consistency is obvious when port group names need to match identically or vMotion will fail. Last time I went through the VMware vSphere: Install, Configure, Manage class we were working on the standard vSwitch configuration, which utilizes some interesting port group failover order setting which include overrides. So, I zipped through my sheet and was waiting for the instructor to ask for answers. After a few other students I spoke up and proceed to explain my complex but accurate vSwitch configuration.

You remember this diagram from class right??

And the override settings?

Read More »

Tags: , , , , , , , , , ,

Spotlight on Nexus 1000V: Great Podcast and Learning Lab for Your Enjoyment

Today, I wanted to point out a couple of great resources to develop a deeper understanding of Cisco’s virtual switch, the Nexus 1000V.

First, we were excited to have Prashant Gandhi, our Sr. Director of Product Management for the Nexus 1000V, be invited onto the latest Packet Pushers Podcast, hosted by Greg Ferro. If you aren’t yet familiar with the PP Podcasts, they are an entertaining technical dive into a wide range of networking concepts with guests from vendors as well as large IT organizations. Greg’s expertise lies in the data center and with all things networking, including virtualization and L4-7 application services. In this podcast, all about the Nexus 1000V, Greg, Prashant and the other co-hosts talk about the architecture and deployment issues. There’s an extensive comparison of Cisco’s 802.1Qbh virtual Ethernet bridge protocol with the 802.1Qbg proposal from HP, VEPA.  Listen to the full podcast here.

Greg had made an earlier plea on his blog that he wasn’t getting enough Cisco guests. We were happy to help out and enjoyed the interaction. We talked about having Prashant back on a future show to talk about vPath and the Virtual Security Gateway (VSG), the virtual firewall running on the Nexus 1000V. We look forward to that as well.

For a deeper, hand-on dive into the Nexus 1000V, nothing beats the Cisco CloudLab (http://cloudlab.cisco.com). We’ve set up an online workbench configured with all the tools and software to play around with the virtual switch yourself. Cisco Cloudlab is available to folks outside Cisco, but you will have enter the name of a Cisco employee sponsor to approve access. There are a number of lab exercises you can walk through to get a general overview, install or upgrade the Nexus 1000V, as well as VSG.

Cisco Cloud Lab

Of course, if you are really ready to test it out on your own, you can always download a trial version for your own system at the Nexus 1000V page (http://www.cisco.com/go/nexus1000v).

Tags: ,