Cisco Blogs


Cisco Blog > Data Center and Cloud

August 2013 #SecureDC Twitter Chat Recap: SDN Security

Our first SecureDC twitter chat created some great industry dialog around security for Software Defined Networks (SDN) as well as using SDN to improve security. SDN is going through a similar hype cycle as seen with cloud and we feel that it’s important to focus more on education now and broader collaboration, so that users can benefit from the tremendous potential SDN holds.

More Education, Less Buzz

We kicked off our conversation by asking what are the most pressing issues around SDN were. @Joltsik, Principal analyst at Enterprise Strategy Group, felt that users are confused with so much buzz, yet there’s little in the way of education.

@Raj_Samani, Chief Innovation Office at the Cloud Security Alliance and CTO at McAfee, went one step further indicating that greater transparency is also needed. However, @Jgreene3rd, Technical Lead for Data Center Security Technologies at Intel, noted that the upside of buzz is that it drives greater demand for availability, which in turn fuels education.

JonOltsik.jpeg

 

 

 

 

 

SDN and Improving Security

@KenSBeck, Principal Engineer at the Cisco Security Technology Group Office of the CTO, led an interesting discussion on how APIs for programming the network at network speed will allow security intelligence to be much more dynamic and eventually part of the network itself. @shl_eax_1, Technical Lead Engineer at Cisco Security Technology Group Office of the CTO, further noted how global visibility of the network hastens the speed with which security issues get resolved.

@fsmontenegro elaborated on how SDN security can enable more intelligent, granular and efficient response, and that SDN improves security by adding policy exceptions at the network layer with redirect flow. @vernonxt, SVP for ICT Research at IDC, honed in on SDN enabling better policy management. @AndiMann, Vice President at CA Technologies, speculated with automation enabling embedded policy and preventing random changes, shouldn’t SDN be able to do the same.

SDN Impact on Regulatory Compliance

@alokmittal65, Chief of Staff for the Cisco Security Technology Group Office of the CTO, stressed the need for auditing, logging and monitoring of policy change events.

@Raj_Samani also noted that with greater proliferation of devices, the ability to achieve greater attestation on the endpoint becomes more challenging. @KenSBeck drew attention to leveraging network awareness of user, geo location, and device as contextual elements that can make attestations much more meaningful.

Wrapping Up

@KenSBeck, our host from the Office of the CTO at Cisco, closed with words of advice and a hint of what is in store.

KenBack

 

 

 

 

 

 

 

Keep the dialog going! Follow us on @Secdatacenter #SecureDC and join the conversation on LinkedIn Secure Datacenter Trends. For additional SDN resources, be sure to register today for our SDN Learning Seminars.

 

Tags: , , ,

Wall Street and Data Analytics, They Are Only As Good As The Network That Connects Them

HPC on Wall StreetAt this years’ 2013 High Performance Computing on Wall Street once again the greatest minds from the financial services industry gathered to discuss the latest technology trends that give financial firms a technology edge in accessing information in real-time to better predict where markets are going and the best areas to invest.

Many vendors delivered their latest innovation data analytics software that can analyze market data in real-time, but without the right infrastructure, traders can be delayed in executing on that information. Trading smarter is the key underlying theme by which the fabric can provide greater transparency and enhance application delivery that impacts the business. Read More »

Tags: , , , , , ,

Industrial Grade SDN

September 9, 2013 at 6:55 am PST

The software defined network has become all the rage lately for reasons that seem to vary and are caught up in interesting perceptions.  One view was that it allowed a single network to be controlled centrally and divided up logically to prevent different groups from interfering with one another, well that’s true.  Another view is that it provides a central place of management that configures and monitors the network for performance and faults, well that is true.

The basis is really the separation of the control plane (configuration and management) onto a server that centrally controls many network nodes.  From the data plane which are the switches and routers that pass the data for the application from one end device to another, or many.  The SDN controller communicates over a secure communications path using an API supported by the network device.

Yet what may be the most significant possibility of SDN is the ability to use programmatic control from the very applications that use the network for transport to stipulate any number of services that application needs from the network.  We are seeing this in data centers that will allow end user departments to define a complete network for say ERP from within the ERP application and no help from IT.  Why not for controls?  And since SDN is based on open source initiatives the ability for anyone to create and market applications for say a controls system is very real. Read More »

Tags: , , , , ,

Limitations of a Software-Only Approach to Data Center Networking

To learn more about Application Centric Infrastructure,
join us for a special webcast with John Chambers and Soni Jiandani
on November 6th at 10:30 am EST/7:30 pm PST/15:30 GMT.
Register here

I want to address some questions about VMware’s NSX virtual networking announcement that have been asked of us by the media and social Web commentators in the past few days. Specifically, they have asked  why Cisco did not announce support for NSX and whether the announcement changes the long-standing strategic relationship between our two companies.

First, let me be clear: VMware is an important partner to Cisco, and we expect to continue our close collaboration around private cloud and desktop virtualization.  As we outlined yesterday in a joint news release about Cisco and VMware’s mutual customers, thousands of organizations rely on our combined innovation in their businesses each and every day and I look forward to continued success in this area.

While we share a common vision for private cloud and desktop virtualization, there are significant differences in our visions over the future of networking.

Network virtualization is important. We both agree on that. In fact, over the past several years, we have delivered game-changing innovations in this area particularly with the Nexus 1000v and more recently with NFV solutions, both of which are key elements of the Cisco ONE portfolio. Today, more than 6,000 Nexus 1000v customers benefit from the flexibility delivered by our virtual networking technology.

However, a software-only approach to network virtualization places significant constraints on customers.  It doesn’t scale, and it fails to provide full real-time visibility of both physical and virtual infrastructure.  In addition this approach does not provide key capabilities such as multi-hypervisor support, integrated security, systems point-of-view or end-to-end telemetry for application placement and troubleshooting.  This loosely-coupled approach forces the user to tie multiple 3rd party components together adding cost and complexity in day-to-day operations as well as throughout the network lifecycle.  Users are forced to address multiple management points and maintain version control for each of the independent components.  Software network virtualization treats physical and virtual infrastructure as separate entities, and denies customers a common policy framework and common operational model for management, orchestration and monitoring.

Cisco has a different strategy and that is embodied in the Application Centric Infrastructure.  Application Centric Infrastructure (ACI) is an innovative secure architecture that delivers centralized application-driven policy automation, management and visibility of physical and virtual networks.  It’s built upon a fabric foundation that delivers best-in-class infrastructure by combining hardware, software and ASIC innovations into an integrated system.

The architecture provides a common management framework for network, application, security and virtualization teams — making IT more agile while reducing application deployment time.  It’s built for multi-tenancy ensuring proper isolation and detailed telemetry of SLAs across different consumers of the infrastructure while also providing a consistent security policy across both physical and virtual applications.  ACI allows IT teams to offer a public cloud experience and economics to their customers while maintaining the associated SLAs and performance requirements for the most demanding business applications.  It’s an open programmable architecture with a comprehensive set of APIs that enables the broadest ecosystem of datacenter management and L4-7 services.  Finally, ACI enables comprehensive investment protection by leveraging existing IT teams’ skillset and infrastructure to lower overall TCO.

I recently wrote a blog post about how Network Virtualization is a Different to Server Virtualization as we think about the next chapter of networking.  It’s key to remember that underutilized compute resources created the opportunity for server virtualization. Underutilization is not a problem in the network. In fact, server virtualization is pushing the limits of today’s network utilization and driving demand for higher port counts, application and policy-driven automation, and unified management of physical, virtual and cloud infrastructures in a single system.  Businesses today are looking for more from their investments as they turn on new services and applications more quickly, in a way that is easier to manage and that can scale with applications needs.

We believe that delivering those benefits requires the flexibility of software coupled tightly with the performance and scalability of hardware and ASICs. That’s what we’re delivering with our Application-Centric Infrastructure vision and throughout the entire Unified Data Center portfolio.

Stay tuned for some exciting news from us in this area in the next few months.

Tags: , , , , , ,

ONE + ONE = 6: New Math for Enterprise Programmability

In my previous 3-part blog series I discussed the challenges in the Enterprise WAN and relevancy of SDN in overcoming these challenges and how Cisco ONE Enterprise Networks Architecture addresses these WAN challenges. In this blog post I will discuss how Cisco ONE (Open Network Environment) and ONE Enterprise Networks Architecture fit together. In a following blog, I will discuss how Cisco ONE Enterprise Networks Architecture provides six significant benefits to enterprises through programmability. ONE + ONE = 6 is the new math for Enterprise programmability!

Cisco ONE

Cisco ONE (Open Network Environment)

Cisco ONE is a comprehensive, Cisco wide solution (not just data center) approach to making networks more open, programmable, and application-aware. There are numerous blogs, and videos about Cisco ONE that can be found here. As a brief summary, Cisco ONE comprises of 3 pillars that provide a programmable approach to both physical and virtual infrastructure: Read More »

Tags: , , , , , , , ,