Cisco Blogs


Cisco Blog > Enterprise Networks

Using TrustSec to simplify Virtual Desktop Infrastructure (VDI) deployment

We recently discussed the perfect IT storm that is currently brewing in business. BYOD, Unified Access, Video, the Many Clouds, SDN… all happening at once, on current infrastructure, and yet demanding more.

Some of the comments you made further emphasized the need to have an architectural approach.

VXI/VDI deployments are no exception.

Discussing VDI deployments with our customers in EMEAR, two things really are at the centre of our discussions from an infrastructure standpoint.

-         Security, which I’ll  discuss in today’s post.

-         Latency and user experience.  Two recent posts, here and here, provide great insight on how to tackle this challenge.

I have therefore asked Steinthor Bjarnason (sbjarnas@cisco.com), Senior EMEAR Security Consultant, based out of Norway, to give me his perspective.  He has 15 year experience in the security space and his perspectives are drawn from numerous customer projects, both in the Enterprise and the Service Provider space. Read More »

Tags: , , , ,

Judge for yourself: Taking Dell to task on “holistic” security claims

In case you missed it, Network World’s Ellen Messmer published a rather surprising article on how Dell was going to “trump” Cisco in the information security market as a result of some recent acquisitions. Now certainly Dell is entitled to their beliefs. They’re in a difficult position right now, as Michael Dell and Silver Lake maneuver the company through a very complex set of buy-out related transactions. They need to give their customers assurance that they won’t be distracted through this process. And if you want to set a big impression with your customers, you might as well go after the market leader in security.  Be it as it may, we can’t just sit back and let these blatant statements go unchecked. So, in the spirit of “fair and balanced” reporting, we thought we’d issue our own little fact check and let you conclude for yourself.

  • “Cisco is a great competitor but they don’t have our holistic view” – Acquiring assets and bundling them together doesn’t constitute a “holistic” approach.  Those assets must be closely integrated, which is the approach Cisco is delivering with its next generation security architecture. This architecture will be built on top of a multi-function security platform with deep network integration. There are many proof points today that demonstrate we are delivering against this strategy and architecture. Today our customers are deploying Cloud Web Security with their Cisco ISR G2 and ASA Next Generation Firewall through connectors built from Cloud Web Security. In addition we’ve brought market leading application, visibility and control to ASA, embedded deep in the firewall.  But it doesn’t stop here.
  • Now what about Dell’s comment that Cisco “doesn’t have an identity business“?  Cisco’s Identity Services Engine provides the backbone of Cisco’s secure Unified Access solution. The real network security action is in delivering access privileges based on more than just user identity and group which is all Dell can do today with Quest. In the BYOD world customers also require action based on the type of device, posture of the device, and location. Cisco’s Identity Services Engine is the industry leading platform to deliver context based policy controls and then leveraging the network for distributed enforcement consistently across wired, wireless, and VPN access. This is a game-changer for the enterprise and our next generation end-to-end security architecture. Enterprises can now implement context-based policy from the access layer through the data center switching fabric without using brittle and costly network segmentation methods tied to VLANs and ACLs. This is real synergy, and it is delivering a holistic solution as opposed to a holistic press sound bite.  But don’t just take our word for it; check out Gartner’s latest Magic Quadrant for NAC.  Cisco’s ISE combines identity, device, and network with a market leading platform deployed in over 3000 customers.
  • Just weeks ago we announced another key milestone with the introduction of ISE 1.2.  With this latest release we also became the first vendor in the industry to offer automated profiling feeds making us better and faster at identifying new devices and operating systems.  We’ve increased the speed and scalability of ISE to address the increasing demands brought on by the “Internet of Everything”.  And we’ve added a new set of partner APIs enabling integration into key MDM partners – SAP, AirWatch, Citrix, Mobile Iron and Good.  This expands the reach of ISE and enables customers to drive common context and identity management from the network all the way to the end point.  Dell talk’s about their direction to advance the “concept” of embedded security to virtually any type of device.  We’re not just talking about it, we’re doing it. Read More »

Tags: , , , , , , , , , , , , , , , , , ,

The Three Pillars to Cisco’s Secure Data Center Strategy: Part 3 Visibility

In this last part of this series I will discuss the top customer priority of visibility.  Cisco offers customers the ability to gain insight into what’s happening in their network and, at the same time, maintain compliance and business operations.

But before we dive into that let’s do a recap of part two of our series on Cisco’s Secure Data Center Strategy on threat defense. In summary, Cisco understands that to prevent threats both internally and externally it’s not a permit or deny of data, but rather that data needs deeper inspection. Cisco offers two leading platforms that work with the ASA 5585-X Series Adaptive Security Appliance to protect the data center and they are the new IPS 4500 Series Sensor platform for high data rate environments and the ASA CX Context Aware Security for application control.  To learn more go to part 2 here.

As customers move from the physical to virtual to cloud data centers, a challenge heard over is over is that they desire to maintain their compliance, security, and policies across these varying instantiations of their data center. In other words, they want to same controls in the physical world present in the virtual – one policy, one set of security capabilities.  This will maintain compliance, overall security and ease business operations.

By offering better visibility into users, their devices, applications and access controls this not only helps with maintaining compliance but also deal with the threat defense requirements in our overall data center.  Cisco’s visibility tools gives our customers the insight they need to make decisions about who gets access to what kinds of information, where segmentation is needed, what are the boundaries in your data center, whether these boundaries are physical or virtual and the ability to do the right level of policy orchestration to maintain compliance and the overall security posture.  These tools have been grouped into three key areas: management and reporting, insights, and policy orchestration.

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

TechWiseTV 120 Defending the Data Center

September 20, 2012 at 10:30 am PST

We had to dig further, past our initial meetings internally and determine what would make this particular story unique from previous ones we have told this year.  As it turns out, we had plenty of material to share but three really good shows done earlier, now provide great context for appreciating the innovation we talk about in this one.

Check out: Fundamentals of High End FirewallsFundamentals of Intrusion Prevention and (TechWiseTV 115) Firewall Reinvention with the ASA-CX

So topically, Security in the Data Center is an easy hit of course.  It almost sounds like an Oxymoron as many are convinced it is some kind of insurmountable obstacle. Nothing could be further from the truth.   It seems to top many lists.  [Watch 'Defending the Data Center' Right Now.]

As Cisco broadens the tool set with new models and deployment options, we broke this one down along party lines:

Read More »

Tags: , , , , , , , ,

The Next Evolution of Cisco’s Nexus 1000V Virtual Switch to be Featured at VMworld

August 24, 2012 at 5:00 am PST
Remote Active - Standby VSM pairs

VSM's across remote data centers

Nothing sits around and gets stale for long at Cisco (outside the break rooms anyway). On the heels of shipping our Nexus 1000V 1.5.2 release earlier this week (which you can download from here), we are ramping up to show the upcoming generation of the virtual switch next week at VMworld in San Francisco. This new major release 2.1 will be going into beta in October, and will represent a quantum leap in ease of deployment and management, as well as greater security for cloud environments.

Features of the new Nexus 1000V 2.1 Release:

  • vCenter Plug-in – Provides a holistic view of the virtual network to the server administrator from within VMware vCenter. A Nexus 1000V dashboard in vCenter shows the virtual supervisor module (VSM) and virtual ethernet module (VEM) details, such as VSM health status, license information, PNIC information, connected VM’s, et al.
  • Support for Cisco TrustSec -- Extends Cisco TrustSec security solutions for network-based segmentation of users and physical workloads to virtual workloads, leveraging Security Group Tags (SGT) for defining security segments. Data center segmentation and consistent security policy enforcement can now be implemented across physical and virtual workloads.
  • Cross Data Center High-availability – Supports split Active and Standby Nexus 1000V Virtual Supervisor Modules (VSMs) across two data centers to implement cross-DC clusters and VM mobility while ensuring high availability. In addition, VSM’s in the data center can support VEM’s at remote branch offices. Read More »

Tags: , , , , , , , , , , , , , , , ,