VNMC 2.0 is a template-driven policy management tool that is now bundled with Cisco Virtual Security Gateway (VSG) and Cisco ASA 1000V Cloud Firewall. This new release now has expanded capabilities to configure the security of your virtual cloud environment. Because VNMC 2.0 is such a step up from prior releases, and fewer people are familiar with its functionality, this is going to be a bit longer of a post than usual (but with lots of screen shots).
Let’s take a look at some of the key VNMC features and how it works with the two virtual firewalls:
Resource Objects for ASA 1000V
Cisco VNMC abstracts the devices it manages. As part of provisioning, devices are configured to point to Cisco VNMC for policy management. Cisco VNMC discovers all devices and lists them under the Resources pane. In addition to the ASA 1000V, the Resources pane has other resources such as Cisco VSGs, VSMs, and VMs.
Nothing sits around and gets stale for long at Cisco (outside the break rooms anyway). On the heels of shipping our Nexus 1000V 1.5.2 release earlier this week (which you can download from here), we are ramping up to show the upcoming generation of the virtual switch next week at VMworld in San Francisco. This new major release 2.1 will be going into beta in October, and will represent a quantum leap in ease of deployment and management, as well as greater security for cloud environments.
vCenter Plug-in – Provides a holistic view of the virtual network to the server administrator from within VMware vCenter. A Nexus 1000V dashboard in vCenter shows the virtual supervisor module (VSM) and virtual ethernet module (VEM) details, such as VSM health status, license information, PNIC information, connected VM’s, et al.
Support for Cisco TrustSec -- Extends Cisco TrustSec security solutions for network-based segmentation of users and physical workloads to virtual workloads, leveraging Security Group Tags (SGT) for defining security segments. Data center segmentation and consistent security policy enforcement can now be implemented across physical and virtual workloads.
Cross Data Center High-availability – Supports split Active and Standby Nexus 1000V Virtual Supervisor Modules (VSMs) across two data centers to implement cross-DC clusters and VM mobility while ensuring high availability. In addition, VSM’s in the data center can support VEM’s at remote branch offices. Read More »
What is vPath? Well, if VXLANs can set up secure tunnels over a shared, multi-tenant virtual network, vPath is a feature of the Nexus 1000V virtual switch that can redirect traffic to virtual application services before the switch sends the packets down into the virtual machine. Very important stuff, but how does it do that? I find that my blog posts are more popular the less I type, and the more I embed cool TechWiseTV videos that illustrate the concept, so I’m dusting off this classic from the TWTV team on just how vPath does that with our Virtual Security Gateway (VSG). Take it away Robb…
An interesting new report has been issued by Forrester Research that provides a great deal of market research and insight into the challenges of the data center network supporting large-scale virtualization. The report provides a representative view about the types of obstacles organizations are facing and where they are making new investments, along with some recommended best practices. As usual, the application services infrastructure is one of the biggest challenges, i.e., how to replicate the layer 4-7 and security services that mission-critical applications require in a highly virtualized or hybrid cloud environment. While servers and networks have largely been virtualized, relying on physical firewalls or application controllers can undermine or limit the beneficial effects of virtualization.
Forrester starts by pointing out what benefits customers are looking for and where they see the greatest growth in virtualization going forward. Over the next four years, Forrester sees 500% growth in total virtual x86 workloads that will be hosted in private cloud IaaS (Infrastructure as a Service), where virtual servers are isolated between tenants, compared to 170% growth in private cloud pools in organizations’ own data centers. Forrester points out that overlooking virtual services can “negate private and public cloud investments”, however. 33% of their respondents indicated that they have difficulty integrating public services with internal virtual infrastructures, with 24% specifically citing “frustration with capability, agility and flexibility of traditional application delivery controllers (ADC)”. (see next table).
In a blog post earlier this year, I highlighted the Nexus 1010-X virtual services appliance announced at Cisco Live! in London, and why virtual services can be best deployed on a separate UCS-based appliance running NX-OS. The Nexus 1010 and 1010-X are dedicated platforms for hosting virtual service nodes, like the Nexus 1000V virtual supervisor module (VSM), virtual firewalls, and our virtual network analysis module (NAM). All these services run in virtual machines on the Nexus 1010, rather than taking up valuable resources on application servers, and allow for easier manageability by the networking and security teams (rather than the server team).
Continuing on the same theme, this week at Cisco live! San Diego (my how time flies between these shows!), web application firewall (WAF) manufacturer, Imperva, announced that their SecureSphere WAF would soon be available on the Cisco Nexus 1010-X virtual services appliance (Q4 CY 2012). This is the first third-party virtual service announced on either the Nexus 1010 or 1010-X appliance, and provides additional security capabilities on top of Cisco’s virtualization infrastructure for cloud applications. Read More »