Cisco Blogs


Cisco Blog > Data Center and Cloud

Security Policies Made Easy in New Virtual Network Management Center 2.0

August 27, 2012 at 5:00 am PST

As VMworld swings into high gear on a bright Monday morning in San Francisco (well it promises to be bright, once the sun comes up here), we continue our series on the virtualization product updates we are unveiling this week (see earlier news on the new Nexus 1000V and the ASA Cloud Firewall). One of the exciting new components of our Nexus 1000V virtualization stack is the Cisco Virtual Network Management Center (VNMC) 2.0, part of the Intelligent Automation portfolio.

VNMC 2.0 is a template-driven policy management tool that is now bundled with Cisco Virtual Security Gateway (VSG) and Cisco ASA 1000V Cloud Firewall. This new release now has expanded capabilities to configure the security of your virtual cloud environment. Because VNMC 2.0 is such a step up from prior releases, and fewer people are familiar with its functionality, this is going to be a bit longer of a post than usual (but with lots of screen shots).

Let’s take a look at some of the key VNMC features and how it works with the two virtual firewalls:

Resource Objects for ASA 1000V

Cisco VNMC abstracts the devices it manages. As part of provisioning, devices are configured to point to Cisco VNMC for policy management. Cisco VNMC discovers all devices and lists them under the Resources pane. In addition to the ASA 1000V, the Resources pane has other resources such as Cisco VSGs, VSMs, and VMs.

VNMC screen shot
Read More »

Tags: , , , , , , ,

The Next Evolution of Cisco’s Nexus 1000V Virtual Switch to be Featured at VMworld

August 24, 2012 at 5:00 am PST
Remote Active - Standby VSM pairs

VSM's across remote data centers

Nothing sits around and gets stale for long at Cisco (outside the break rooms anyway). On the heels of shipping our Nexus 1000V 1.5.2 release earlier this week (which you can download from here), we are ramping up to show the upcoming generation of the virtual switch next week at VMworld in San Francisco. This new major release 2.1 will be going into beta in October, and will represent a quantum leap in ease of deployment and management, as well as greater security for cloud environments.

Features of the new Nexus 1000V 2.1 Release:

  • vCenter Plug-in – Provides a holistic view of the virtual network to the server administrator from within VMware vCenter. A Nexus 1000V dashboard in vCenter shows the virtual supervisor module (VSM) and virtual ethernet module (VEM) details, such as VSM health status, license information, PNIC information, connected VM’s, et al.
  • Support for Cisco TrustSec -- Extends Cisco TrustSec security solutions for network-based segmentation of users and physical workloads to virtual workloads, leveraging Security Group Tags (SGT) for defining security segments. Data center segmentation and consistent security policy enforcement can now be implemented across physical and virtual workloads.
  • Cross Data Center High-availability – Supports split Active and Standby Nexus 1000V Virtual Supervisor Modules (VSMs) across two data centers to implement cross-DC clusters and VM mobility while ensuring high availability. In addition, VSM’s in the data center can support VEM’s at remote branch offices. Read More »

Tags: , , , , , , , , , , , , , , , ,

vPath: The Secret Sauce to Enabling Virtual Network Services

July 31, 2012 at 4:09 pm PST

Wow, there’s been a lot of news in the SDN and virtual networking space in the last week or so! VMware acquiring Nicira, and Oracle acquiring Xsigo are testimony to how important virtual overlay networks and virtual switching infrastructure has become for data center vendors, and how integral they are to each company’s strategy. Speaking of our own Nexus 1000V-based virtual networks, last week I provided an overview and some new resources on Virtual Extensible LANs (VXLAN) for Nexus 1000V virtual switches. That turned out to be quite a popular post, so I’m following up this week on another fundamental component of Nexus 1000V-based virtual networks, vPath, the secret sauce that allows us to deploy virtual network services in the data center.

What is vPath? Well, if VXLANs can set up secure tunnels over a shared, multi-tenant virtual network, vPath is a feature of the Nexus 1000V virtual switch that can redirect traffic to virtual application services before the switch sends the packets down into the virtual machine. Very important stuff, but how does it do that? I find that my blog posts are more popular the less I type, and the more I embed cool TechWiseTV videos that illustrate the concept, so I’m dusting off this classic from the TWTV team on just how vPath does that with our Virtual Security Gateway (VSG). Take it away Robb

But wait, there’s more… Read More »

Tags: , , , , , , , , , , , , , ,

New Forrester Report Offers Insights to Deploying Virtual Network Services

July 2, 2012 at 12:03 pm PST

An interesting new report has been issued by Forrester Research that provides a great deal of market research and insight into the challenges of the data center network supporting large-scale virtualization. The report provides a representative view about the types of obstacles organizations are facing and where they are making new investments, along with some recommended best practices. As usual, the application services infrastructure is one of the biggest challenges, i.e., how to replicate the layer 4-7 and security services that mission-critical applications require in a highly virtualized or hybrid cloud environment. While servers and networks have largely been virtualized, relying on physical firewalls or application controllers can undermine or limit the beneficial effects of virtualization.

Forrester starts by pointing out what benefits customers are looking for and where they see the greatest growth in virtualization going forward. Over the next four years, Forrester sees 500% growth in total virtual x86 workloads that will be hosted in private cloud IaaS (Infrastructure as a Service), where virtual servers are isolated between tenants, compared to 170% growth in private cloud pools in organizations’ own data centers. Forrester points out that overlooking virtual services can “negate private and public cloud investments”, however. 33% of their respondents indicated that they have difficulty integrating public services with internal virtual infrastructures, with 24% specifically citing “frustration with capability, agility and flexibility of traditional application delivery controllers (ADC)”. (see next table).


Read More »

Tags: , , , , , , , , , , , ,

Third-Party Virtual Services on the Cisco Nexus 1010-X Appliance Start with Imperva WAF

June 11, 2012 at 12:55 pm PST

Nexus 1010-X services imageIn a blog post earlier this year, I highlighted the Nexus 1010-X virtual services appliance announced at Cisco Live! in London, and why virtual services can be best deployed on a separate UCS-based appliance running NX-OS. The Nexus 1010 and 1010-X are dedicated platforms for hosting virtual service nodes, like the Nexus 1000V virtual supervisor module (VSM), virtual firewalls, and our virtual network analysis module (NAM). All these services run in virtual machines on the Nexus 1010, rather than taking up valuable resources on application servers, and allow for easier manageability by the networking and security teams (rather than the server team).

Continuing on the same theme, this week at Cisco live! San Diego (my how time flies between these shows!), web application firewall (WAF) manufacturer, Imperva, announced that their SecureSphere WAF would soon be available on the Cisco Nexus 1010-X virtual services appliance (Q4 CY 2012). This is the first third-party virtual service announced on either the Nexus 1010 or 1010-X appliance, and provides additional security capabilities on top of Cisco’s virtualization infrastructure for cloud applications.  Read More »

Tags: , , , , , , ,