So here we are, Monday at Cisco Live… Most likely you cut your weekend short to get here on time, or… you fought some insane TSA line-ups and a full-body x-ray scan this morning to squeeze onto an oversold flight. Regardless, you’re hopefully reading this from the comfort of a quiet, convenient spot you’ve staked out in the Mandalay Bay with a vodka-tonic within arms-reach (well maybe not). Read More »
I started my professional life using a mainframe. Back then the people running the mainframe world were known as the “data center guys.” These guys had a certain DNA combination that created an expanding waistline, a retreating hairline, a belt buckle the size (and shape) of Texas, and a penchant for big iron. This crowd ruled the data center for a long time, but virtualization in the data center is now driving a radical shift that seems to be changing everything.
Instead of having an application running on a dedicated tower of hardware power, apps are now free from the limitations of the infrastructure underneath. Hardware is evolving rapidly into dynamic blocks of utility computing (and storage and networking) that can be standardized, widely deployed, and efficiently utilized. This change is good news, as it can cut data center costs by 50 percent or more. If the big iron crowd from the mainframe days doesn’t adopt this fundamental shift, they’ll be hanging up their Texas belt buckles in the computer museum next to the punch card, the VAX, and a replica of the ILLIAC.
The same shift is also happening with security. Since most security products are primarily software based, it is not much of an effort to repackage these products as “virtual security.” But merely repackaging security products misses the point. Today’s security architecture was built at a time when the workplace was very different than it is today. End users would come into the office and work on a PC, which sat on a desk and was connected by a wire to a port on the wall. At this time, the IP address was a pretty good proxy for the user’s identity. And applications would each run on their own tower of power—hardware that was often running in a unique data center rack or racks. Therefore segmenting the data center in this era was relatively easy; it was based on IP address ranges and, later, on virtual LANs (or VLANs).
But the workplace of today (and tomorrow) looks very different. We’re no longer tied to a specific lump of hardware. We expect to access our apps in the cloud from any device, at any time, from anywhere. Therefore the IP address is a less useful means of defining data center boundaries.
We need a new capability that allows the security team to maintain its meaningful policy enforcement capability, while enabling that policy to be relevant across all infrastructure—physical and virtual. An important nuance here is that the policy should be consistently enforced across physical infrastructure as well as across virtual infrastructure from any virtualization vendor. This level of enforcement requires special access to the hypervisor. Without this access, a virtual security solution can’t see traffic between two virtual machines (VMs).
How the various security vendors plan to address hypervisor access is still an open question. And how that question gets answered is significant—and is likely to reshape the security vendor landscape.
So as we consider various virtual security solutions, simply repackaging today’s security software as a VM running in a cluster of other VMs is extremely uninteresting. Instead we must reimagine the way that we build and deploy security solutions. How do we bridge the policy model from today’s hardware-based firewalls to the virtual firewalls of tomorrow? How can we maintain a separation of duties, so that security policy definition is separate from traditional network operations? And how will we orchestrate all of these components in the dynamic, nimble data center of tomorrow? These are not small issues. But of course, that’s what makes my job fun.
This is shaping up to be another great outing – as a number of my peers have already highlighted, there is an endless buffet-line of learning opportunities while you’re spending the week with us in Vegas. This year marks the entrance of the Virtualization Experience Infrastructure (VXI) into the Cisco Live realm, and with it comes my favorite part – the opportunity to meet with customers from across the globe who are coming to this event, armed with the objective of getting the info they need to help get their desktop virtualization initiatives off the ground. Read More »
Many of you have asked me and my team about the session codes for the new Manufacturing Industry Industrial Intelligence day on 12th July 2011 and how to register for the exclusive sessions if you’re attending Cisco Live! So here’s the scoop:
Since many of you have a full conference registration package, you have access to Industrial Intelligence Day as part of your pass. Yes -- we made it possible! You can game the system. We made it easier than Groupon!
You can sign up for the following 3 sessions on CiscoLive Scheduler at https://www.ciscolive2011.com/scheduler (use your login you received with your confirmation) and just click ‘add to schedule’.
The great thing is you can now win an iPAD2 by attending these sessions*
The 3 sessions are:
SIPIAD-1420 -- Improving Energy Efficiency and Sustainability in Industrial Applications
SIPIAD-1421 -- Advanced Industrial Networks: Wired, Wireless, Resilient & Precise
SIPIAD-1423 -- Industrial Intelligence Key Note and Panel
These 3 sessions comprise Industrial Intelligence Day (full agenda at http://www.ciscolive.com/us/attendees/solutions/industrial.php?zid=us-home-spot3
Please note that all 3 sessions will all be conveniently held in the same room -- Mandalay Bay F on Tuesday, July 12th, starting with a hosted breakfast at 7 am. An informal networking hosted lunch is also included as part of the day. Read More »
Tags: aeroscout, automation, Borderless Networks, Cisco, cisco live, ciscolive, collaboration, Common Industrial Protocol, Energy Management, industrial, Industrial Automation, Industrial Intelligence, industrial networking, industrial wireless, innovation, librestream, Manufacturing, mobility, Panduit, partner, Rockwell, security, video, virtualization, wireless
Last week Cisco, VMware, and NetApp published a very detailed CVD deployment guide to further simplify and accelerate the deployments of Enhanced Secure Multi-Tenancy (ESMT) solution on FlexPod for VMware. ESMT is a key FlexPod add-on feature that allows secure hosting and protection of virtualized data centers for multiple tenants on the same, shared FlexPod infrastructure. Availability, Secure Separation, Service Assurance, and Management are the key foundational pillars of the ESMT architecture. Each of these pillars is enabled by innovative technologies from Cisco, NetApp, and VMware.
Tags: Cisco, Cisco ACE, Cisco Nexus, Cisco UCS, cloud, ESMT, FlexPod, FlexPod for VMware, netapp, Nexus 1000v, Secure Multi-tenancy, SMT, unified computing system, virtualization, VMware, VMware vShield