Cisco ACI – A Hardened Secure Platform With Native, Built-in Security
This blog has been developed in association with Javed Asghar, Insieme Business Unit
The Cisco ACI Platform consists of the Cisco APIC controller and Nexus 9000 series switches connected in a spine/leaf topology in a CLOS architecture configuration. All management interfaces (REST API, web GUI and CLI) are authenticated in ACI using AAA services (LDAP, AD, RADIUS, TACACS+) and RBAC policies which maps users to roles and domain.
The ACI fabric is inherently secure because it uses a zero trust model and relies on many layers of security: Here are the highlights:
- All devices attached to the ACI fabric use a HW-based secure keystore:
– All certificates are unique, digitally signed and encrypted at manufacturing time
– The Cisco APIC controllers use Trusted Platform Module (TPM) HW crypto modules
– The Cisco Nexus 9000 series switches use Trust Anchor Module (TAM) to store digitally signed certificates
- During ACI fabric bring-up or while adding a new device to an existing ACI fabric, all devices are authenticated based on their digitally signed certificates and identity information.
- Downloading and image bootup:
– All fabric switch images are digitally signed using RSA-2048 bit private keys
– When the image is loaded onto an ACI fabric device, the signed image must always be verified for its authenticity using hardware rooted Cisco Secure Boot
– Once the verification is complete “only then” the image can be loaded onto the device
- The ACI fabric system architecture completely isolates management vlan, infrastructure vlan and all tenant data-plane traffic from each other. (The Cisco APIC communicates in the infrastructure VLAN (in-band))
- The infrastructure VLAN traffic is fully isolated from all tenant (data-plane) traffic and management vlan traffic.
- All messaging on infrastructure vlan used for bring-up, image management, configuration, monitoring and operation are encrypted using TLS 1.2.
- After a device is fully authenticated, the network admin inspects and approves the device into the ACI fabric.
These are various layers of security built into ACI’s architecture to prevent rogue/tampered device access into the ACI fabric.
Please stay tuned for a blog posting by Praveen Jain (ACI Engineering VP) which will cover the APIC and Fabric security is more detail in coming weeks
Praveen Jain’s recent blogs:
New Innovations for L4-7 Network Services Integration with Cisco’s ACI Approach
The Cisco Application Policy Infrastructure Controller