Cisco live party
Who doesn’t love a Cisco Live! party?

If you live in the US, I hope you had a good 4th of July holiday last week. It’s already been over a week since a very exciting Cisco live! If you were there in person, or you caught much of it on video, I’m sure you know about the enthusiasm and excitement from an unexpectedly large number of attendees. Crowds in the World of Solutions were amazing, especially trying to learn about our new Cisco Dynamic Fabric Automation (DFA) technology, as well as the new enhancements in our Nexus 1000V virtual networking portfolio, like Citrix NetScaler 1000V.

While on the Nexus 1000V topic, I would like to point out a great blog write-up by the always insightful Jason Edelman, a Solution Architect at a national solution provider, on our Nexus 1000V InterCloud hybrid cloud solution. Nexus 1000V InterCloud received a great deal of interest and attention at Cisco live and may have been the busiest pod in our virtual networking area in the World of Solutions. The concept of hybrid cloud is really gaining traction and organizations appreciate the importance of now seamlessly extending virtual overlays from the on-premises data center to public cloud providers as Nexus 1000V InterCloud now enables. Nexus 1000V InterCloud began shipping last week, as well (with vPath and the Virtual Services Gateway coming soon), so the timing of all this interest couldn’t be better. To download the Nexus 1000V InterCloud GA image for evaluation, go here.

One of the aspects of InterCloud that we were talking about in more detail at Cisco live! was the internal security. The architecture supports complete encryption of all traffic not only between the enterprise or on-premises data center and the service provider cloud, but encrypts all data-in-motion within the provider cloud, to protect traffic from exposure to the service provider and other tenants. This encrypted tunnel includes all traffic going to the virtual services residing in the cloud. And this is on top of the security provided by the virtual services (when supported in InterCloud in Q4 CY 13), such as the virtual firewalls, VSG and ASA 1000V Cloud Firewall.

InterCloud Security Architecture

All data in motion is cryptographically isolated and encrypted within the InterCloud solution. This includes traffic exchanged between the InterCloud Extender (on-premises side) and InterCloud Switch (at cloud provider) as well as traffic within the cloud provider. A DTLS tunnel is created between these endpoints in order to securely transmit data. DTLS is a UDP-based secure transmission protocol. Multiple DTLS tunnels can be established for multiple links to the cloud provider as needed. A separate tunnel is used for traffic between the two InterCloud switches and with the cloud provider.

The secret key encryption algorithm used is AES. The keys used for the tunnel between the InterCloud Extender and the InterCloud Switch and the tunnel between the InterCloud Switch and cloud Virtual Machines are generated and maintained by the Cisco Prime Network Services Controller. The encryption strength is configurable, with the ability to select different key lengths for each tunnel based on the level of security desired (128 or 256-bit AES keys). SHA-1 is the associated hashing algorithm.

One of the reasons customers seem so excited about InterCloud is that it is really gearing up to be an open, provider-agnostic and infrastructure-agnostic solution. We’ll be able to support any cloud provider, and our cloud provider partners will be able to work with any enterprise no matter what virtualization infrastructure they are running (VMware, Microsoft Hyper-V, KVM…), or even what networking infrastructure they are running. The virtual switches in the enterprise application servers don’t have to be Nexus 1000V virtual switches, e.g., to run Nexus 1000V InterCloud.

Customers are excited about Cisco increasing the ecosystem for vPath-enabled services with our recent announcement with Citrix (for NetScaler 1000V) and what we have already discussed about Imperva SecureSphere Web Application Firewall (WAF). With vPath contributed to IETF, the future looks bright for a standardized virtual services insertion architecture.

And we’ll also be supporting multiple cloud orchestration platforms on the enterprise and provider side as well.  Beyond VMware, our support for System Center Virtual Machine Manager (SCVMM) is a big part of our Nexus 1000V for Microsoft Hyper-V strategy. And both at Red Hat Summit and Cisco live we were showing our support for OpenStack cloud orchestration solutions through OpenStack Neutron APIs that will be in the Nexus 1000V infrastructure in future releases.

This level of architectural flexibility, from supporting multiple hypervisors, cloud providers, virtual service products and cloud orchestration platforms is unparalleled among hybrid cloud solutions.

WPCNext we take the Nexus 1000V show on the road again (well not me again this time, but other capable folks), to the Microsoft World Partner Council 2013 in Houston. The conference is going on this week, July 7-11, at the George R. Brown Convention Center. This is the largest networking event for Microsoft partners to grow their business and we are eager to help them understand the benefits of our virtual networking portfolio running the Microsoft-oriented data center. Along with demonstrations of the new Nexus 1000V virtual switch for Microsoft Hyper-V that began shipping GA last month, attendees will be learning about all aspects of our Unified Data Center portfolio, including UCS and our Unified Management portfolio.

On Wednesday, July 10, Rex Backman will be talking at 4pm on the UCS and Nexus 1000V to provide an optimal IT infrastructure designed for virtualization and fully compatible with the Microsoft platform (Hyper-V, SCVMM, etc.). The session is titled, “Leveraging Cisco Datacenter Assets to Drive Private Cloud Revenue”. You can also find us in Booth 1401. For more information on the show and Cisco’s presence, go here. Or if you aren’t going to be in Houston next week, you can always find out about Cisco solutions for Microsoft at our microsite here.


Gary Kinghorn

Sr Solution Marketing Manager

Network Virtualization and SDN