Guest Blogger: David Soper, Technical Marketing Engineer
Our new cloud-based systems management platform, Cisco Intersight, leverages our expertise in security and cloud hosted management. It delivers secure management of your Cisco UCS and HyperFlex systems.
Building on Our Expertise
Cisco has several years of experience delivering infrastructure management from the cloud or Management as-a-Service (MaaS). Cisco Meraki is our hosted network management platform. There are currently over 1 million networks managed in the cloud by Meraki. We’ve learned a great deal along the way and earned the trust of our customers and partners.
Cloud-based systems management is relatively new, so IT operations staff and administrators have some concerns about security. We have leveraged the expertise we have gained from Meraki and other Cisco products as well as the Cisco IT organization, as we architected and developed Cisco Intersight.
This new brief explains the security we have designed into Intersight.
A Holistic, Pervasive Approach
Protecting customer infrastructure and data requires a close partnership between the Cisco IT and Information Security (InfoSec) organizations. Part of Cisco’s Security and Trust Organization (STO), InfoSec works with Cisco IT to help ensure that the products we build and the infrastructure we operate are secure. These groups work together to support business productivity while protecting our systems and data from internal and external threats.
Instead of focusing on security hardware and software alone, we take a holistic, pervasive approach to security by:
- Fostering a security-conscious culture to reduce the attack surface and provide a robust security posture
- Implementing security-focused policies and processes
- Embedding security throughout our infrastructure
Securing the Connection
Cisco UCS and Cisco HyperFlex systems are connected to the Cisco Intersight portal through a device connector that is embedded in the management controller of each system. The device connector provides a secure way for connected devices to send information and receive control instructions from the Cisco Intersight portal, using a secure Internet connection.
Two-factor authentication is used to verify the identity and authenticity of each device being claimed. This authentication mechanism adds another layer of security to the device-claiming process.
Securing the Data Transmission
All data sent to Intersight is encrypted, and all connections are initiated outbound from the device. The out-of-band control plane in the Cisco Intersight platform separates management data from IT production and application data. Management data, such as configuration and monitoring information and statistics, flows from the devices to the Cisco Intersight portal. IT production and application data is sent directly to its destination on your production data network.
All data exchanged between Cisco UCS devices and the Cisco Intersight platform uses industry-standard encryption and security protocols. Connected devices communicate with Cisco Intersight exclusively using Transport Layer Security (TLS) with restricted ciphers and HTTPS on the standard HTTPS port 443.
Ensuring the Service
Cisco Intersight is a SaaS management solution delivered through the Cisco Intersight portal. Cisco personnel are available 24 hours a day, 7 days a week, for logistical security, operational, and change-management support. All services are replicated across multiple independent datacenters so that user services fail over rapidly in the event of a datacenter failure.
For a detailed look at Cisco Intersight security, watch this video from one of Intersight’s principal engineers.