Today, rapid changes in the world we live in, driven by technology trends, business model changes and market transitions, like the Internet of Everything, profoundly impact our networks and our data centers. With the advent of all of these new capabilities, we have created a new paradigm for security—it is what I refer to as the “Any to Any” Problem. That is, any user on any device increasingly going over any type of connection, to any application, that could be running in any data center and on any cloud. Regardless of how or where our users are connecting, we have to provide the right levels of inspection and protection against malicious actors.
Today, Cisco is announcing the new Application Centric Infrastructure (ACI) designed to seamlessly integrate layer 4 through layer 7—and security, in particular—into next generation Data Center environments. As part of this framework, we are announcing ACI Security Solutions, which support next generation Cisco ASA physical and virtual firewall technologies by stitching them directly into the ACI network fabric, and can be managed using the ACI Policy Infrastructure Controller management tool.
The Cisco ASA 5585-X Series Next-Generation Security Appliance has been updated and certified to interoperate with the new Nexus 9000 switches—whether they are deployed in traditional or ACI modes. The new Cisco ASA Virtual Firewall (ASAv) performs the same functions as any ASA appliance. However, unlike an ASA 1000v Cloud Firewall, the ASAv maintains its own data path. This allows it to work with any virtual switch and it will be available on multiple hypervisors.
This is an exciting new model for truly integrating security into the infrastructure, and it will solve many of the problems that we have typically had in deploying security in the data center. As organizations move to application-centric data center, cloud, and networking solutions, the same requirements for security and compliance remain. Unfortunately, traditional security solutions are not designed for this new environment, and can quickly become a bottleneck, as well as limit the functionality and efficiency of the new architecture. According to a recent Network World study, as many as 85 percent of data center administrators feel that security limitations require them to compromise their data center functionality and performance.
With the new Cisco ACI Security Solutions, we address these problems head on. First, we provide a central point of network control with Firewall service policy coordination and automation. The open API framework on the ACI controller integrates with the ASA platform to automate network and service provisioning, providing end-to-end telemetry and visibility.
Second, we offer a scalable and elastic architecture for physical and virtual appliances. The ACI defines a policy-based service insertion mechanism, providing full life cycle service management based on workload instantiation and decommission. In addition, it delivers a flexible deployment model that enables workload mobility. Simply put, ACI gives administrators the flexibility to create simple and dynamic application and transaction chains, without regard to data center topology, and ACI Security Solutions allow them to attach security directly to those processes as a service. This provides the seamless scalability and protection that data centers require, without compromising data center functionality.
Third, we provide Investment Protection of existing firewall operational models because the ACI and automation framework are fully compatible with existing firewall networks. This preserves existing service operational models and leverages standard protocols.
When deploying Cisco ACI Security Solutions, customers will receive a range of benefits, including:
- Full network policy and service chain automation for service-enabled data center networks
- A unified single pane of glass across networking, application, firewall and other security services
- And integrated visibility into the performance of their applications system wide – across physical and virtual service-enabled infrastructure
Furthermore, Cisco ACI Security Solutions allow organizations to take full advantage of the power, flexibility, and performance of new ACI Data Center environments—without compromising on critical functionality or security. This is a fundamental paradigm shift for Cisco and for our customers in that the network and security are now woven together as a complementary whole, eliminating that tension between protection and performance that has traditionally existed.