Securing the Cloud Within and Between Data Centers

998 views

Published on

Looking at data center and cloud trends, security challenges, security solutions and what's new: virtual ASA, vCloud Director Integration

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
998
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Source: Cisco Connected World Report, Part 3http://newsroom.cisco.com/dlls/2010/ts_101910.html
  • Overall picture: list of Cisco security solutions with perhaps the architecture as a backdrop.Cisco TrustSec, Cisco AnyConnect Secure Mobility, Cisco Virtual Office, PCI DSS Compliance, Threat Defense (Firewall, IPS), Cisco Content Security (email/web), Cisco Data Center Security, Cisco Virtualization and Cloud Security
  • Securing the Cloud Within and Between Data Centers

    1. 1. Securing the Cloud Within and Between Data CentersPrashant GandhiSr. Director, Server Access & VirtualizationFebruary 2012
    2. 2. • Data Center & Cloud Trends• Security Challenges• Security Solutions Nexus 1000V – secure switching for VMs Virtual Security Gateway (VSG) – virtual firewall• What’s New Virtual ASA, vCloud Director Integration• Resources© 2010 Cisco and/or its affiliates. All rights reserved. 2
    3. 3. PHYSICAL VIRTUAL CLOUD WORKLOAD WORKLOAD WORKLOAD • One app per Server • Many apps per Server • Multi-tenant per Server • Static • Mobile • Elastic • Manual provisioning • Dynamic provisioning • Automated Scaling HYPERVISOR VDC-1 VDC-2 CONSISTENCY: Policy, Features, Security, Management© 2010 Cisco and/or its affiliates. All rights reserved. 3
    4. 4. Data Center Technology Investment Drivers Incease Security 76% Decrease Downtime 70% Data Storage/Backup 69% Decrease Operating Costs 68% Virtualization 66% Drivers Improve Management Capability 66% Consolidate Data Centers 65% Iimprove Scalability 62% Consolidate Equipment 59% Centralize IT Services 58% Enable a New Application 55% Higher Energy Efficiency/Green Initiatives 50% 0% 10% 20% 30% 40% 50% 60% 70% 80% Percent of Respondents Rating 6 or 7Source: Data Center Deployment Strategies: North American Enterprise Survey, Infonetics, February 2011.© 2010 Cisco and/or its affiliates. All rights reserved. 4
    5. 5. Highly Scalable Partner Solution Processes Massive Workloads Elements App App App Desktop O/S Desktop Virtualization Dynamic Hypervisor Delivers On-Demand Services Storage VDI Broker Intelligent Supports Different Unified Unified Unified Applications and Data Types Fabric Network Services Computing Cisco Data Center Security: Business Advantage Framework Requires the Same Demands Consolidation, Virtualization, Automation, and Cloud© 2010 Cisco and/or its affiliates. All rights reserved. 5
    6. 6. Network Security Virtualization Security Secure Access • ASA 5585-X with • Nexus® 1000V switch: • Cisco AnyConnect firewall and IPS a distributed virtual • TrustSec switch • ASA Services • Identity Services Module • Virtual Security Engine Gateway (VSG): • Cisco Security Zone-based virtual FW • SaaS gateway Intelligence (cloud security) Operations (SIO) • ASA 1000V: Tenant- edge virtual FW • Cisco Security Single Manager point, integrated, sec urity© 2010 Cisco and/or its affiliates. All rights reserved. 6
    7. 7. PHYSICAL VIRTUAL CLOUD WORKLOAD WORKLOAD WORKLOAD • One app per Server • Many apps per Server • Multi-tenant per Server • Static • Mobile • Elastic • Manual provisioning • Dynamic provisioning • Automated Scaling HYPERVISOR VDC-1 VDC-2 Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX WAAS, ASA, NAM, ACE Virtual WAAS, VSG, ASA 1000V UCS for Bare Metal UCS for Virtualized Workloads© 2010 Cisco and/or its affiliates. All rights reserved. 7
    8. 8. • Policy applied to VM zones Virtual • Dynamic, scale-out operation VSG, Security • VM context based controls ASA 1000V • Segment internal network FWSM Internal • Policy applied to VLANs ASA-SM Security • Application protocol inspection • Virtual Contexts ASA 55xx • Filter external traffic Internet • Extensive app protocol support Edge • VPN access, Threat mitigation ASA 55xx© 2010 Cisco and/or its affiliates. All rights reserved. 8 *Demonstrated at VMWorld 2011
    9. 9. click here© © 2010 Cisco and/or its affiliates. All rights reserved. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

    ×