SlideShare a Scribd company logo

Cisco Virtual Network Services for the Cloud

Download as PPTX, PDF
Soumen Chatterjee
Soumen Chatterjee

The document discusses Cisco's virtualized network services that are designed for cloud environments. It introduces several virtual appliances that provide network services including the Virtual Supervisor Module (VSM), Virtual Security Gateway (VSG), virtual WAAS (vWAAS), ASA 1000V, and Nexus 1000V. These virtual appliances can provide services like distributed switching, firewalling, VPN, WAN optimization, and security policies on a per-tenant basis to virtualized and multi-tenant cloud environments.

Technology
1 of 19
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 1 Cisco Virtualized Network Services: Ready for Your Cloud Soumen Chatterjee Product Manager, Data Center Group
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Virtual Appliance Nexus 1010 vWAAS VSG VSM NAM NAM VSG VSG Primary Secondary VSM VSM 2 L3Connectivity VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module vPath: Virtual Service Data-path VXLAN: Scalable Segmentation VSG: Virtual Security Gateway vWAAS: Virtual WAAS ASA 1000V: Tenant-edge security Virtual Service Blades Virtual Supervisor Module (VSM) Network Analysis Module (NAM) Virtual Security Gateway (VSG) Data Center Network Manager (DCNM) VEM-2 vPath Win Server 2012 VXLAN VEM-1 vPath VMware ESX VXLAN ASA 1000V VXLAN • 16M address space for LAN segments • Network Virtualization (Mac-over- UDP) vPath • Service Binding (Traffic Steering) • Fast-Path Offload VEM-3 vPath Open Source Hyp VXLAN
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 External / multi-tenant edge deploymentZone based segmentation of VMs Virtual Security Gateway ASA 1000V Hypervisor Nexus 1000V Virtual Network Mgmt Ctr (VNMC) vPath
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Virtual Network Management Center (VNMC) VM context aware rulesContext aware Security Establish zones of trustZone based Controls Policies follow vMotionDynamic, Agile Efficient, Fast, Scale-out SW (with vPath intelligence) Best-in-class Architecture Security team manages security Non-Disruptive Operations Central mgmt, scalable deployment, multi-tenancy Policy Based Administration Virtual Security Gateway (VSG) XML API, security profilesDesigned for Automation
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Virtual Security Gateway for Nexus 1000V Context-based, Virtualization-aware, Multi-tenant, Workload Segmentation for Data Centers and Clouds Nexus 1000V Distributed Virtual Switch VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VMVM VM vPath VNMC Log/Audit VSG (active) Secure Segmentation (VLAN agnostic) Efficient Deployment (secure multiple hosts) Transparent Insertion (topology agnostic) High Availability Dynamic policy-based provisioning Mobility aware (policies follow vMotion) VSG (Stand-by) VNMC: Virtual Network Management Center
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Secure zoning of 3-Tier Application Workload Web ServerWeb Server App ServerApp Server DB serverDB server Port 80 (HTTP) and 443 (HTTPS) of Web Servers open Only Port 22 (SSH) of App Servers open All other traffic denied Only Permit Web Servers access to App servers via HTTP/HTTPS Only Permit App servers access to DB servers Tenant_A Web ServerWeb Server App ServerApp Server DB serverDB server Tenant_B ASA Firewall for Inter-tenant Edge Control (VLAN based) VSG for secure zoning VSG for secure zoning
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7  Source Condition Destination Condition Action Rule Operator eq neq gt lt range Not-in-range Prefix Operator member Not-member Contains Condition  Attribute Type Network VM User Defined vZone VM Attributes Instance Name Guest OS full name Guest OS Host name Parent App Name Cluster Name Hypervisor Name Resource-pool Port Profile Name Zone Name Network Attributes IP Address Network Port ACE: Access Control Entry
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Security Management • Visibility • Event correlation, syslog, centralized authentication • Forensics • Anomaly detection • Compliance Infrastructure Security • Infrastructure Security features are enabled to protect device, traffic plane and control plane • 802.1ae and vPC provides internal/external separation Services • IPS/IDS provide traffic analysis and forensics • Network Analysis provide traffic monitoring and data analysis • Server load balancing masks servers and applications Services • Initial filter for DC ingress and egress traffic. Virtual Context used to split polices for server- to-server filtering • Additional firewall services for server farm specific protection UCSVirtual Access Storage Access Services Aggregation Core Data security authenticate & access control Virtual Firewall Real-time Monitoring Firewall Rules ACLs, Port Security, VN Tag, Netflow, ERSPAN, QoS, CoPP, DHCP snooping
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Public/Shared VRF vPath Protected VRF (control point) Nexus 1000v VSG ASA Context (per tenant) Public Zone (DMZ) Protected FE Zone 1 Zone 2 Zone 3 Sub-Zone W Sub-Zone X Sub-Zone Y Sub-Zone Z Private (Tenant VRF) Less Trusted Zones Front-end Zones Back-end Zones Front-end Tenant Perimeter Back-end Tenant Perimeter Back-end Management Perimeter
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 10
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 •Virtual ASA provides consistent ASA feature set to secure the tenant edge •VSG complements Virtual ASA to secure intra- tenant VM-to-VM traffic •Solution provides:  Increase flexibility and operational efficiency via vPath (Nexus1000V) Dynamic, context-aware, multi-tenant management via VNMC Tenant BTenant A VDC vApp vApp vSphere Nexus 1000V vPath VDC Virtual Network Management Center (VNMC) VMware vCenter VSG VSG VSG VSG ASA 1000V ASA 1000V
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 IPSec VPN (Site-to-Site) NAT DHCP Default Gateway Static Routing Stateful Inspection IP Audit Built using ASA technology Support for VXLAN Multi-tenant management via VNMC Inter-operability with VSG via Service Chaining
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 13
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Cloud-ready WAN Optimization ESX ESXi Hypervisor w/Nexus 1000 UCS /x86 Servers Virtual WAAS “Appliances” vPath Virtual WAAS on Nexus 1000V with vPath FEATURES  Allows Agile, Elastic, & Multi Tenant Deployment  Supports DRE Cache in SAN  Policy-based Provisioning w/ Nexus 1000V  Extends WAAS Solution Portfolio BUSINESS BENEFITS  Business Agility with on-demand orchestration  Lower operational cost, reduced migration risk  Fault-tolerance with VM mobility awareness
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 WAN or Internet UCS Compute/ Virtualized Servers Nexus 2K/5K UCS Compute/ Physical servers WCCP VMware ESXi Server UCS /x86 Server Stand-alone • Traditional WAN Edge Deployment at Branch and DC  Gradual migration from Physical to Virtual  Multi-tenancy support vPath-integrated  Re-direction using vPath @VM level  Elastic provisioning  Multi-tenancy support 1 2 VMware ESXi Server Nexus 1000V VMware ESXi VMware ESXi Server Nexus 1000V UCS /x86 Server vPATH vPATH vPATH
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Nexus 1000V • Distributed switch • NX-OS consistency VSG • VM-level controls • Zone-based FW ASA 1000V • Edge firewall, VPN • Protocol Inspection vWAAS • WAN optimization • Application traffic Multi-Hypervisor WAN Router Switches Servers Tenant A ASA 1000V Zone BZone A Nexus 1000VvPath Physical Infrastructure Virtualized/Cloud Data Center vWAAS VSG VXLAN CSR 1000V (Cloud Router) • WAN L3 gateway • Routing and VPN
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 17
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 DC ASR Branch ISR Enterprise B Enterprise A Branch ISR Tenant A WAN Router Switches Servers Tenant B CSR 1000V Physical Infrastructure Virtual Infrastructure Cloud Provider’s Data Center CSR 1000V Enterprise Use Cases • Secure VPN Gateway • L3 Extension • Tenant Firewall Cloud Provider Use Cases • Secure VPN Gateway • MPLS Extension • Tenant Firewall MPLS Internet Can be deployed by Enterprises or Cloud Providers ASA 1000V ASA 1000V
Thank you.

Recommended

Presentation cisco data center security deep dive
Presentation cisco data center security deep divePresentation cisco data center security deep dive
Presentation cisco data center security deep divexKinAnx
 
Cisco nexus 1000v
Cisco nexus 1000vCisco nexus 1000v
Cisco nexus 1000vikewu83
 
Presentation cisco nexus enabling the cloud infrastructure
Presentation cisco nexus enabling the cloud infrastructurePresentation cisco nexus enabling the cloud infrastructure
Presentation cisco nexus enabling the cloud infrastructurexKinAnx
 
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...Farooq Khan
 
Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Solomon Abavire Kobina,
 
Cisco prime network 4
Cisco prime network 4Cisco prime network 4
Cisco prime network 4solarisyougood
 
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Tech Summit 2016
 

Recommended

Presentation cisco data center security deep dive
Presentation cisco data center security deep divePresentation cisco data center security deep dive
Presentation cisco data center security deep divexKinAnx
 
Cisco nexus 1000v
Cisco nexus 1000vCisco nexus 1000v
Cisco nexus 1000vikewu83
 
Presentation cisco nexus enabling the cloud infrastructure
Presentation cisco nexus enabling the cloud infrastructurePresentation cisco nexus enabling the cloud infrastructure
Presentation cisco nexus enabling the cloud infrastructurexKinAnx
 
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...
SDWAN Concept - Certificate and keys Roles in Controllers and vEdge Router Au...Farooq Khan
 
Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Brkcrt 1160 c3-rev2
Brkcrt 1160 c3-rev2Solomon Abavire Kobina,
 
Cisco prime network 4
Cisco prime network 4Cisco prime network 4
Cisco prime network 4solarisyougood
 
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld
 
Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Cld006 azure v_net___express_route_最新情報
Cld006 azure v_net___express_route_最新情報Tech Summit 2016
 
Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep divesolarisyougood
 
Nexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentNexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentSal Lopez
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignCisco Canada
 
Introducing Ensemble Simulator – ADVA’s virtual networking environment
Introducing Ensemble Simulator – ADVA’s virtual networking environmentIntroducing Ensemble Simulator – ADVA’s virtual networking environment
Introducing Ensemble Simulator – ADVA’s virtual networking environmentADVA
 
Cisco prime network 4.1 technical overview
Cisco prime network 4.1 technical overviewCisco prime network 4.1 technical overview
Cisco prime network 4.1 technical overviewsolarisyougood
 
Citrix Day 2014: NetScaler Cisco ACE
Citrix Day 2014: NetScaler Cisco ACECitrix Day 2014: NetScaler Cisco ACE
Citrix Day 2014: NetScaler Cisco ACEDigicomp Academy AG
 
Cisco mds 9148 s training workshop
Cisco mds 9148 s training workshopCisco mds 9148 s training workshop
Cisco mds 9148 s training workshopsolarisyougood
 
TFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary HemmingerTFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary HemmingerColorado Internet Society (CO ISOC)
 
Specific devices and used applications
Specific devices and used applicationsSpecific devices and used applications
Specific devices and used applicationsAndrej Milojeski
 
Emc vmax3 technical deep workshop
Emc vmax3 technical deep workshopEmc vmax3 technical deep workshop
Emc vmax3 technical deep workshopsolarisyougood
 
Implementing the Hybrid Data Center
Implementing the Hybrid Data CenterImplementing the Hybrid Data Center
Implementing the Hybrid Data CenterCisco Canada
 
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...SolarWinds
 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewallAnwesh Dixit
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers PresentationSimplex
 
Cisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment WorkflowCisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment WorkflowFarooq Khan
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...IT Tech
 
Cisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIsCisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIsPrivate
 
Cisco mds 9148s Technical Overview
Cisco mds 9148s Technical OverviewCisco mds 9148s Technical Overview
Cisco mds 9148s Technical Overviewsolarisyougood
 
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions Mellanox Technologies
 
Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data CenterCisco Russia
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000VASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000VASBIS SK
 

More Related Content

What's hot

Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep divesolarisyougood
 
Nexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentNexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentSal Lopez
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignCisco Canada
 
Introducing Ensemble Simulator – ADVA’s virtual networking environment
Introducing Ensemble Simulator – ADVA’s virtual networking environmentIntroducing Ensemble Simulator – ADVA’s virtual networking environment
Introducing Ensemble Simulator – ADVA’s virtual networking environmentADVA
 
Cisco prime network 4.1 technical overview
Cisco prime network 4.1 technical overviewCisco prime network 4.1 technical overview
Cisco prime network 4.1 technical overviewsolarisyougood
 
Citrix Day 2014: NetScaler Cisco ACE
Citrix Day 2014: NetScaler Cisco ACECitrix Day 2014: NetScaler Cisco ACE
Citrix Day 2014: NetScaler Cisco ACEDigicomp Academy AG
 
Cisco mds 9148 s training workshop
Cisco mds 9148 s training workshopCisco mds 9148 s training workshop
Cisco mds 9148 s training workshopsolarisyougood
 
Specific devices and used applications
Specific devices and used applicationsSpecific devices and used applications
Specific devices and used applicationsAndrej Milojeski
 
Emc vmax3 technical deep workshop
Emc vmax3 technical deep workshopEmc vmax3 technical deep workshop
Emc vmax3 technical deep workshopsolarisyougood
 
Implementing the Hybrid Data Center
Implementing the Hybrid Data CenterImplementing the Hybrid Data Center
Implementing the Hybrid Data CenterCisco Canada
 
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...SolarWinds
 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewallAnwesh Dixit
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers PresentationSimplex
 
Cisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment WorkflowCisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment WorkflowFarooq Khan
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...IT Tech
 
Cisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIsCisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIsPrivate
 
Cisco mds 9148s Technical Overview
Cisco mds 9148s Technical OverviewCisco mds 9148s Technical Overview
Cisco mds 9148s Technical Overviewsolarisyougood
 
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions Mellanox Technologies
 

What's hot (19)

Cisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep diveCisco prime-nms-overview-hi-techdays deep dive
Cisco prime-nms-overview-hi-techdays deep dive
 
Nexus 1010 Overview and Deployment
Nexus 1010 Overview and DeploymentNexus 1010 Overview and Deployment
Nexus 1010 Overview and Deployment
 
Hosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture DesignHosted Security as a Service - Solution Architecture Design
Hosted Security as a Service - Solution Architecture Design
 
Introducing Ensemble Simulator – ADVA’s virtual networking environment
Introducing Ensemble Simulator – ADVA’s virtual networking environmentIntroducing Ensemble Simulator – ADVA’s virtual networking environment
Introducing Ensemble Simulator – ADVA’s virtual networking environment
 
Cisco prime network 4.1 technical overview
Cisco prime network 4.1 technical overviewCisco prime network 4.1 technical overview
Cisco prime network 4.1 technical overview
 
Citrix Day 2014: NetScaler Cisco ACE
Citrix Day 2014: NetScaler Cisco ACECitrix Day 2014: NetScaler Cisco ACE
Citrix Day 2014: NetScaler Cisco ACE
 
Cisco mds 9148 s training workshop
Cisco mds 9148 s training workshopCisco mds 9148 s training workshop
Cisco mds 9148 s training workshop
 
TFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary HemmingerTFI2014 Session I - State of SDN - Gary Hemminger
TFI2014 Session I - State of SDN - Gary Hemminger
 
Specific devices and used applications
Specific devices and used applicationsSpecific devices and used applications
Specific devices and used applications
 
Emc vmax3 technical deep workshop
Emc vmax3 technical deep workshopEmc vmax3 technical deep workshop
Emc vmax3 technical deep workshop
 
Implementing the Hybrid Data Center
Implementing the Hybrid Data CenterImplementing the Hybrid Data Center
Implementing the Hybrid Data Center
 
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...
SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...
 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewall
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers Presentation
 
Cisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment WorkflowCisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment Workflow
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
 
Cisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIsCisco CSR1000V, VMware, and RESTful APIs
Cisco CSR1000V, VMware, and RESTful APIs
 
Cisco mds 9148s Technical Overview
Cisco mds 9148s Technical OverviewCisco mds 9148s Technical Overview
Cisco mds 9148s Technical Overview
 
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions
Deploying HPC Cluster with Mellanox InfiniBand Interconnect Solutions
 

Similar to Cisco Virtual Network Services for the Cloud

Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data CenterCisco Russia
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000VASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000VASBIS SK
 
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...PROIDEA
 
Nexus 1000V Support for VMWare vSphere 6
Nexus 1000V Support for VMWare vSphere 6Nexus 1000V Support for VMWare vSphere 6
Nexus 1000V Support for VMWare vSphere 6Tony Antony
 
Presentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundationPresentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundationxKinAnx
 
Cisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaCisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaldangelo0772
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:Cisco Canada
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionCisco Canada
 
Cisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloudCisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloudsolarisyougood
 
#NSD14 - Sécuriser l'infrastructure réseau des datacenters
#NSD14 - Sécuriser l'infrastructure réseau des datacenters#NSD14 - Sécuriser l'infrastructure réseau des datacenters
#NSD14 - Sécuriser l'infrastructure réseau des datacentersNetSecure Day
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyCisco Canada
 
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptxNSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptxAvi Networks
 

Similar to Cisco Virtual Network Services for the Cloud (20)

Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data Center
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000VASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
ASBIS: Virtualization Aware Networking - Cisco Nexus 1000V
 
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
PLNOG 8: Gaweł Mikołajczyk - Securing the Cloud Infrastructure - from Hyperv...
 
Nexus 1000V Support for VMWare vSphere 6
Nexus 1000V Support for VMWare vSphere 6Nexus 1000V Support for VMWare vSphere 6
Nexus 1000V Support for VMWare vSphere 6
 
Presentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundationPresentation data center virtualization –setting the foundation
Presentation data center virtualization –setting the foundation
 
Cisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaCisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnha
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
vSRX
vSRXvSRX
vSRX
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 
Cisco NetApp VMware - Long Distance VMotion
Cisco NetApp VMware - Long Distance VMotionCisco NetApp VMware - Long Distance VMotion
Cisco NetApp VMware - Long Distance VMotion
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
Contrail Enabler for agile cloud services
Contrail Enabler for agile cloud servicesContrail Enabler for agile cloud services
Contrail Enabler for agile cloud services
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN Solution
 
Cisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloudCisco Evolving virtual switching to applications & cloud
Cisco Evolving virtual switching to applications & cloud
 
#NSD14 - Sécuriser l'infrastructure réseau des datacenters
#NSD14 - Sécuriser l'infrastructure réseau des datacenters#NSD14 - Sécuriser l'infrastructure réseau des datacenters
#NSD14 - Sécuriser l'infrastructure réseau des datacenters
 
Understanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN TechnologyUnderstanding Cisco’ Next Generation SD-WAN Technology
Understanding Cisco’ Next Generation SD-WAN Technology
 
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptxNSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
NSX_Advanced_Load_Balancer_Solution_with_Oracle.pptx
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Cisco Virtual Network Services for the Cloud

  • 1. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 1 Cisco Virtualized Network Services: Ready for Your Cloud Soumen Chatterjee Product Manager, Data Center Group
  • 2. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Virtual Appliance Nexus 1010 vWAAS VSG VSM NAM NAM VSG VSG Primary Secondary VSM VSM 2 L3Connectivity VSM: Virtual Supervisor Module VEM: Virtual Ethernet Module vPath: Virtual Service Data-path VXLAN: Scalable Segmentation VSG: Virtual Security Gateway vWAAS: Virtual WAAS ASA 1000V: Tenant-edge security Virtual Service Blades Virtual Supervisor Module (VSM) Network Analysis Module (NAM) Virtual Security Gateway (VSG) Data Center Network Manager (DCNM) VEM-2 vPath Win Server 2012 VXLAN VEM-1 vPath VMware ESX VXLAN ASA 1000V VXLAN • 16M address space for LAN segments • Network Virtualization (Mac-over- UDP) vPath • Service Binding (Traffic Steering) • Fast-Path Offload VEM-3 vPath Open Source Hyp VXLAN
  • 3. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 External / multi-tenant edge deploymentZone based segmentation of VMs Virtual Security Gateway ASA 1000V Hypervisor Nexus 1000V Virtual Network Mgmt Ctr (VNMC) vPath
  • 4. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Virtual Network Management Center (VNMC) VM context aware rulesContext aware Security Establish zones of trustZone based Controls Policies follow vMotionDynamic, Agile Efficient, Fast, Scale-out SW (with vPath intelligence) Best-in-class Architecture Security team manages security Non-Disruptive Operations Central mgmt, scalable deployment, multi-tenancy Policy Based Administration Virtual Security Gateway (VSG) XML API, security profilesDesigned for Automation
  • 5. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Virtual Security Gateway for Nexus 1000V Context-based, Virtualization-aware, Multi-tenant, Workload Segmentation for Data Centers and Clouds Nexus 1000V Distributed Virtual Switch VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VM VMVM VM vPath VNMC Log/Audit VSG (active) Secure Segmentation (VLAN agnostic) Efficient Deployment (secure multiple hosts) Transparent Insertion (topology agnostic) High Availability Dynamic policy-based provisioning Mobility aware (policies follow vMotion) VSG (Stand-by) VNMC: Virtual Network Management Center
  • 6. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Secure zoning of 3-Tier Application Workload Web ServerWeb Server App ServerApp Server DB serverDB server Port 80 (HTTP) and 443 (HTTPS) of Web Servers open Only Port 22 (SSH) of App Servers open All other traffic denied Only Permit Web Servers access to App servers via HTTP/HTTPS Only Permit App servers access to DB servers Tenant_A Web ServerWeb Server App ServerApp Server DB serverDB server Tenant_B ASA Firewall for Inter-tenant Edge Control (VLAN based) VSG for secure zoning VSG for secure zoning
  • 7. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7  Source Condition Destination Condition Action Rule Operator eq neq gt lt range Not-in-range Prefix Operator member Not-member Contains Condition  Attribute Type Network VM User Defined vZone VM Attributes Instance Name Guest OS full name Guest OS Host name Parent App Name Cluster Name Hypervisor Name Resource-pool Port Profile Name Zone Name Network Attributes IP Address Network Port ACE: Access Control Entry
  • 8. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Security Management • Visibility • Event correlation, syslog, centralized authentication • Forensics • Anomaly detection • Compliance Infrastructure Security • Infrastructure Security features are enabled to protect device, traffic plane and control plane • 802.1ae and vPC provides internal/external separation Services • IPS/IDS provide traffic analysis and forensics • Network Analysis provide traffic monitoring and data analysis • Server load balancing masks servers and applications Services • Initial filter for DC ingress and egress traffic. Virtual Context used to split polices for server- to-server filtering • Additional firewall services for server farm specific protection UCSVirtual Access Storage Access Services Aggregation Core Data security authenticate & access control Virtual Firewall Real-time Monitoring Firewall Rules ACLs, Port Security, VN Tag, Netflow, ERSPAN, QoS, CoPP, DHCP snooping
  • 9. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Public/Shared VRF vPath Protected VRF (control point) Nexus 1000v VSG ASA Context (per tenant) Public Zone (DMZ) Protected FE Zone 1 Zone 2 Zone 3 Sub-Zone W Sub-Zone X Sub-Zone Y Sub-Zone Z Private (Tenant VRF) Less Trusted Zones Front-end Zones Back-end Zones Front-end Tenant Perimeter Back-end Tenant Perimeter Back-end Management Perimeter
  • 10. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 10
  • 11. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 •Virtual ASA provides consistent ASA feature set to secure the tenant edge •VSG complements Virtual ASA to secure intra- tenant VM-to-VM traffic •Solution provides:  Increase flexibility and operational efficiency via vPath (Nexus1000V) Dynamic, context-aware, multi-tenant management via VNMC Tenant BTenant A VDC vApp vApp vSphere Nexus 1000V vPath VDC Virtual Network Management Center (VNMC) VMware vCenter VSG VSG VSG VSG ASA 1000V ASA 1000V
  • 12. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 IPSec VPN (Site-to-Site) NAT DHCP Default Gateway Static Routing Stateful Inspection IP Audit Built using ASA technology Support for VXLAN Multi-tenant management via VNMC Inter-operability with VSG via Service Chaining
  • 13. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 13
  • 14. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Cloud-ready WAN Optimization ESX ESXi Hypervisor w/Nexus 1000 UCS /x86 Servers Virtual WAAS “Appliances” vPath Virtual WAAS on Nexus 1000V with vPath FEATURES  Allows Agile, Elastic, & Multi Tenant Deployment  Supports DRE Cache in SAN  Policy-based Provisioning w/ Nexus 1000V  Extends WAAS Solution Portfolio BUSINESS BENEFITS  Business Agility with on-demand orchestration  Lower operational cost, reduced migration risk  Fault-tolerance with VM mobility awareness
  • 15. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 WAN or Internet UCS Compute/ Virtualized Servers Nexus 2K/5K UCS Compute/ Physical servers WCCP VMware ESXi Server UCS /x86 Server Stand-alone • Traditional WAN Edge Deployment at Branch and DC  Gradual migration from Physical to Virtual  Multi-tenancy support vPath-integrated  Re-direction using vPath @VM level  Elastic provisioning  Multi-tenancy support 1 2 VMware ESXi Server Nexus 1000V VMware ESXi VMware ESXi Server Nexus 1000V UCS /x86 Server vPATH vPATH vPATH
  • 16. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Nexus 1000V • Distributed switch • NX-OS consistency VSG • VM-level controls • Zone-based FW ASA 1000V • Edge firewall, VPN • Protocol Inspection vWAAS • WAN optimization • Application traffic Multi-Hypervisor WAN Router Switches Servers Tenant A ASA 1000V Zone BZone A Nexus 1000VvPath Physical Infrastructure Virtualized/Cloud Data Center vWAAS VSG VXLAN CSR 1000V (Cloud Router) • WAN L3 gateway • Routing and VPN
  • 17. Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 17
  • 18. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 DC ASR Branch ISR Enterprise B Enterprise A Branch ISR Tenant A WAN Router Switches Servers Tenant B CSR 1000V Physical Infrastructure Virtual Infrastructure Cloud Provider’s Data Center CSR 1000V Enterprise Use Cases • Secure VPN Gateway • L3 Extension • Tenant Firewall Cloud Provider Use Cases • Secure VPN Gateway • MPLS Extension • Tenant Firewall MPLS Internet Can be deployed by Enterprises or Cloud Providers ASA 1000V ASA 1000V