Take a holistic, system based approach to data center security with Cisco Application Centric Infrastructure security solutions. These solutions provide a common policy based operational model across Cisco Application Centric Infrastructure ready networks. As a result, you can reduce cost and complexity without compromising data center functionality. Cisco Application Centric Infrastructure security solutions can be managed as a pool of resources, allowing administrators to intelligently stitch them to applications and transactions using the Cisco Application Policy Infrastructure Controller (APIC). Cisco ACI security solutions scale on demand, has programmable automation, and provides transparent policy based security for both physical and virtual environments. ACI security solutions allow organizations to take full advantage of the power, flexibility, and performance of their new Cisco ACI data center environments without compromising functionality or security.
The Cisco Adaptive Security Virtual Appliance (ASAv). This appliance brings the power of Cisco ASA to the virtual domain and private cloud environments. It runs the same software as the physical appliance to deliver proven security functionality. You can use it to protect virtual workloads within your network. Later, you can expand, contract, or shift the location of these workloads over time and span physical, virtual, and public cloud infrastructures. In the past, computing infrastructure elements were implemented with specialized hardware built for that purpose. With the advent of x86 server virtualization and the need for more power. Businesses are deploying their computing, storage, and network infrastructure with virtualization for the benefits they gain. These include deployment flexibility, increased server utilization, and ease of management. The Cisco Adaptive Security Virtual Appliance runs as a VM inside a hypervisor in a virtual host.
Cisco Application Centric Infrastructure Security
The appliance has been fully and transparently integrated into the fabric of the next—generation Cisco ACI data center architecture. For those deployments, the Cisco Application Policy Infrastructure Controller provides a single point of control for both network and security management. It can provision the appliance’s security as a service, manage policy, and monitor the entire network and security environment for a unified view. This approach removes the limitations of traditional network oriented security solutions, allowing for significantly streamlined provisioning. In the Cisco Application Centric Infrastructure topology independent environment, Cisco ASAv services are managed as a pool of security resources. These resources can be selected and attached to specific applications or transactions to provide dynamic, scalable, policy based security. It supports both traditional and next—gen software SDN and Cisco ACI environments to provide policy enforcement and threat inspection across multi site environments.
Cisco Application Policy Infrastructure Controller
The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the ACI fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application life cycle for scale and performance, and supports flexible application provisioning across physical and virtual resources. Centralized application—level policy engine for physical, virtual, and cloud infrastructures. Detailed visibility, telemetry, and health scores by application and by tenant. Designed around open standards and open APIs. Robust implementation of multi—tenant security, quality of service (QoS), and high availability. Integration with management systems such as VMware, Microsoft, and OpenStack is available. Designed for automation, programmability, and centralized management, the Cisco APIC itself exposes northbound APIs through XML and JSON. It provides both a command-line interface (CLI) and GUI which utilize the APIs to manage the fabric holistically.
Cisco Adaptive Security Virtual Appliance
Purpose built for data center security. The Cisco Adaptive Security Virtual Appliance brings full Cisco ASA firewall and VPN capabilities to virtualized environments. This helps safeguard traffic and multi tenant architectures. Optimized for data center deployments, it’s designed to work in multiple hypervisor environments, reduce administrative overhead, and increase operational efficiency. The Cisco Adaptive Security Virtual Appliance runs as a VM inside a hypervisor in a virtual host. Virtual switch independent, it may be deployed in Cisco, hybrid, and non Cisco based data centers. VMware, KVM, Microsoft Hyper V, Amazon Web Services, and other cloud platforms offer flexibility and choice. Predetermined configurations accelerate and simplify security service provisioning to match the speed of application deployment. These configurations provide the appliance with critical security functions that dynamically scale to protect assets as business demands change.
Cisco Application Centric Infrastructure SDN
The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the Application Centric Infrastructure (ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources. Designed for automation, programmability, and centralized management, the Cisco APIC itself exposes northbound APIs through XML and JSON. It provides both a command—line interface (CLI) and GUI which utilize the APIs to manage the fabric holistically. OpFlex is a new open and extensible southbound protocol that supplies policy directly to data center networks.
Unlike commonly used SDN protocols, it supplies application policy, not low—level configuration, to network devices. This allows devices to self—configure and freely expose new innovation. By centralizing policy but distributing control, networks can become much more scalable, resilient, and interoperable. Cisco and partners are submitting OpFlex to the IETF for standardization to OpenDaylight for open source SDN implementations. An OpFlex agent will be available free from Github for leading hypervisors, switches, and Layer 4 to 7 services. A reference implementation on OVS will be available. Cisco APIC is completely removed from the data path. This means the fabric can still forward traffic even when communication with the Cisco APIC is lost.
Cisco ACI, a industry—leading software-defined networking (SDN) solution, offers a unique blend of mapping hardware and software capabilities through a unified application—based policy model. Cisco ACI increases business agility and lowers TCO by automating IT tasks, enhancing security, and increasing operational efficiency. Automate IT workflows and help organizations shorten app deployment from weeks to minutes. Secure applications through whitelist model, policy enforcement, and micro-segmentation. Build programmable SDN fabrics leveraging open APIs and over 65 Cisco ACI global partner ecosystems.
Deploy, scale, and migrate applications seamlessly across multiple hybrid data centers. Cisco Application Policy Infrastructure Controller (APIC) provides single—click access to all Cisco ACI fabric information, enabling network automation, programmability, and centralized management. Integrate virtual and physical workloads in a programmable, multihypervisor fabric to build a multi service cloud data center. Smoothly transition from a traditional data center to SDN with a common, policy—enforced approach. Migrate to Cisco ACI and build on your existing Cisco NX—OS infrastructure.
For organizations implementing Cisco Application Centric Infrastructure fabric architecture, the updated Cisco ASA 5585—X and Cisco Adaptive Security Virtual Appliance (ASAv) solutions can be fully integrated into the Cisco Application Centric Infrastructure fabric. Cisco Adaptive Security Device Manager—this no cost GUI based single device management option can be used for configuring, monitoring, and troubleshooting the virtual and physical appliances. Cisco Security Manager—you can use this solution for comprehensive multi device deployment and management of both the virtual appliance and the physical Cisco ASA 5500—X appliances.
Command line interface—a flexible command based management interface uses scripting for quick provisioning and automation of the appliances. The virtual appliance, along with the physical Cisco ASA 5500—X next generation firewalls can be managed by security administrators as a pool of resources that scale on demand. It provides programmable automation for deployment and management and uses a common policy based operational model across physical and virtual environments, reducing cost and complexity.
The Cisco Intercloud Fabric And Hybrid Cloud installation documentation and videos go a long way to get you started, however I wanted to provide a bit more information to help you prepare for Cisco Intercloud Fabric installation, configuration and connection to either Amazon AWS or Microsoft Azure or both. First you’ll need an account at the cloud provider; the account needs and capabilities are different for each provider. Amazon AWS—standard AWS account, account policy requirements.
You will need full Amazon EC2 access policy, full AWS S3 access policy—if you are going to deploy Microsoft Windows images, full Amazon AWS Marketplace—if you are going to deploy Intercloud Cisco Fabric Router, and to deploy the Intercloud Fabric Router in Amazon AWS Market place you will need to accept the terms for the image. Cisco Intercloud Fabric Router and Cisco Intercloud Fabric Firewall are not yet deployable in Microsoft Azure, download the presentation on Cisco’s website for a step by step guide to getting an AWS or Azure account. Cisco Intercloud Fabric And Hybrid Cloud—Cloud Access Keys.
Reduce risks and contain threats by dynamically controlling network access. Cisco ISE Identity Services Engine can assess vulnerabilities and apply threat intelligence. It can also contain a suspicious device for remediation. We call this Cisco Rapid Threat Containment. Get answers fast about threats on your network and stop them even faster. Cisco Rapid Threat Containment uses an open integration of Cisco’s security products, technologies from Cisco security partners, and the network control of the Cisco Identity Services Engine (ISE). In addition, you can protect critical data through the solution’s Cisco Threat Centric NAC feature; Dynamically change your users’ access privileges when their threat or vulnerability scores go up.
Cisco ISE transforms the network from a simple conduit for data into a security enforcer that accelerates the time to detection and time to resolution of threats. The Cisco pxGrid (Platform Exchange Grid) is an open, scalable, and IETF standards driven data sharing and threat control platform. Now your multiple security products can work together. With Cisco pxGrid, security operations teams can also automate to get answers and contain threats faster.
To meet its growth demands for applications, hosting and cloud services, a client became the first telecom company in the world to deploy Cisco Application Centric Infrastructure (ACI) and Cisco Nexus 9000 series switches as the foundation for its next-generation data center. A client used the expertise of end—to—end Cisco Services to deploy Cisco ACI, which provided a turnkey approach that was agile, cost—effective, and scalable.
The client used the expertise of end—to—end Cisco Services to deploy Cisco ACI, which provided a turnkey approach that was agile, cost—effective, and scalable. Increasing its competitive advantage, Du now has an application—focused fabric and a foundation for cloud automation and orchestration that supports an extensible, highly secure multitenant environment based on open standards.