Cisco looks to secure the data center with new releases
- 12 September, 2012 12:31
The new offerings, all available now, are intended to enable enforcement of end-to-end security for high-capacity data centers and mobile workforces. They include:
" A new software release for Cisco's Adaptive Security Appliance (ASA) firewalls;
" Virtualized ASA for multi-tenant environments;
" Data center-optimized intrusion prevention system (IPS);
" And enhancements to the Cisco AnyConnect Secure Mobility Client software.
CH-CH-CH-CHANGES: How BYOD has changed the IT landscape
Cisco says the products all comply with its SecureX security architecture unveiled in February, 2011. SecureX is designed to provide a context-aware way to safeguard networks increasingly overrun with smartphones, tablets and virtualization.
With a SecureX template, the new products are an attempt to unify network security policies across physical and virtual resources, intra-virtual machine communication, and access to applications by wired and mobile clients.
The ASA firewall's contribution to that unification is Release 9.0 of its operating system software. Release 9.0 is optimized for data center duty, Cisco says, by scaling to 320Gbps of firewall throughput and 60Gbps of IPS throughput, and supporting 1 million connections per second and 50 million concurrent connections.
Release 9.0 also supports clustering of physical ASA devices so scale can be managed as a single entity. Up to eight ASA firewall appliances can be stacked together under a single IP address, Cisco says.
In addition to SecureX context-awareness compliance, Release 9.0 of ASA also supports Cisco's TrustSec security group tags and identity-based firewall capabilities to provide visibility for more granular policy enforcement. The software also provides multi-tenant security to support cloud computing environments, Cisco says.
Release 9.0 also integrates with Cisco Cloud Web security -- formerly known as ScanSafe -- to enable deep content scanning. It also supports IPv6 connections and a variety of cryptographic algorithms.
The ASA 1000V virtual firewall is a software-only firewall that runs on any x86 hardware along with Cisco's Nexus 1000V virtual switch. As a virtual appliance, it is targeted specifically for multi-tenant virtual and cloud environments.
A single ASA 1000V instance can protect many workloads with different security policies across multiple VMware ESX hosts, Cisco says. It's designed to deliver consistent, end-to-end firewall security across heterogeneous physical, virtual and public/private cloud environments.
The IPS 4500 is an intrusion prevention system purpose-built for data centers. It delivers 10Gbps per rack unit in a 2RU form factor. In addition to context-awareness, its mitigation decisions are also based on network reputation.
For managing all of these, Cisco rolled out Cisco Security Manager 4.3 (CSM). CSM provides centralized management from which administrators can monitor a range of Cisco security devices and share information with compliance systems and advanced security analysis systems.
CSM manages the ASA 5500 and 5500-X series firewall appliances; IPS 4200, 4300 and 4500 series appliances; the Cisco AnyConnect Secure Mobility Client; and Cisco Secure Routers. It uses an intuitive wizard to execute image upgrades for individual or groups of ASA firewalls, Cisco says.
Lastly, enhancements to Cisco AnyConnect 3.1 client software are designed to enable secure BYOD deployments. It offers differentiated device access, IPv6 support and the latest encryption techniques, Cisco says.
ASA 9.0 is available to existing customers with SmartNet contracts at no additional charge. The ASA 1000V starts at $2,000 per CPU socket.
CSM is licensed and priced based on the number of devices managed. The IPS 4500 starts at $79,995.
AnyConnect pricing is based per active user and varies by deployment, but starts at under $1 per user per year, Cisco says.
Read more about wide area network in Network World's Wide Area Network section.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
U.S. retailers insist on PIN requirement in smartcard rules
Yelp speeds database access with flash storage
Thanks a million, Drupal
OS upgrades: Cheap is better than pricey, free is better than cheap
Amazon vs. Google vs. Windows Azure: Cloud computing speed showdown