Cisco ASA 1000V Cloud Firewall



Similar documents
Cisco Virtual Security Gateway for Nexus 1000V Series Switch

Cisco Virtual Network Management Center

Securing Virtual Applications and Servers

Cisco Video Surveillance Manager for Cisco UCS E-Series Servers

Cisco Nexus 1000V Switch for Microsoft Hyper-V

The Advantages of Cloud Services

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Cisco Virtual Wide Area Application Services: Technical Overview

OVERVIEW OF VIRTUAL FIREWALLS ON VBLOCK INFRASTRUCTURE PLATFORMS

Introduction... 4 Purpose... 4 Scope... 4 Audience... 5 Feedback... 5

Cisco Intercloud Fabric for Business

Cloud Infrastructure Licensing, Packaging and Pricing

How Network Virtualization can improve your Data Center Security

Cisco Intelligent Automation for Cloud

VMware for SMB environments(min st year)

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Cisco Network Services Manager 5.0

VMware vcloud Networking and Security

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Business Benefits. Cisco Virtual Networking solutions offer the following benefits:

Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture

Virtualization, SDN and NFV

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

Cisco Nexus 1000V Switches

Cisco OverDrive Network Hypervisor 4.0

Deploying F5 BIG-IP Virtual Editions in a Hyper-Converged Infrastructure

Private Cloud: A Key Strategic Differentiator

Cisco Intercloud Fabric Security Features: Technical Overview

Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches

MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS

Deliver the Next Generation Intelligent Datacenter Fabric with the Cisco Nexus 1000V, Citrix NetScaler Application Delivery Controller and Cisco vpath

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

VMware vsphere 4.1. Pricing, Packaging and Licensing Overview. E f f e c t i v e A u g u s t 1, W H I T E P A P E R

NetScaler VPX FAQ. Table of Contents

Reference Architecture for Dell VIS Self-Service Creator and VMware vsphere 4

Next Gen Data Center. KwaiSeng Consulting Systems Engineer

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

Cisco Prime Data Center Network Manager Release 7.0: Fabric Management for Cisco Dynamic Fabric Automation

Cisco Prime Data Center Network Manager Release 6.1

Cisco Nexus 1000V Series Switches

VMware vsphere 4. Pricing, Packaging and Licensing Overview W H I T E P A P E R

Cisco ASA 5500 Series Firewall Edition for the Enterprise

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Installing Intercloud Fabric Firewall

VXLAN: Scaling Data Center Capacity. White Paper

How To Build A Cisco Ukcsob420 M3 Blade Server

Cisco Security Appliances

Microsoft SQL Server 2012 on Cisco UCS with iscsi-based Storage Access in VMware ESX Virtualization Environment: Performance Study

Securing the Virtualized Data Center With Next-Generation Firewalls

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

CA ControlMinder for Virtual Environments May 2012

Virtual Machine Manager Domains

White Paper. Advanced Server Network Virtualization (NV) Acceleration for VXLAN

Virtual Data Centre Public Cloud Simplicity Private Cloud Security

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Unified Computing System When Delivering IT as a Service. Tomi Jalonen DC CSE 2015

vcloud Air Disaster Recovery Technical Presentation

ACANO SOLUTION VIRTUALIZED DEPLOYMENTS. White Paper. Simon Evans, Acano Chief Scientist

ABC of Storage Security. M. Granata NetApp System Engineer

WHITE PAPER. VMware vsphere 4 Pricing, Packaging and Licensing Overview

VMware vcloud Networking and Security Overview

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

The Evolving Data Center. Past, Present and Future Scott Manson CISCO SYSTEMS

Intel Cloud Builders Guide: Private Cloud Design and Deployment

How To Build A Software Defined Data Center

VMware vcloud Director for Service Providers

Advanced Security Services with Trend Micro Deep Security and VMware NSX Platforms

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

VMware EVO SDDC. General. Q. Is VMware selling and supporting hardware for EVO SDDC?

vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product?

Cisco-Citrix Alliance

Product Description. Product Overview

How To Extend Security Policies To Public Clouds

VBLOCK SYSTEMS: VMWARE VIRTUAL FIREWALLS IMPLEMENTATION GUIDE

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module

Journey to the Private Cloud. Key Enabling Technologies

Potecting your business assets in The Cloud, with. Secure Multitency Environment from CloudHPT.

Cisco Secure Control Access System 5.8

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

Adopting Software-Defined Networking in the Enterprise

Junos Space Virtual Control

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

Cisco UCS B460 M4 Blade Server

Simplifying. Single view, single tool virtual machine mobility management in an application fluent data center network

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Cisco and VMware Virtualization Planning and Design Service

vsphere 6.0 Advantages Over Hyper-V

Secure Cloud-Ready Data Centers Juniper Networks

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

A Platform Built for Server Virtualization: Cisco Unified Computing System

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

VMware vshield App Design Guide TECHNICAL WHITE PAPER

Transcription:

Data Sheet Cisco ASA 1000V Cloud Firewall Product Overview The Cisco ASA 1000V Cloud Firewall extends the proven Adaptive Security Appliance security platform to consistently secure the tenant edge in multitenant private and public cloud deployments. Complementing the zone-based security capabilities of the Cisco Virtual Security Gateway (VSG), the Cisco ASA 1000V Cloud Firewall provides multitenant edge security, default gateway functionality, and protection against network-based attacks, for a comprehensive cloud security solution. The Cisco ASA 1000V Cloud Firewall integrates with the Cisco Nexus 1000V Series Switch to offer a multi-hypervisor-capable solution and enable a single ASA 1000V instance to secure multiple ESX hosts for superior deployment flexibility and simplified management. Cisco Virtual Network Management Center (VNMC) is used to offer dynamic, policy-driven, multitenant management. Features and Benefits The Cisco ASA 1000V Cloud Firewall employs mainstream ASA security technology that has been optimized for virtual environments. It transparently integrates with Cisco Nexus 1000V, VSG, and VNMC components, and works in conjunction with physical ASA appliances to provide end-to-end security for hybrid (physical, virtual, cloud) infrastructures. The features and benefits are detailed in Table 1. Table 1. Feature Cisco ASA 1000V Cloud Firewall Features and Benefits Benefit Proven firewall to secure private and public clouds Increased solution flexibility and operational efficiency Comprehensive approach to new virtualization workflows Extends proven ASA capabilities to secure the multitenant virtual and cloud infrastructure at the edge Secures the cloud perimeter against network-based attacks Supports consistent capabilities across hybrid infrastructures: physical, virtual, and cloud Uses the most widely deployed secure connectivity solution that reliably extends IT infrastructure to the cloud and transfers mission-critical workloads between distributed locations without compromise Provides deployment flexibility and simpler management with distinctive capabilities for a single ASA 1000V instance to span multiple ESX hosts Enables consistency and flexibility with a multi-hypervisor-capable solution Supports enhanced scalability by providing VXLAN gateway capabilities Enhances efficiency and simplifies management with security policies organized into templatized edge profiles Captures operational efficiency with an option to support consistent address space between the existing physical and extended cloud infrastructure, or between multiple tenants within the cloud infrastructure Decreases end-to-end time to deploy a fully functional virtual machine by automatically provisioning IP addresses to virtual machines at a rapid pace Enhances management flexibility through XML APIs that support integration with third-party management and orchestration tools Employs an advanced, cloud-ready manager, offering a transparent, scalable, multitenant-capable, policybased solution, for end-to-end security of virtual and cloud environments Helps ensure collaborative governance with role-relevant management interfaces for network, server, and security administrators Dynamic Virtualization-Aware Operation Virtualization can be highly dynamic, with frequent add, delete, and change operations on virtual machines. Live migration of virtual machines occurs through manual or programmed VMware vmotion events. The Cisco ASA 1000V Cloud Firewall operates in conjunction with the Cisco Nexus 1000V Series (and vpath) to support dynamic virtualization, and in conjunction with the Cisco VNMC to create edge profiles per line of business or tenant. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 2

Security profiles are bound to Cisco Nexus 1000V Series port profiles, which are authored on the Cisco Nexus 1000V Series Virtual Supervisor Module (VSM) and published to VMware vcenter. When a new virtual machine is instantiated, the server administrator assigns the appropriate port profile to the virtual machine's virtual Ethernet port. The port and edge profiles are immediately applied to the instantiated virtual machine. A virtual machine can be repurposed simply by assigning different port and edge profiles. VMware vmotion events trigger movement of virtual machines across physical servers. The Cisco Nexus 1000V Series helps ensure that port and edge profiles both follow the virtual machine. Security enforcement and monitoring remain in place regardless of VMware vmotion events. Solution Components Integrates with the Nexus 1000V Series Switch: The Cisco ASA 1000V Cloud Firewall secures virtualized environments using advanced networking concepts to provide efficient deployment and operational simplicity. Operating in conjunction with Cisco Nexus 1000V Series distributed virtual switches in the VMware vsphere hypervisor, the Cisco ASA 1000V Cloud Firewall uses virtual network service data path (vpath) technology embedded in the Nexus 1000V Series Switch. Efficient deployment: Each Cisco ASA 1000V can provide protection across multiple physical servers, eliminating the need to deploy one virtual appliance per physical server. Independent capacity planning: Cisco ASA 1000V can be placed on a dedicated server controlled by the security operations team so that appropriate computing capacity can be allocated to application workloads, capacity planning can occur independently across server and security teams, and operational segregation can be maintained across security, network, and server teams. Scalable cloud networking: Cisco ASA 1000V acts as a VXLAN gateway to send traffic to and from the VXLAN to a traditional VLAN. Service chaining: vpath supports service chaining so that multiple virtual network services can be used as part of a single traffic flow. For example, by merely specifying the network policy, vpath can direct the traffic to first go through the ASA 1000V Cloud Firewall, providing tenant edge security, and then go through the Virtual Security Gateway, providing zone firewall capabilities. Integrates with Cisco VNMC: The Cisco ASA 1000V Cloud Firewall is managed using the Cisco VNMC to provide a nondisruptive administration model. Security administrators can author and manage security profiles and can manage Cisco ASA 1000V instances; security profiles are referenced in Cisco Nexus 1000V Series port profiles. Network administrators can author and manage port profiles and can manage Cisco Nexus 1000V Series distributed virtual switches; port profiles are referenced in the VMware vcenter through the programmatic interface of the Cisco Nexus 1000V Series VSM. Server administrators can select the appropriate port profile in the VMware vcenter when instantiating a virtual machine. Additionally, third-party management and orchestration tools can interact programmatically, through XML APIs, with Cisco VNMC for automated management and provisioning of the Cisco VSG. Cisco ASA 1000V Cloud Firewall can also be managed by Cisco Adaptive Security Device Manager (ASDM). 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 6

Complements Cisco VSG: Cisco VSG integrates with Cisco Nexus 1000V Series Switches to provide granular, inter-vm-zone-based security within the tenant. The Cisco ASA 1000V Cloud Firewall complements Cisco VSG to provide multitenant edge security and default gateway functionality and protect against network-based attacks. Figure 1 illustrates the integration of solution components. Figure 1. Cisco ASA 1000V Cloud Firewall Solution Components Software Packaging and Installation Table 2 describes how to obtain the Cisco ASA 1000V Cloud Firewall Table 2. Package Software Packaging and Installation Description Open Virtualization Format (OVF) Downloadable OVF virtual appliance in the form of a single file with the.ova extension Deployed with OVF Templates/Packages Cisco ASA Software Release 8.7 Solution Deployment Requirements The products listed in Table 3 must be deployed to secure virtualized and cloud environments using the Cisco ASA 1000V Cloud Firewall. Table 3. Product Cisco ASA 1000V Cloud Firewall Deployment Requirements Requirement Cisco ASA 1000V Cloud Firewall Cisco ASA 1000V Cloud Firewall as a virtual appliance 1 virtual CPU vram: 1.5 GB vhard disk: 2.5 GB Network data interfaces: 2 Management interface: 1 High-availability interface: 1 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 6

Product Hypervisor and hypervisor management Distributed virtual switch Management Requirement VMware vsphere 4.1 or later releases with VMware ESX or ESXi VMware vcenter 4.1 or later releases Cisco Nexus 1000V Series Software Release 4.2(1)SV1(4) or later, including the Virtual Ethernet Module (embedded in the VMware vsphere ESX or ESXi hypervisor); Essential edition or Advanced edition Cisco Virtual Network Management Center Release 2.0 or later (deployed as a virtual appliance) Product Performance Guidance Table 4 provides the performance guidance for a single instance of the Cisco ASA 1000V Cloud Firewall. Testing was conducted on a VMware ESX 5.0 host running on an Intel Xeon Processor X5670 (Westmere) at 2.93 GHz with dual hex-core. 1 vcpu, 1.5 GB vram, and 2.5 GB vhd are allocated to the ASA 1000V instance. Table 4. Feature Cisco ASA 1000V Cloud Firewall Performance Capabilities Cisco ASA 1000V Cloud Firewall Maximum Firewall Throughput (max) Maximum Firewall Throughput (multi-protocol) 1.2 Gbps 400 Mbps Maximum Concurrent Sessions 200,000 Maximum Connections per Second 10,000 VPN Throughput 200 Mbps Maximum VPN Tunnels 750 Note: The performance capabilities of the ASA 1000V depend upon the deployment scenario, ASA 1000V device configuration, resources available to the ASA 1000V instance, and the traffic patterns. These elements should be taken into consideration as part of your planning. Licensing and Ordering Information Cisco ASA 1000V Cloud Firewall is licensed based on the number of physical server CPU sockets that are being protected. Each protected CPU also requires a Cisco Nexus 1000V Series license. Table 5 lists ordering information for the Cisco ASA 1000V. Table 5. Part Number Cisco ASA 1000V Cloud Firewall Ordering Information Description ASA1000V-01= ASA1000V-04= ASA1000V-16= ASA1000V-32= L-ASA1000V-BASE L-ASA1000V-04= L-ASA1000V-16= L-ASA1000V-32= ASA1000V-K9-CD= ASA 1000V Paper CPU License Qty 1-Pack ASA 1000V Paper CPU License Qty 4-Pack ASA 1000V Paper CPU License Qty 16-Pack ASA 1000V Paper CPU License Qty 32-Pack ASA 1000V edelivery CPU License Qty 1-Pack ASA 1000V edelivery CPU License Qty 4-Pack ASA 1000V edelivery CPU License Qty 16-Pack ASA 1000V edelivery CPU License Qty 32-Pack ASA 1000V on Physical Media Table 6 lists ordering information for the Nexus 1000V Advanced Security bundle, which includes Nexus 1000V Advanced Edition and ASA 1000V licenses. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 6

Table 6. Cisco Nexus 1000V Advanced Security Bundle Ordering Information Part Number N1K-ASA1K-01 N1K-ASA1K-04 N1K-ASA1K-16 N1K-ASA1K-32 L-N1K-ASA1K-01 L-N1K-ASA1K-04 L-N1K-ASA1K-16 L-N1K-ASA1K-32 Description Nexus 1000V Advanced Edition and ASA 1000V Paper CPU License Qty 1-Pack Nexus 1000V Advanced Edition and ASA 1000V Paper CPU License Qty 4-Pack Nexus 1000V Advanced Edition and ASA 1000V Paper CPU License Qty 16-Pack Nexus 1000V Advanced Edition and ASA 1000V Paper CPU License Qty 32-Pack Nexus 1000V Advanced Edition and ASA 1000V edelivery CPU License Qty 1-Pack Nexus 1000V Advanced Edition and ASA 1000V edelivery CPU License Qty 4-Pack Nexus 1000V Advanced Edition and ASA 1000V edelivery CPU License Qty 16-Pack Nexus 1000V Advanced Edition and ASA 1000V edelivery CPU License Qty 32-Pack Warranty Information Find warranty information on Cisco.com at the Product Warranties page. Service and Support Cisco Services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. Cisco Services address all aspects of planning, building, and running the network; helping you shorten implementation times, lower operating costs, capture new business opportunities, mitigate risk, and accelerate growth. Cisco Security Services can help you plan, build, and run secure networks that protect your organization from attack and disruption, protect privacy, and support regulatory compliance controls. Included in the Run phase of the service lifecycle are Cisco Security IntelliShield Alert Manager Service, Cisco SMARTnet, and Cisco Service Provider Base. These services are suitable for enterprise, commercial, and service provider customers. Cisco Security IntelliShield Alert Manager Service provides a customizable, web-based threat and vulnerability alert service that allows organizations to easily access timely, accurate, and credible information about potential vulnerabilities in their environment. For More Information For more information, please contact your local account representative, or visit the following websites: Cisco ASA 1000V Cloud Firewall: http://www.cisco.com/go/asa1000v Cisco Nexus 1000V Series Switch: http://www.cisco.com/go/nexus1000v Cisco Virtual Security Gateway: http://www.cisco.com/go/vsg Cisco Virtual Network Management Center: http://www.cisco.com/go/vnmc Cisco ASA 5500 Series Adaptive Security Appliance: http://www.cisco.com/go/asa Cisco Security Services: http://www.cisco.com/en/us/products/svcs/ps2961/ps2952/serv_group_home.html 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 6

Printed in USA C78-687960-02 12/12 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information