Cisco Virtual Firewall Protects Multi-Tenant Cloud

Cisco rolled out network switches, including a new firewall product, to expand its data centre portfolio with virtual security offerings.

Cisco unveiled the ASA 1000V, a virtual version of the current Adaptive Security Appliance (ASA) for deployment as a virtual machine on a server. The appliance would extend security protection to the edge of virtual environments, Cisco said. Intended for multi-tenant cloud environments, Cisco said organisations would be able to apply consistent policies across physical and virtual environments.

Over a million ASA appliances

Cisco said over one million ASA appliances have already been deployed, making the platform familiar for customers. Administrators are likely to use a familiar platform to have “consistent security” across physical, virtual and cloud environments, Rajneesh Chopra, a senior product manager, told eWEEK.

“Our customers tell us, ‘I use physical firewalls and I want the same posture in my virtual environment’,” Chopra said. The ASA 1000V was created to fill that need, he added.

The ASA 1000V integrates with the Nexus 1000V virtual switch for VMware’s ESXi hypervisors and Cisco’s own Virtual Security Gateway.

Currently available as beta, Cisco has not yet determined pricing for the virtual firewall, according to Chopra, The licence pricing is most likely to be based on the number of CPUs on the physical server, instead of number of virtual machines on the server, he said. The ASA may also be sold as a bundle with the Nexus, but there were “no final prices”, Chopra said.

ASA 1000V provides firewall capabilities, comprehensive real-time threat defence, always-on remote access and comprehensive network security, Cisco said. Administrators can manage the virtual machines using Cisco Virtual Network Management Centre (VNMC), which works both for the Virtual Security Gateway as well as ASA 1000V.

Administrators can create policies in the VNMC which are then assigned to virtual machines, Chopra said. Whoever is creating the virtual machine has to select the appropriate security profile along with the network information. If the server will need to meet PCI requirements, the appropriate policy is added and the requirements are seamlessly in place. While VSG creates zones within tenants, the ASA 1000V works at the edge of the network to provide dynamic policy-driven network security management.

“If it takes only one minute to bring up a virtual machine, it shouldn’t take a day to get the firewall policies in place,” Chopra said.

VMware supported, Microsoft next

The integration with the Nexus 1000V switch allows administrators to use the ASA 1000V with VMware’s hypervisor, Chopra said. However, Microsoft’s Hyper-V support was expected “soon” for Nexus 1000V, which would allow ASA to support those virtual machines as well.

“We don’t have a firewall for IBM, Honeywell or other servers. We shouldn’t have different firewalls for each hypervisor,” Chopra said.

The ASA 1000V was announced as part of a larger rollout of data centre offerings, including the next generation of Cisco’s Nexus 7000 switches, a new Nexus 3000 Ethernet switch and fabric extensions to the vendor’s Nexus 5000 switches. The switches are part of Cisco’s efforts to help enterprises handle the rapidly growing amount of Internet traffic in a physical, virtual or cloud environment.