Cisco rolled out new switches and a virtual firewall appliance to expand its data center offerings.
Cisco rolled out new network switches, including a new firewall
product, to expand its data center portfolio with virtual security
Cisco unveiled the ASA 1000V, a virtual version of the current
Adaptive Security Appliance on Oct. 18. Deployed as a virtual machine
on a server, the appliance would extend security protection to the edge
of virtual environments, Cisco said. Intended for multi-tenant cloud
environments, Cisco said organizations would be able to apply
consistent policies across physical and virtual environments.
Cisco said over one million ASA appliances have already been
deployed, making the platform familiar for customers. Administrators
are likely to use a familiar platform to have "consistent security"
across physical, virtual and clound environments, Rajneesh Chopra, a
senior product manager, told eWEEK.
"Our customers tell us, 'I use physical firewalls and I want the same
posture in my virtual environment,'" Chopra said. The ASA 1000V was
created to fill that need, he said.
The ASA 1000V integrates with the Nexus 1000V virtual switch
for VMware's ESXi hypervisors and Cisco's own Virtual Security Gateway.
Currently available as beta, Cisco has not yet determined
pricing for the virtual firewall, according to Chopra, The license
pricing is most likely to be based on the number of CPUs on the
physical server, instead of number of virtual machines on the server,
he said. The ASA may also be sold as a bundle with the Nexus, but there
were "no final prices," Chopra said.
ASA 1000V provides firewall capabilities, comprehensive real-time
threat defense, always-on remote access and comprehensive network
security, Cisco said. Administrators can manage the virtual machines
using Cisco Virtual Network Management Center (VNMC), which works both
for the Virtual Security Gateway as well as ASA 1000V.
Administrators can create policies in the VNMC which are then assigned
to virtual machines, Chopra said. Whoever is creating the virtual
machine has to select the appropriate security profile along with the
network information. If the server will need to meet PCI requirements,
the appropriate policy is added and the requirements are seamlessly in
place. While VSG creates zones within tenants, the ASA 1000V works at
the edge of the network to provide dynamic policy-driven network
"If it takes only one minute to bring up a virtual machine, it
shouldn't take a day to get the firewall policies in place," Chopra
The integration with the Nexus 1000V switch allows
administrators to use the ASA 1000V with VMware's hypervisor, Chopra
said. However, Microsoft's Hyper-V support was expected "soon" for
Nexus 1000V, which would allow ASA to support those virtual machines as
"We don't have a firewall for IBM, Honeywell or other servers.
We shouldn't have different firewalls for each hypervisor," Chopra
The ASA 1000V was announced as part of a larger rollout of data
center offerings, including the next generation of Cisco's Nexus 7000
switches, a new Nexus 3000 Ethernet switch and fabric extensions to the
vendor's Nexus 5000 switches. The switches are part of Cisco's efforts
to help enterprises handle the rapidly growing amount of Internet
traffic in a physical, virtual or cloud environment.