Can Cisco Provide the Right Kind of Security?
But is this the kind of expertise that enterprises will be able to depend
upon during the crunch-time production workloads that can make or break a
"This is an integrated solution, so I guess if you crack part of it, you crack all of it," Kerravala said. "There are other ways around this; I'm sure you could encrypt the disks. Looking back, though, I am a little surprised that with all the third-party vendors they brought in, there wasn't a security vendor that was part of it. It would have been good to have had a third party legitimize the security of it."
Cisco is a good security company when it comes to securing transport, Kerravala said, but has he added that Cisco has never been proven to secure the data itself.
"All a [knowledgeable] hacker has to do to get into this UCS system is to hack into the [Cisco] switch, which controls the data flow and the data itself," Desai said. "For some [sophisticated] hackers, this is not that hard to do."
What asked about this, Brian Schwartz, Cisco director of product management for the UCS platform, pointed out the EMC-RSA relationship to eWEEK as a possible option for potential customers. Nonetheless, RSA is not a part of the original UCS initiative. But it is possible, certainly, that Cisco will bring in RSA as a security partner at a later date.
It also turns out that for other specific kinds of security that might be required in a UCS deployment, customers are expected to use their own existing server, storage and management security vendor-not one provided by Cisco itself.
"When we go out and talk to customers [about UCS], we tell them this: There are things in this system that we [provide that] add value, and there's a bunch of stuff that's essentially unchanged," Schwartz told eWEEK.
"There are a lot of standard best practices and solutions that we don't factor into solving customers' challenges. Built into the UCS Manager, however, we do have a sophisticated RBAC security system that handles both internal and external [network] authentication, that we've spent a lot of time on.
"This is very granular, to give people appropriate privileges, and also to support a full set of [standard] authentication devices. It supports LDAP (Active Directory authentication for server administrators) and others; on the network side, customers often use a Radius-type server or something similar. ... Most customers already have one of these systems in place, and what they want is for our system to fit into it gracefully," Schwartz said.
So, the bottom line is this: In the UCS scheme, Cisco will provide the built-in network protection through its UCS Manager.
However, if an enterprise wants to encrypt storage disks or desires high-end protection for its application, database, Web or any other type of servers, then the customer is on its own.