Click here to load reader

FlexPod Datacenter with Cisco Secure Enclaves · PDF fileFlexPod Datacenter with Cisco Secure Enclaves uses the FlexPod Data Center ... Nexus 7000 NX-OS 6.1(2) Low (positioned) 2 Nexus

  • View
    215

  • Download
    1

Embed Size (px)

Text of FlexPod Datacenter with Cisco Secure Enclaves · PDF fileFlexPod Datacenter with Cisco Secure...

  • FlexPod Datacenter with Cisco Secure Enclaves

    Last Updated: May 15, 2014

    Building Architectures to Solve Business Problems

  • 2

  • About the Authors

    re his current role, he supported and administered Nortel's worldwide training network structure. John holds a Master's degree in computer engineering from Clemson University.

    t, Solutions Architect, Infrastructure and Cloud Engineering, NetApp

    is a Solutions Architect in the NetApp Infrastructure and Cloud Engineering team. She architecture, implementation, compatibility, and security of innovative vendor develop competitive and high-performance end-to-end cloud solutions for customers. her career in 2006 at Nortel as an interoperability test engineer, testing customer roperability for certification. Lindsey has her Bachelors of Science degree in Computer d her Masters of Science in Information Security from East Carolina University.

    About the AuthorsChris O'Brien, Technical Marketing Manager, Server Access Virtualization Business Unit, Cisco Systems

    Chris O'Brien is currently focused on developing infrastructure best practices and solutions that are designed, tested, and documented to facilitate and improve customer deployments. Previously, O'Brien was an application developer and has worked in the IT industry for more than 15 years.

    John George, Reference Architect, Infrastructure and Cloud Engineering, NetApp

    John George is a Reference Architect in the NetApp Infrastructure and Cloud Engineering team and is focused on developing, validating, and supporting cloud infrastructure solutions that include NetApp products. Befoand VPN infra

    Lindsey Stree

    Lindsey Streetfocuses on thetechnologies toLindsey startedequipment inteNetworking an

    3

  • 4About Cisco Validated Desig

    About the Authors

    n (CVD) Program

    IM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF

    ILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING

    SE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS

    LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES,

    ITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF

    ABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED

    IBILITY OF SUCH DAMAGES.

    ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR

    TION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR

    SSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT

    CHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY

    N FACTORS NOT TESTED BY CISCO.

    Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco

    co logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We

    y, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS,

    eeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the

    Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital,

    ems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Cen-

    ollow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone,

    onPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace

    MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels,

    criptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to

    nternet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of

    , Inc. and/or its affiliates in the United States and certain other countries.

    arks mentioned in this document or website are the property of their respective owners.

    word partner does not imply a partnership relationship between Cisco and any other com-

    Systems, Inc. All rights reserved

    About Cisco Validated Design (CVD) Program

    The CVD program consists of systems and solutions designed, tested, and documented to facilitate

    faster, more reliable, and more predictable customer deployments. For more information visit

    http://www.cisco.com/go/designzone.

    ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLEC-

    TIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUP-

    PLIERS DISCLA

    MERCHANTAB

    FROM A COUR

    SUPPLIERS BE

    INCLUDING, W

    THE USE OR IN

    OF THE POSS

    THE DESIGNS

    THEIR APPLICA

    OTHER PROFE

    THEIR OWN TE

    DEPENDING O

    CCDE, CCENT,

    WebEx, the Cis

    Work, Live, Pla

    Bringing the M

    Cisco Certified

    the Cisco Syst

    ter, Fast Step, F

    iQuick Study, Ir

    Chime Sound,

    ProConnect, S

    Increase Your I

    Cisco Systems

    All other tradem

    The use of the

    pany. (0809R)

    2014 Cisco

    http://www.cisco.com/go/designzone

  • FlexPod Datacenter with Cisco Secure Enclaves

    OverviewThe increased scrutiny on security is being driven by the evolving trends of mobility, cloud computing, and advanced targeted attacks. More than the attacks themselves, a major consideration is the change in what defines a network, which goes beyond traditional walls and includes data centers, endpoints, virtual and mobile to make up the extended network.

    Today most converged infrastructures are designed to meet performance and function requirements with little or no attention to security. Furthermore, the movement toward optimal use of IT resources through virtualization has resulted in an environment in which the true and implied security accorded by physical separation has essentially vanished. System consolidation efforts have also accelerated the movement toward co-hosting on converged platforms, and the likelihood of compromise is increased in a highly shared environment. This situation presents a need for enhanced security and an opportunity to create a framework and platform that instills trust.

    The FlexPod Data Center with Cisco Secure Enclaves solution is a threat-centric approach to security allowing customers to address the full attack continuum, before during and after the attack on a standard platform with a consistent approach. The solution is based on the FlexPod Data Center integrated system and augmented with services to address business, compliance and application requirements. The FlexPod Data Center with Cisco Secure Enclaves is a standard approach to delivering a flexible, functional and secure application environment that can be readily automated.

    Solution Components FlexPod Datacenter with Cisco Secure Enclaves uses the FlexPod Data Center configuration as its foundation. The FlexPod Data Center is an integrated infrastructure solution from Cisco and NetApp with validated designs that expedite IT infrastructure and application deployment, while simultaneously reducing cost, complexity, and project risk. FlexPod Data Center consists of Cisco Nexus Networking, Cisco Unified Computing System (Cisco UCS), NetApp FAS Series storage systems. One especially significant benefit of the FlexPod architecture is the ability to customize or "flex" the environment to suit a customer's requirements, this includes the hardware previously mentioned as well as operating systems or hypervisors it supports.

  • Audience

    The Cisco Secure Enclaves design extends the FlexPod infrastructure by using the abilities inherit to the integrated system and augmenting this functionality with services to address the specific business and application requirements of the enterprise. These functional requirements promote uniqueness and innovation in the FlexPod, augmenting the original FlexPod design to support these prerequisites. The result is a region, or enclave, and more likely multiple enclaves, in the FlexPod built to address the unique workload activities and business objectives of an organization.

    FlexPod Data Center with Cisco Secure Enclaves is developed using the following technologies:

    FlexPod Data Center from Cisco and NetApp

    VMware vSphere

    Cisco Adaptive Security Appliance (ASA)

    Cisco NetFlow Generation Appliance (NGA)

    Cisco Virtual Security Gateway (VSG)

    Cisco Identity Services Engine (ISE)

    Cisco Network Analysis Module

    Cisco UCS Director

    Lancope StealthWatch System

    Note The FlexPod solution is hypervisor agnostic. Please go to the Reference Section of this document for URLs providing more details about the individual components of the solution.

    AudienceThis document describes the architecture and deployment procedures of a secure FlexPod Data Center infrastructure enabled with Cisco and NetApp technologies. The intended audience for this document includes but is not limited to sales engineers, field consultants, professional services, IT managers, partner engineering, and customers interested in making security an integral part of their FlexPod infrastructure.

    FlexPod Data Center with Cisco Secure Enclaves

    FlexPod Data Center with Cisco Secure Enclaves OverviewThe FlexPod Data Center with Cisco Secure Enclaves is a standardized approach to the integration of security services with a FlexPod Data Center based infrastructure. The design enables features inherit to the FlexPod platform and calls for its extension through dedicated physical or virtual appliance implementations. The main design objective is to help ensure that applications in this environment meet their subscribed service-level agreements (SLAs), including confidentiality requirements, by using the validated FlexPod infrastructure and the