Cisco Cisco Virtual Security Gateway for Nexus 1000V Series Switch Datenbogen
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
Data Sheet
Cisco Virtual Security Gateway for Cisco Nexus
1000V Switches
1000V Switches
Product Overview
The Cisco
®
Virtual Security Gateway (VSG) for Cisco Nexus
®
1000V Switches is a virtual appliance that provides
trusted access to secure virtualized data centers in enterprise and cloud provider environments while meeting the
requirements of dynamic policy-based operations, mobility-transparent enforcement, and scale-out deployment for
dense multitenancy. Cisco VSG offers IT departments the benefits of workload virtualization with the security of
zone-based controls and activity monitoring, enhanced compliance with corporate security policies and industry
regulations, and simplified security audits. Cisco VSG helps ensure that access to trust zones is controlled and
monitored through established security policies.
Main Features
Integrated with Cisco Nexus 1000V Switches and running Cisco NX-OS Software, Cisco VSG provides the
features and benefits listed in Table 1.
Table 1.
Features and Benefits
Feature
Description
Benefits
Trusted access
● Secure segmentation of virtualized data center virtual machines using detailed,
zone-based control and monitoring with context-aware security policies (based
on virtual machine identities, custom attributes, and 5-tuple network
parameters)
on virtual machine identities, custom attributes, and 5-tuple network
parameters)
● Controls applied across organizational zones, lines of business (LoBs), and
multitenant (scale-out) environments (Figure 1)
● Security policies organized into security profiles (templates)
● Context-based access logs generated with activity details at the network and
● Context-based access logs generated with activity details at the network and
virtual machine levels
● Strengthens regulatory
compliance and simplifies
audits
audits
● Simplifies management and
deployment across a large
number of virtual machines
and virtual security
gateways
number of virtual machines
and virtual security
gateways
Dynamic (virtualization-
aware) operation
aware) operation
● On-demand provisioning of security templates and trust zones during virtual
machine instantiation
● Mobility-transparent enforcement and monitoring as live migration of virtual
machines occurs across different physical servers
Preserves security for the
dynamic data center
dynamic data center
Nondisruptive
administration
administration
● Administrative segregation across security and server teams
● Enhances collaboration
● Helps eliminate
● Helps eliminate
administrative errors
● Helps simplify security
audits
VXLAN awareness
● Zone-based firewall capabilities extended to virtual machines on VXLAN
Secures application workloads
on VXLAN
on VXLAN
Layer 2 or Layer 3
deployment
deployment
● Layer 2 and Layer 3 connectivity between Cisco VSG and Cisco Nexus 1000V
Virtual Ethernet Module (VEM)
Enables flexible Cisco VSG
deployment
deployment
Cisco Virtual network
data path (vPath)
service chaining
capability
data path (vPath)
service chaining
capability
● Participation in Cisco vPath service chain along with other networking services Provides simplified deployment
of Cisco VSG in the traffic path
with other networking services
with other networking services