Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Intercloud Fabric for Provider
  5. White Paper

Cisco Cisco Intercloud Fabric for Provider White Paper

Download
Page of 8
 
 
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 
Page 3 of 8 
What You Will Learn 
This white paper describes the security features of the Cisco Intercloud Fabric
 solution and how it helps users 
create a secure hybrid cloud infrastructure. 
For most organizations, security is a critical concern when using public clouds. Cisco Intercloud Fabric provides 
users with the same level of security in the public cloud they have in their own data center. The solution lets users 
build secure hybrid clouds that extend their existing data center infrastructure to public clouds as needed and on 
demand, take advantage of flexible capacity, and achieve lower costs and faster delivery of resources. 
Introduction 
Hybrid clouds are quickly becoming the new normal. National Institute of Standards and Technology (NIST) defines 
hybrid cloud as a composition of two or more distinct cloud infrastructures (private, community, or public) that 
remain unique entities, but are bound together by standardized or proprietary technology that enables data and 
application portability (e.g., cloud bursting for load balancing between clouds). 
Cisco Intercloud Fabric enables customers to build highly secure hybrid clouds and transparently extend their 
private cloud to public cloud environments, while keeping the same level of security across both environments. 
Cisco Intercloud Fabric provides complete end-to-end security between public and private clouds, using the 
following capabilities: 
● 
Secure site-to-site communication 
● 
Cisco Intercloud Fabric secure shell 
◦ 
Trusted cloud VMs 
◦ 
Encrypted VM-to-VM communication 
◦ 
Controlled cloud VM access through cloud security groups 
● 
Role-based access control (RBAC) on cloud resources. 
● 
Zone-based firewall using Cisco Intercloud Fabric firewall (Cisco
®
 Virtual Security Gateway [VSG]) 
Secure Site-to-Site Communication 
Cisco Intercloud Fabric creates a cryptographically isolated and encrypted tunnel to securely communicate 
between private and public clouds (Figure 1). It uses two VMs, a Cisco Intercloud
 Extender VM in the enterprise 
cloud, and a Cisco Intercloud Switch VM in the public cloud to create a secure tunnel between the two VMs as 
endpoints. This helps ensure that all network communications between private and public cloud sites are secure 
and encrypted. 
The tunnel can be configured to be a Datagram Transport Layer Security (DTLS)/Transport Layer Security 
(TLS)/Hypertext Transport Protocol Secure (HTTPS) tunnel depending on customer choice of UDP/TCP/HTTP as 
the tunnel data transport protocol. 
Key and certificate management is performed by the Cisco Intercloud Fabric Director software running in the 
private cloud. It is also possible to periodically refresh the keys from the director.