Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Intercloud Fabric for Provider
  5. White Paper

Cisco Cisco Intercloud Fabric for Provider White Paper

Download
Page of 8
 
 
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 
Page 8 of 8 
Zone-Based Firewall Using Cisco Intercloud Fabric Firewall 
In traditional data center deployments, virtualization presents a need to secure traffic between virtual machines; 
this traffic is generally referred to as east-west traffic. Instead of redirecting this traffic to the edge firewall for 
lookup, data centers can handle the traffic in the virtual environment by deploying a zone-based firewall.  
Cisco Intercloud Fabric includes a zone-based firewall, the Cisco Virtual Security Gateway (VSG), which provides 
policy enforcement for communication between virtual machines and protects east-west traffic in the provider 
cloud.  
The virtual firewall is integrated with Cisco Virtual Path (vPath) technology, which enables intelligent traffic steering 
and service chaining. The main features of the VSG zone-based firewall include: 
● 
Zone-based policy definition, which allows the policy administrator to partition the managed virtual space 
into multiple logical zones and write firewall policies based on these logical zones 
● 
Policy definition based on network attributes or virtual machine attributes such the virtual machine name 
● 
Enhanced performance due to caching of policy decisions on the local vPath module after the initial flow 
lookup process 
With VSG support in Cisco Intercloud Fabric, customers who use the VSG for the Cisco Nexus
®
 1000V Series 
Switch in their enterprise data center can extend the same policies to the VSG instance in the public cloud. This 
allows them to have consistent firewall policies across their entire hybrid cloud infrastructure. 
Conclusion 
Cisco Intercloud Fabric provides multiple layers of security for workloads running on public clouds. Encrypted site-
to-site tunnels and access tunnels help ensure that all data in motion is secure. Every intercloud fabric cloud VM is 
secure and trusted through preinserted SSH and PSK keys, and the VSG firewall lets users define zoning and 
security policies with consistent policies in private and public clouds. With these capabilities, Cisco Intercloud 
Fabric provides complete end-to-end security for workloads running in a hybrid infrastructure. 
For More Information 
 
 
 
 
Printed in USA 
C11-734535-00  05/15