Cisco Cisco Virtual Security Gateway for Nexus 1000V Series Switch 情報ガイド
Q&A
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Cisco Virtual Security Gateway for Cisco Nexus
1000V Series Switches
1000V Series Switches
Q. What is the Cisco
®
Virtual Security Gateway (VSG)?
A. Cisco VSG for Cisco Nexus
®
1000V Series Switches is a virtual appliance that delivers security and
compliance for virtual computing environments. Cisco VSG uses virtual network service data path (vPath)
technology embedded in the Cisco Nexus 1000V Series virtual Ethernet module (VEM), offering very high
performance with vPath-based policy enforcement of packets.
Q. What are the major features and benefits of Cisco VSG?
A. Table 1 provides a summary of the new features and business benefits of Cisco VSG.
Table 1.
Main Features and Benefits of Cisco Virtual Security Gateway
Feature Name
Description
Benefit
Trusted access
Cisco VSG segments the virtual infrastructure into zones
of trust and applies zone-based security policies to control
and monitor access:
of trust and applies zone-based security policies to control
and monitor access:
●
Cisco VSG applies granular, context-aware policies,
based on network, custom, and virtual machine
attributes.
attributes.
●
Cisco VSG provides trusted access even in
multi-tenant private and public cloud environments.
Cisco VSG secures virtualized infrastructure, strengthens
compliance, simplifies audits, and lowers total cost of
ownership (TCO) by helping to virtualize more workloads.
compliance, simplifies audits, and lowers total cost of
ownership (TCO) by helping to virtualize more workloads.
Dual-path architecture
Cisco VSG uses vPath technology embedded in the Cisco
Nexus 1000V virtual Ethernet module (VEM), offering very
high performance with vPath-based policy enforcement of
packets:
Nexus 1000V virtual Ethernet module (VEM), offering very
high performance with vPath-based policy enforcement of
packets:
●
Unknown packets are forwarded from the VEM to
Cisco VSG for policy information. Cisco VSG then
sends security policies to the VEM.
sends security policies to the VEM.
●
From there, security policies are handled in vPath by
the VEM, without intervention from Cisco VSG.
Security that compromises performance is not security.
The vPath-based architecture delivers the benefits of
security for fully virtualized data centers without sacrificing
performance.
The vPath-based architecture delivers the benefits of
security for fully virtualized data centers without sacrificing
performance.
Support for flexible
virtualized data centers
virtualized data centers
Cisco VSG supports dynamic virtualization environments.
Security profiles are bound to Cisco Nexus 1000V Series
port profiles. The Cisco Nexus 1000V Series manages and
enforces port and security profiles for each virtual machine
virtual Ethernet port. A virtual machine can be repurposed
by assigning a different port and security profile. Similarly,
as VMware vMotion operations move virtual machines
across physical servers, the Cisco Nexus 1000V Series
ensures that port and security profiles follow them.
Security enforcement and monitoring remains transparent
to VMware vMotion events.
Security profiles are bound to Cisco Nexus 1000V Series
port profiles. The Cisco Nexus 1000V Series manages and
enforces port and security profiles for each virtual machine
virtual Ethernet port. A virtual machine can be repurposed
by assigning a different port and security profile. Similarly,
as VMware vMotion operations move virtual machines
across physical servers, the Cisco Nexus 1000V Series
ensures that port and security profiles follow them.
Security enforcement and monitoring remains transparent
to VMware vMotion events.
Support for flexible virtualized data centers delivers the
benefits of simplified and scalable provisioning of security
services while delivering workload agility.
benefits of simplified and scalable provisioning of security
services while delivering workload agility.
Nondisruptive
administration
administration
Cisco VSG integrates with the Cisco Nexus 1000V Series,
along with a separate security management solution
(Cisco Prime Network Services Controller) that provides
both a GUI and a web services API.
along with a separate security management solution
(Cisco Prime Network Services Controller) that provides
both a GUI and a web services API.
Allowing the security team to manage security policies and
devices prevents accidents and errors.
devices prevents accidents and errors.
Automated provisioning through API integration allows
rapid enablement of security services.
rapid enablement of security services.
High availability
Cisco VSG can be deployed in active-standby mode to
help ensure a highly available operating environment, with
vPath redirecting packets to the secondary or standby
VSG when the primary or active Cisco VSG is unavailable.
help ensure a highly available operating environment, with
vPath redirecting packets to the secondary or standby
VSG when the primary or active Cisco VSG is unavailable.
Security with high availability is achieved.
Any component of the virtualized data center not delivering
high availability lowers the value proposition.
high availability lowers the value proposition.