Cisco is the latest security innovation for modern data center networks

Cisco is the latest security innovation for modern data center networks

by

In February, Cisco introduced a bold architectural shift to the network network of the data center with the launch of the intelligent Cisco N9300 Switch-New Class of Switch, which unifies network and security to a single future platform. Today’s data centers are looking for simpler and safer ways to expand their bike, in the need to lay on more security solutions. The N9300 intelligent switches, part of the Cisco Nexus portfolio, provide this need and provide robust L4 segmentation within both single and multifabric deployment.

By inserting advanced security directly into the network production, this innovative platform allows advanced segmentation, greater visibility and helps reduce the total cost of ownership (TCO) with this transformative network design.

With the general availability of intelligent N9300 series with Top-of-Rack (TOR) in network mode, modern data centers are authorized to scal the scale efficiently and safely. Tor L4 segmentation with Cisco Hypershield integration will be available in the upcoming edition.

The Cisco N9300 intelligent switches include N9324C-se1u with 24-port and 100g and N9348Y2C6D-se1u with 48 ports, 6-port 400 GA 2-port 100g. These intelligent switches to top (TOR) boast architecture, disposable or multiple, future and TCO savings. They will be integrated into Cisco Hypershield.
Figure 1. New intelligent Tor N9324C-se1U and N9348Y2C6D-se1U N9300.

Always to protect with Cisco Live Protect

Cisco Live Protect, another recent innovative edition, adds another layer of durability for intelligent N9300 series and other Cisco Nexus switches by immediately protecting against software vulnerability. The solution works without requiring upgrades, restarting, repairing or downtime. Live Protect, originally NX-DOS, uses the promotion of EBPF-based policies to immediately alleviate advanced common injuries and exhibitions (CVE).

Top switches switches with the future with network mode

The new network mode includes a new intelligent CISCO N9324C-SE1U Smart Switch and Cisco N9348Y2C6D-se1U, both driven by Cisco NX-MS 10.6 (1S). These versatile platforms are optimized for the roles of leaf, border sheets and border gates that support the substances for the deployment of VXLAN-EVPN and BGP for one-off and multiple deployment.

These intelligent switches provide comprehensive L2/L3 capacity, QoS, multi -way transmission support and advanced features such as L2 mobility, active deployment with multiple locations and continuity of recovery after disaster. When operating in network mode with DPUS shutdown, they provide a high level of power needed to help the data center infrastructure in the future. The network mode also facilitates the smooth integration of new deployment and expansion on brownfields with existing Nexus data center fabrics, while laying foundations for future TOR L4 segmentation.

The result is simplified operations, reduced complexity of deployment and significant TCO savings with TOR L4 segmentation.

There are two cases of use in the network mode: the case with one creator with VXLAN-EVPN and BGP and a multiple case of use for multi-lock VXLAN-EVPN. Both are available with the intelligent Cisco N9300 series with the highest (TOR).There are two cases of use in the network mode: the case with one creator with VXLAN-EVPN and BGP and a multiple case of use for multi-lock VXLAN-EVPN. Both are available with the intelligent Cisco N9300 series with the highest (TOR).
Figure 2. Network mode supports VXLAN-EVPN and BGP-ROUTED FAIS for deployment with one Fabric and for multiple places.

Strengthening the security of the data center with the Tor L4 segmentation

The upcoming network and security edition will integrate the TOR L4 segmentation directly into the network production and will provide advanced security on the edge – simplifying operations, strengthening security and providing tangible business results, including:

  • Optimized operations:Dashboard Nexus Effective Netops Administration, helps reduce costs and speed up problems.
  • Stronger safety and compliance with regulations:On-Premises Hypershield and Cisco Security Cloud Control (SCC) SAAS provide robust teams for ENCOPS, reduce risks and promote regulatory compliance.
  • Faster deployment and protection of investment:Flexible production integration VXLAN/BGP smoothly into both Greenfield and Brownfield, accelerate deployment while protecting existing investments.
  • Minimized risk and scalable protection:Advanced segmentation StateFul or Stateless L4 (up to 800 g of throughput) ensures that security policies are governed by workload, reduce violations and consist, adaptive security.
  • Reduced risk of deployment:Policy management based on CRD scheme with validation/Canary introduction contributes to secure and stable deployment.
  • Improved check:The on-premises Hypershield Control plane provides greater operating control and improved data management.
  • Increased dexterity:Simplified upgrades minimize downtime and accelerate the acceptance of new capacities.
  • Proactive knowledge:Understanding the observability of the Nexus, Splunk and Prometheus/Graphan instrument panel allows proactive data -based and data -based decision -making.
StateFul segmentation monitors workload across production. Visualization shows the center of the intelligent Cisco N9300 series. One side is optimized for a leaf role with the Cisco Nexus, NX-DEP/CLA for NETOPS and network police and telemetry. Opposite is the side optimized for the boundary gate with on-premise Hypershield devices for Netsops and security policy and compliance.StateFul segmentation monitors workload across production. Visualization shows the center of the intelligent Cisco N9300 series. One side is optimized for a leaf role with the Cisco Nexus, NX-DEP/CLA for NETOPS and network police and telemetry. Opposite is the side optimized for the boundary gate with on-premise Hypershield devices for Netsops and security policy and compliance.
Figure 3. Status segmentation Encrus security policy Fulow Worklods.

Checking and United Security with Hypershield

The Hypershield control plane is light, highly available and air for safe operation. Comprehensive global visibility is supported by automation of both Api- and UI. Based on this Cisco Security Cloud Control, unified management of the distributed segmentation across intelligent switches, agents and circuit gateway firewall – makes security operations and protects critical assets.

Cisco Hypershield integration with an intelligent CISCO N9300 series Cisco N9300 included illustrations for global control, distributed segmentation and unified operations. Visual for Global Control shows Cloud Control and API-Drivent security, automation feeding to Hypershield Controller, which is paired with distributed Hypershield segmentation. Global control means unified visibility and global policy across agents and intelligent switches. The distributed segmentation shows the distributed police and continuity across Hypershield agents, Tor N9300 intelligent switches and workload without agents. The distributed segmentation eliminates blind spots with fully distributed enfava, tilting everywhere, core and network fabric. Unified Operations show the interplay between Hypershield On-Premis controllers with Netsec operations and Cisco Nexus with network operations. United operations are provided by the controls of control with combined operations and problems. Cisco Hypershield integration with an intelligent CISCO N9300 series Cisco N9300 included illustrations for global control, distributed segmentation and unified operations. Visual for Global Control shows Cloud Control and API-Drivent security, automation feeding to Hypershield Controller, which is paired with distributed Hypershield segmentation. Global control means unified visibility and global policy across agents and intelligent switches. The distributed segmentation shows the distributed police and continuity across Hypershield agents, Tor N9300 intelligent switches and workload without agents. The distributed segmentation eliminates blind spots with fully distributed enfava, tilting everywhere, core and network fabric. Unified Operations show the interplay between Hypershield On-Premis controllers with Netsec operations and Cisco Nexus with network operations. United operations are provided by the controls of control with combined operations and problems.
Figure 4. Hypershield control plane is achieved by air for safe operation.

It consists in protection with Hypershield distributed segmentation

The distributed segmentation of Hypershield ensures that it consists in status protection by allowing safety policies to observe workload across production. Inline intelligent switches and agents (core on the network) eliminate blind points and support distributed workload principles without agents such as bare metal and mainframes.

Improved observability: total clarity and safety

By integrating the Cisco Nexus control panel with the Hypershield control level in the Hypershield, NetTSECOPS teams maintain independent inspections and cooperate. This approach accelerates the problem solving and reduces operational direction.

Further integration with Truck and Graphana provides action, in real time knowledge and authorize operating teams of data centers for actively detection, ensure compliance and optimize performance and protect critical business functions.

Unprecedented durability with live protection

Organizations can now increase security on the Nexus switching series based on Cisco NX-OS without downtime or waiting for PSIRTS and software upgrades. Live Protect uses the ISVAILENT Agent Tetragon agent and EBPF shields to quickly deploy controls of compensation against threats such as the eskaling CVE privileges.

Images suggest that security will be provided in the back-end network, network network or Front-End network management. Cisco provides API Dashboard API Cisco Nexus API/NX that feeds on EBPF Cisco-Generald Shield. The shield protects the control plane, routing plane, API, CLI, IO files and network networks Cisco. Shield relief CVE protects user space and axes core from external attacks.Images suggest that security will be provided in the back-end network, network network or Front-End network management. Cisco provides API Dashboard API Cisco Nexus API/NX that feeds on EBPF Cisco-Generald Shield. The shield protects the control plane, routing plane, API, CLI, IO files and network networks Cisco. Shield relief CVE protects user space and axes core from external attacks.
Figure 5. EBPF shields protect against the threats of CVE of privileges.

Cisco first launches this innovative function and helps data centers to remain safe and functional against the emerging CVE threats.

Ready now, built for what will be next

“We are enthusiastic about Cisco Hypershield-Sondated N9300 Series Nexus Smart Switchs. Our investment in this technology allows us to level our security and network strategies while maintaining flexibility so that everyone develops independently. by a request. “

– Eric Bradley, Main Information Officer, Taxslayer

The Cisco N9300 intelligent switches in network mode offer aimed performance improvements and operating simplicity, meeting the requirements of today’s and tomorrow’s data center in the area. For advanced segmentation and integrated protection, the network mode ensures that the infrastructure can safely scal and provide lasting value. And with continuous protection of vulnerability from Cisco Live Protect, data centers have benefited from resistance, scalabibility and values ​​over time.

Resources:

(Tagstotranslate) Cisco Hypershield (T) Cisco Nexus (T) Data Center (T) Intelligent Switches

Leave a Comment