QA on Securing FlexPod Architectures with Next-Generation Firewalls

Aug 27, 2012
4 minutes

If you haven’t yet heard, we’ll be at VMWorld 2012 in San Francisco next week. One of the key solutions we’re highlighting at this event is how we secure FlexPod architectures with next-generation firewalls. For those of you who may not be familiar with FlexPod, it is a pre-designed infrastructure stack for data centers, built on the Cisco® Unified Computing System™ (UCS™), Cisco Nexus® data center switches, and NetApp® FAS storage components.

We worked with Trace3 to validate a VMware on FlexPod architecture, secured with Palo Alto Networks next-generation firewalls in their data center. The validated, secure “VMWare on FlexPod” reference architecture provides the foundation for various virtualized application workloads, and allows you to quickly deploy a secure infrastructure stack to deliver on-demand, self-service applications. I spent some time with Steve Groom, the Security Practice Manager at Trace3, to discuss this validated design:

Danelle: For those customers who may not be familiar with FlexPod, can you explain what it is?

Steve: FlexPod in its simplest form is a reference architecture designed by CiscoTM and NetAppTM to provide a pre-designed highly reliable and scalable computing environment. FlexPod combines the latest networking, storage, compute and virtualization technologies in a validated design that takes the guess work out of creating a virtual desktop or server infrastructure, secure multi-tenancy, or cloud environment.

Danelle: Why are these data center pods in demand right now?

Steve: Every IT shop in the world is focused on trying to provide flexibility and value back to the business while simplifying their operations so that they can compete with cloud offerings and maintain the security posture their business requires. These data center pods help them do that.

Danelle:. What are the security challenges to consider when deploying these "data center in-a-box" solutions? 

Steve: The business, compliance and security requirements remain the same. The FlexPod reference architecture design itself does not account for all the security controls that are required in most cases. If fact, some of the flexibility and performance benefits that FlexPod brings to the table pose significant security and segmentation challenges; especially in dynamic server and multi-tenancy environments.

Danelle: What are the benefits of next-generation firewalls in addressing these challenges?

Steve: The benefits of next-generation firewalls are their native ability to provide advanced telemetry for applications, users and content otherwise obscured in dynamic or traditional computing environments.  The visibility provided by next-generation firewalls empowers security teams to integrate security balance into computing platforms that by default create evasion and pose a risk to existing security models.

Danelle: What are the benefits of this validated design to your customer?

Steve: This design enables us to provide a next-generation network security reference architecture for clients deploying FlexPod architectures. In some cases, existing clients already own a Palo Alto Networks next-generation firewall and want to extend their capability. In other cases, clients want to elevate security controls to mitigate the aforementioned risk and evasion native to dynamic computing platforms. In either case a next-generation firewall will provide visibility and security controls to resident storage, compute and virtualization components.

Danelle: What are some of the other areas where this validated design can make things easier for IT security folks?

Steve: The aforementioned visibility is critical towards being able to meet regulatory compliance. Next-generation firewalls have proven to be very effective in their ability to log and correlate threats which lead towards increased efficiencies in security operations and regulatory compliance.

We are very excited about how this validated design can help you accelerate the process of delivering secure, virtualized application workloads. If you’re interested in hearing more details about how our next-generation firewalls safely enable applications by user, application and content, protect against all data center threats and flexibly integrate into any FlexPod environment, do stop by our booth at VMWorld to find out more. Alternatively, read more about our validated design in this solution brief here.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.