High-Density VM Deployment with the Nexus 1000V Pierre ......Presentation_ID © 2009 Cisco Systems,...
Transcript of High-Density VM Deployment with the Nexus 1000V Pierre ......Presentation_ID © 2009 Cisco Systems,...
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID 1
High-Density VM Deployment with the Nexus 1000V
Pierre-Emmanuel EttoriTechnical Marketing EngineerServer Access & Virtualization Business Unit
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 22
High-Density VM Deployment
100s of VMs per server for virtual desktop deployment
Enabled by new hardware Cisco Unified Computing System hosts 160 VMs per blade
High-Density reduces OPEX and CAPEX
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID
High-Density VM Deployment Consideration
How can I manage and monitor this dense and dynamic environment ?
How can I secure and protect my datacenter like before yet leveraging all the benefit of Virtualization
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 44
Blurring of Campus and Data CenterCampus and data center used to be separated
Virtual desktop blurs boundaries
Need to protect virtual desktop just like a campus
High VM density requires effective troubleshooting techniques
DHCP Server
Web Server
File Server
Data CenterCampus
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 55
High Density VM Deployment
How do you know if a VM has been corrupted and spreading virus to others?
How do you secure and protect the different type of users and traffic
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 66
Monitor a High Density VM Deployment with the Nexus 1000V
Select individual VM traffic to review
Redirect and monitor Traffic for further inspection using ERSPAN
Analyze network traffic and export it to a collector using NETFLOW
Network AnalysisIntrusion Detection
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 77
Secure a high-density VM Deployment with the Nexus 1000V
Protect the Virtual Infrastructure by deploying well- known tools that have been used before in the Campus
IP Source GuardDynamic ARP Inspection
DHCP SnoopingPort Security
Deploy Virtual Service Domain to allow segregation and protection at the organization level
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 8
Network Attacks
VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM
Rogue VM: Change/Add
MAC Address
Rogue VM: Change/Add IP Address
Rogue DHCP Server
VMotionVMotion
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 9
Cisco Integrated Security Features Mitigates Network Attacks
VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM VMVM
Rogue VM: Change/Add
MAC Address
Rogue VM: Change/Add IP Address
Rogue DHCP Server
DHCP Snooping
IP Source Guard
Dynamic ARP Inspection
VMotionVMotion
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 1010
Virtual Service Domain
Monitor and enforce network traffic within the datacenter:
•Meet corporate security policies•Ensure regulatory compliance
•Support third party appliance integration like VShield
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 1111
High-Density VM Deployment with the Nexus 1000V Demo
Nexus 1000V manage and secure seamlessly300 VMs running on 2 Unified Computing Systems Blade
Demo how a Rogue VM can be stoppedusing the Nexus 1000V
ARP SpoofingMan in the Middle Attack
DNS InterceptionDHCP Poisoning
© 2008 Cisco Systems, Inc. All rights reserved.Presentation_ID 12
For more information visit: www.cisco.com/go/vmworld09
© 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID © 2009 Cisco Systems, Inc. All rights reserved.Presentation_ID 1313