As data centers become more complex with virtualization and cloud technology, data center security is more of a challenge than ever. To address this problem, Cisco has announced a set of security solutions to be sold through the channel that boost firewall and intrusion prevention
"Customers are on a journey with data center consolidation and the cloud. Partners can come in and be consultative and help them put the solutions together," said Susan Don, director of security business development for Worldwide Channels at San Jose, Calif.-based Cisco Inc.
Cisco data center security technology adds scalability, virtualization management
As part of the launch, Cisco introduced an ASA 9.0 platform operating system upgrade, which will enable firewall clustering and up to 320 Gbps of firewall and 60 Gbps of intrusion prevention system (IPS) throughput. The clustering technology also allows network pros to manage up to eight firewalls as one device.
Cisco partner Nexus IS has had success in selling Cisco's 5585-X Adaptive Security Appliance, and is looking forward to selling the updated system. "[This system] has the high performance requirements that certain customers need, while still having those key services like IPS that we can implement as well," said Mike Zozaya, practice manager of security, mobility and infrastructure with Nexus IS .
Cisco's ASA 1000V virtual firewall also enables unified firewall policy implementation for virtual and cloud environments and is aimed at offering protection for various loads across multiple ESX hosts and decreasing clutter in the data center. This technology is also integrated with Nexus 1000V series switches and works with the Cisco Virtual Security Gateway (VSG) to protect cloud and virtual infrastructures.
Read more about data center security solutions
Partners get trained in data center virtualization to boost sales
Mobile device security policy begins with mobile platform comparison
Selling next-generation firewalls: Overcoming resistance, challenges
"The 1000V is a huge component to the secure data center because now it's a part of the virtual stack," Zozaya said.
The newly introduced IPS 4500 Series is specifically aimed at data-center-class intrusion prevention. This system is supported by Cisco Security Intelligence Operation (SIO) and offers visibility into potential attacks, attackers and targets.
The new Cisco Security Manager (CSM) 4.3 provides network administrators centralized management for Cisco security devices like Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances and mobile clients, providing the ability to share information with other network services like compliance and security analysis systems.
Finally, Cisco's AnyConnect 3.1 enables secure remote access to network resources, and by unifying user and identity policies in a single client, aims to make securing bring your own device (BYOD) easier and more manageable.
Cisco support services for selling data center security
The new data center security products will be introduced to the channel with a series of support material and training for partners.
"Cisco offers sales and marketing resources, competitive documents, promotions and incentives, services and design guides," Don said.
Cisco conducts technical partner training (virtual and in-person) at various times throughout the year. The company also posts educational information to the partner training portal and offers access to remote labs. With the data center launch, partners have already been trained on the ASA 9.0 and IPS 4500 feature sets. For the ASA 1000V, training is in development and will be available soon.
Nexus IS has found that these trainings enhance sales efforts. "This gives us an architectural imprint to tell us where solutions fit in, how it will be deployed, how to manage them, etc. There is pre and post-sale engineering, so when products are launched and we go to market, we are able to maintain and manage the full lifecycle of those solutions," Zozaya said.
Data center security solutions offer partners a core solution with room to expand
For partners, Cisco's new security solutions and accompanying validated designs serve as a great opportunity to offer further support services.
"Cisco's Validated Designs (CVDs) are created to document lab-validated best practices for deployment, operation and management of bringing a system design to market. It includes customer use cases to understand what problems the system design solves, specifications on hardware and software configurations validated in the lab, and any design limitations and possible workarounds that were discovered," Don said.
With data center networks becoming increasingly complex, CVDs offer customers a sense of ease when approaching a new technology.
"To be able to see a validated design makes people feel more comfortable. We build standards and deployment best practices of our own, so we don't have to reinvent the wheel. There's never a one-size-fits-all, but it's better to have a validated design. Cisco does have data center designs and [they] do a lot of the leg work for us, but then we can take that, customize it, start to build additional designs and branch out from there," Zozaya said.
When selling data center security solutions to customers, Nexus IS tries to stay away from product type selling, and focuses more on understanding what the customer wants to do.
"We start by trying to find out what customers are trying to protect and then we layer security from there on outward to protect from internal and external users. With the data center in particular, customers want to consolidate, want to virtualize, want to upgrade, are considering cloud services, etc. One of the key things is segmentation and multi-tenancy. The 5585 ASA, 1000v help with that and make customers feel comfortable doing those things in the data center," Zozaya said.
To ensure all of these solutions function correctly once deployed, the monitoring and management responsibilities are a joint effort between partners and Cisco.
Most of the services sold by Nexus IS are attached to Cisco SMARTnet services, but the partner also offers managed solutions and remote monitoring, Zozaya said.