News Stay informed about the latest enterprise technology news and product updates.

Cisco adds policy-based security to ACI platform

Cisco blends threat protection to its ACI portfolio to enable security policies.

LAS VEGAS -- Cisco has integrated the FirePower intrusion prevention system into the company's software-defined networking platform to provide policy-based security.

The integration announced Tuesday at Interop 2015 in Las Vegas means the policy engine used to configure data center switches can also be used for setting rules governing FirePower appliances, both physical and virtual. Cisco has also released application program interfaces for integrating third-party security appliances.

Cisco's approach to software-defined networking (SDN) is called Application Centric Infrastructure (ACI). Cisco ACI is not a pure software approach to SDN, like rival VMware's system. Instead, Cisco ties network-controlling software to its hardware, particularly the Nexus 9000 series of switches.

At the heart of Cisco ACI is the Application Policy Infrastructure Controller. The APIC console is where policies are created and deployed on network devices. Starting in June, FirePower will be supported in APIC. Security vendors Check Point, Fortinet, Infoblox, Intel, Radware and Symantec plan to integrate their products with Cisco's controller.

Virtualization vendor VMware's strong presence in the enterprise market makes it Cisco's biggest rival in the SDN market. VMware's SDN product, called NSX, provides security through software embedded within the company's virtualization products.

Cisco's and VMware's approach to SDN could not be more different. But the vendors agree that they won't win over enterprises without proving their architectures are secure.

"Security has been a huge issue for customers," said Scott Lowe, engineering architect for VMware.

Cisco's latest announcement does not change the ongoing rivalry with VMware.

"Neither is really ahead of the other," according to Shamus McGillicuddy, analyst for Enterprise Management Associates, based in Boulder, Colo.

Fighting customer skepticism

A unique hurdle for Cisco is getting customers to make the hardware upgrades necessary to deploy ACI. In addition, companies have to hire talent or retrain staff to manage and maintain what is essentially a new networking architecture. Cisco customers are unlikely to embark on such an undertaking without a clear return on investment.

To combat customer reluctance, Cisco is highlighting companies taking the ACI plunge; at Interop, Cisco announced Ameritas Life Insurance Corp. is deploying ACI in two data centers, one in Lincoln, Neb., and the other in Cincinnati. The latter replaces a facility housed in an old building that's sinking. Both facilities are in a 30-acre complex.

"If we had not been doing the data center [replacement] project right now, we probably wouldn't have jumped into ACI at this time," said Chuck Huetter, director of Information Technology at Ameritas.

Ameritas uses Cisco for all networking hardware. To prepare for ACI, the company upgraded its switches from Catalyst 6500s to the Nexus 9000.

The company started the project in January and expects to be in production by the end of May. Ameritas has handled most of the deployment on its own. When the project is done, ACI will be used to control the data center network in Lincoln. The facility in Cincinnati will be used for disaster recovery.

Dig Deeper on Network Security