5 Reasons Why vArmour DSS and Cisco ACI are Better Together for the Modern Data Center

5 Reasons Why vArmour DSS and Cisco ACI are Better Together for the Modern Data Center

The Cisco ACI architecture is based upon a Spine and Leaf network fabric where all connections are point-to-point and fully meshed, delivering great performance and resiliency.  A great advantage of the Spine and Leaf model is a centralized control for ease of management and deployment.  Organizations benefit from a centralized configuration model to have one place to manage routing and switching configuration changes.  This architecture is well suited for programmability and orchestration in order to deliver agility.  Cisco ACI also offers strong security controls that limit connections to and from assets in the data center.  Ideal for stateless segmentation and microsegmentation use cases, Cisco ACI delivers a powerful networking solution. 

Cisco ACI, however, does not solve for all Security use cases in the data center.  Unfortunately, fabric based networks offer no logical place for security controls.  To address this, vArmour has developed a distributed system approach that creates security fabric on top of Cisco ACI.  This approach solves several challenges.  We will step you through vArmour’s points of view and 5 reasons why Cisco ACI is best complemented with vArmour Distributed Security System in the modern data center.  

vARMOUR vArmour DSS and Cisco ACI - Better Together

A fabric based networking architecture demands fabric based security controls

  • vArmour inserts on the hypervisor where it can see and control all East-West and North-South traffic flows, placing controls next to all VMs running on the hypervisor. 
  • The vArmour DSS is fully distributed, combining many components but functioning as a single logical system.
  • vArmour sits in the direct data path at the virtual level to deliver stateful segmentation. 
  • vArmour is 100% software-based and delivers 10GB+ performance, 1,000 compute nodes and 100,000 workloads from a single fabric.
  • vArmour DSS is API oriented so security in the modern data center can be orchestrated in a similar way to storage, network and compute.

The modern data center needs Stateful Controls

vArmour delivers an agentless, application-aware Stateful Control that meets or exceeds stringent regulations like HIPAA and PCI.

Different Tools to serve Different Roles

vArmour addresses security needs as a complementary set of controls and visibility for Cisco ACI - designed for the security practitioner and the regulator.

If the network is orchestrated, then so must security

vArmour DSS offers a fully published RESTful API and has an existing integration with the Cisco ACI Controller (APIC) and VMware vCenter. Cisco APIC and VMware vCenter leverage the vArmour API to programmatically deliver enforcement controls at the pace of the modern data center. 

The Modern Data Center needs Layered Security

vArmour DSS complements Cisco ACI by adding a set of dedicated controls providing east/west visibility across the virtual estate, application-aware (L7) stateful filtering, richness of context into workload activities and a variety of additional features that include:

  • Security analytics for threat mitigation, forensics and investigations, and 
  • Distributed deception capabilities for detecting and isolating bad actors within the estate

Data Center technologies have advanced to provide better resource utilization, application availability, and automation. Cisco ACI is a data center networking system with a foundation based on application networking requirements. Although there is native support in ACI for integrated security controls, the insertion model is based on a traditional appliance-based perimeter security model. vArmour DSS incorporates security controls right next to the asset being protected. vArmour DSS delivers a security fabric overlaid on top of Cisco ACI’s network fabric architecture and addresses security needs as a complementary set of controls and visibility for Cisco ACI, delivering a robust solution for both the security practitioner and the regulator.

Related Posts