Building the Next Gen Secure Data Center Apr 14

39
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Building NextGen Secure Data Center Positioning Secure Data Center R Krishnan TME  DC Security March 2015

Transcript of Building the Next Gen Secure Data Center Apr 14

Page 1: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 1/40

© 2015 Cisco and/or its affiliates. All rights reserved.

© 2015 Cisco and/or its affiliates. All rights reserved.

Building NextGen Secure

CenterPositioning Secure Data CenterR Krishnan

TME – DC Security

March 2015

Page 2: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 2/40

© 2015 Cisco and/or its affiliates. All rights reserved.

What You’ll Learn From This Presentation 

Cisco’s data center security strategy and

its business benefits

How to leverage Partner Programs to Increase theDC Security Opportunity

Positing the Cisco’s New Security model

in DC Architecture

© 2015 Cisco and/or its affiliates. All rights reserved.

DC Security Use Cases

Page 3: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 3/40

© 2015 Cisco and/or its affiliates. All rights reserved.

© 2015 Cisco and/or its affiliates. All rights reserved.

Cisco’s Data Center Security StrategyBusiness Benefits

Page 4: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 4/40

© 2015 Cisco and/or its affiliates. All rights reserved.

Data Center Security Challenges

 Agility, Reduce complexity andfragmentation of security

solutions

Maintain security andcompliance while the data

center evolves

Stay athe evol

land

95% of firewall breaches

caused by misconfigurations*3000% increase in network

connections per second

by 2015

Over 100,00

eve

Provisioning Performance Prot

* Greg Young, Gartner Inc

Page 5: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 5/40

© 2015 Cisco and/or its affiliates. All rights reserved.

Trends impacting the Data Center

Page 6: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 6/40

Cisco Security Supports DC Purchasing

Threat Management: Global/local threat correlation with contextual analys

Segmentation: Cisco supports strong, policy-based data center segmenta

Expanded Deployment Options: Cisco can enforce policy across inter-DC

Resiliency: Cisco provides high availability and dynamic clustering

Scalability: Cisco delivers policy enforcement at data center speeds

Virtualization: Cisco can secure east-west traffic in multi-hypervisor enviro

Page 7: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 7/40

Cisco Security is Designed for the Data C

Ease of Provisioning Optimum Performance Actionabl

• Can be deployed dynamically

and quickly

• Ties data center and security

policy together

• Gives the right tool

to the right team

• Optimized for DC performance

 – to handle data bursts

• Highly available and resilient

• Matches security performance

to network performance

• Supports asymmetrical

traffic flows

• Before, During

protection

• Can inspect b

and east-west

• Custom applic

• Protects tradit

and cloud env

Page 8: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 8/40

© 2015 Cisco and/or its affiliates. All rights reserved.

Visibility and Context

Firewall

NGFW

NAC + Identity Services

VPN

UTM

NGIPS

Web Security

Email Security

 Advanced Malware Protectio

Retrospective Security

Cisco’s New Security Model

BEFORE

Discover

Enforce

Harden

AFTER

Scope

Contain

Remediate

 Attack Continuum

Detect

Block

Defend

DURING

Secure DC, Enterprise Licensing Agreement, Enterprise Mobility

IoCs/Incident Response

Page 9: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 9/40

© 2015 Cisco and/or its affiliates. All rights reserved.

Cisco Validated Design ProcessInnovation and Quality Through System-Level Design and Validation

Critical customer engagementsconsider end-to-end view

Product development

Cross-platform collaboration

ThougSystem-leve

Sys

Tested and valid

System

Development

Fundamentals

System Development Guidelines

Planning Design End-to-End Validation

   U  n   i   t

   F  e  a   t  u  r  e

   I  n   t  e  g  r  a   t   i  o  n

   S  y  s   t  e  m 

   C  u  s   t  o  m  e  r

Page 10: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 10/40

© 2015 Cisco and/or its affiliates. All rights reserved.

New Secure Data Center CVDs

• Five Secure DC CVD Solutions

• Focused on integrated solutions and Cyber

Threat Defense

- Fully Tested and Validated Architectures

- Best Practices Designs and Blueprints

- Support physical, virtual, cloud, and hybrid

environments• Integrate Cisco and Sourcefire

Technologies

Secure Enclave

 Architecture

Single Site

ClusteringThreat Mgmt

Cyber Threat

Defense

Secur

Data

Page 11: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 11/40

© 2015 Cisco and/or its affiliates. All rights reserved.© 2015 Cisco and/or its affiliates. All rights reserved.

Positing the Cisco’s New Security moDC Architecture

Page 12: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 12/40

© 2015 Cisco and/or its affiliates. All rights reserved.

 ASA 5585-S20F20

 ASA 5585-S40F40

 AS

 ASA 5585-S10F10

Cisco ASA with FirePOWER ServicesNext-Generation Security for the Internet Edge and Data Center

4.5 Gbps AVC

2 Gbps AVC + IPS

500,000 connections

40,000 CPS

Medium Internet Edge

7 Gbps AVC

4.5 Gbps AVC + IPS

1 million connections

75,000 CPS

10 Gbps AVC

6 Gbps AVC + IPS

1.8 million connections120,000 CPS

Large Internet Edge/Dat

1

10 G

4 mil

1

1

S

Page 13: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 13/40

 ASA with Firepower ModuleComprehensive Capabilities to Solve the Threa

• World’s most wienterprise-classfirewall

• Granular Cisco®

Visibility and Co

• Industry-leading

next-generation

• Scalable Segme

•  Advanced malw

Cisco ASA + FirePOWER

Identity-PolicyControl & VPN

URL Filtering(Subscription)

FireSIGHT

 Analytics &

 Automation

 Advanced

Malware

Protection(Subscription)

 ApplicationVisibility & ControlNetwork FirewallRouting | Switching

Clustering &

High Availability

WWW

Cisco Talos Enabled

Built-in NetworkProfiling

Intrusion

Prevention(Subscription)

Page 14: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 14/40

 ASA Feature Set

 ASAv

Removed clustering and

multiple context mode

Parity to physical form-factor feature

Scaling through virtualization

Up to 10 virtual NIC interfaces

Hypervisor-agnostic

vSwitch-independent

 Restful API support SDN and traditional management too

Scales to 4 virtual CPUs and 8 GB of

  Performance – 1 to 2Gbps

 Ability to manage one policy on both

physical and virtual ASAs

Cisco Virtual ASA (ASAv) Firewall

Page 15: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 15/40

Cisco ASAv Data Sheet: Performance and Scale

Data Sheet Metric Cisco ASAv10 Cisco ASAv30

Stateful Inspection Throughput (Maximum) 1 Gbps 2 Gbps

Stateful Inspection Throughput (Multiprotocol) 500 Mbps 1 Gbps

Concurrent Sessions 100,000 500,000

Connections per Second 20,000 60,000

VLANS 50 200

Cisco® Cloud Web Security Users 100 500

3DES and AES VPN Throughput 50 Mbps 300 Mbps

S2S IPsec IKEv1 Client VPN User Sessions 250 750

Cisco AnyConnect® or Clientless User

Sessions250 750

Unified Communications Phone Proxy 250 1,000

Tested o

Cisco UCS® C2

Cisco UCS B20

Intel Xeon proc

Reserva 5000 kHz on Ci

20,000 kHz on

(Cisco ASAv re

Page 16: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 16/40

Industry-Best NG Intrusion P

Real-Time Contextual Aware

Full Stack Visibility

Unparalleled Performance a

Physical and Virtual Form Fa

Traditional DC and ACI/AP

Detects and Inspects Custom

Easily add Application Contr

and Advanced Malware Prot

optional subscription license

FirePOWER NGIPS/vNGIPS with AMP

Page 17: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 17/40

8270/8360*8260

8250

8140

8120/ (8150

20 Gbps

10 Gbps

6 Gbps

4 Gbps

2 Gbps

IPS Throughput 

8130

40 Gbps

30 Gbps

8290

FirePOWER NGIPS Appliance Range and Perfo

60Gbps 8390*45 Gbps 8370*

15Gbps 8350*

Appliances & SFR on ASA Managed via (Defense Center) FireSight Management CeAppliances-10, 35, 150 devices. VM- 2, 10 or 25 devices

Model # 

Page 18: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 18/40

Cisco ISE With TrustSec Policy Segmentation

Employee/ Laptop

Employee/ iPad

Guest / Laptop

Intellectual

Property

Employee

IntranetInternet

✗ 

✔ 

✗ 

✔ 

Guest / iPad ✗ 

✗  ✔ 

✔ 

✔ 

✔ ✗ 

Simplifies Policy with Security Gro

Reduces ACL and Firewall Rule

 Allows for Segmentation witho

Who can talk to whom?

Who can talk to which systems?

Which systems can talk to other systems?

Desired Policy

✔ 

Flexible and Scalable Policy En

Switch Router  ASA DC

Swi

Streamlines Secure Data Center

Scalable Segmentation

Design 1# : Cisco Secure Data Center for the Enterp

Page 19: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 19/40

Physical-Virtual-Mixed Workload Environments

Advanced Real-timeThreat Defense

NGFW

 ASA+FP

Cluster

QFP

Physical

 Access

Compute

Storage

Converged Network Stack Rack Server Deployment

Physical

 Access vSphere 

 App

OS

 App

OS

 App

OS

 App

OS

Tier1 

Nexus1000V 

vSphere 

 App

OS

 App

OS

 App

OS

 App

OS

Tier2 

Nexus1000V 

vSphere 

 App

OS

 App

OS

 App

OS

 App

OS

TierN 

Nexus1000V 

WAN

QFP

 C l   u s  t   er  C  on t  r  ol  L i  nk 

vPC/vPC+

Design 1# : Cisco Secure Data Center for the EnterpScaling the Data Center in Single Site (ASA with FirePOWER Module)

DC Core Layer

DC Aggregation

and Service Layer

Virtual Network and

 Access

Identity Services

Engine

ISE Policy

Manager

Cisco Security

Manager

UCS Director

Defense

Center/FirePO

WER

Management

Center

Management and

Operations  ASA5585-X

North-South

Scale upto 1

 Support Spa

Mode

640G/196G  50 Million C

 2.8 Million C

250 Context

Integrated w

 TrustSec to

 Firewall on

 ASAv and

East-West

 ASAv in th

tiers with V

Multi-Hype

 Open API

Throughpu

 Same Ma

Physical a

D i 2# Ci S D t C t f th E t

Page 20: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 20/40

Physical-Virtual-Mixed Workload Environments

Advanced Real-timeThreat Defense

NGFW ASA+IPS Cluster

QFP

Physical

 Access

Compute

Storage

Converged Network Stack Rack Server Deployment

Physical

 Access vSphere 

 App

OS

 App

OS

 App

OS

 App

OS

Tier1 

Nexus1000V 

vSphere 

 App

OS

 App

OS

 App

OS

 App

OS

Tier2 

Nexus1000V 

vSphere 

 App

OS

 App

OS

 App

OS

 App

OS

TierN 

Nexus1000V 

WAN

QFP

 C l   u s  t   er  C  on t  r  ol  L i  nk 

vPC/vPC+

Design 2# : Cisco Secure Data Center for the EnterScaling the Data Center in Single Site (ASA with SourceFIRE Appliance

DC Core Layer

DC Aggregation

and Service Layer

Virtual Network and Access

Identity Services

Engine

ISE Policy

Manager

Cisco Security

Manager

UCS Director

Defense

Center/FirePO

WER

Management

Center

Management and

Operations  ASA5585-

North-Sout

Scale upto

 Support SMode

640G/160G  2.8 Million

 96 Million

Integrated

 ASA Cluste

FirePOWE

 IPS can w

Page 21: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 21/40

Page 22: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 22/40

Mapping Attack Continuum to Functional Capa

Threat Containmentand Remediation

File, packet, and flow-based inspection andanalysis for threats

Access Controland Segmentation

 Access controlpolicies, segmentation,

secure separation

IdentityManagement

User identity and accessposturing, network-based

user context

Application Visibilityand Control

File control and trajectory,network file trajectory,application quarantine,data loss prevention

LogginM

Than

Products

FirePOWER withFireSIGHT, Intrusion

Protection, Network-based AMP, Email AMP, CWS AMP, FireAMP for End

User and Mobile

Products

 ASA 5585-X, SGTs,SGACLs, SXP, andTrustSec capableswitching fabric

Products

Cisco ISE,FirePOWER with

FireSIGHT

Products

FirePOWER withFireSIGHT,

 Access Control,FirePOWER NGFW

Firfor

Lancfo

NetF

log

BEFORE DURING AFTER

Before, DuringBefore, During, After Before, DuringBefore, During Bef

Page 23: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 23/40

Cisco Application Centric Infrastructure

Cisco® ACI Fabric

“Files”  “Users” 

Full abstraction, decoupled fromVLANs and dynamic routing, low

latency, built-in QoS

Flat Hardware Accelerated Network

Every device is one hop away,

microsecond latency, no power or port

availability constraints, ease of scaling

Flexible Insertion

Cisco ACI controller manages all

participating devices; change control

and audit capabilities

Unified Orchestrationand Visibility

Hardware filteri

gateway; transp

“service f

Fabric

Heterogene

external clo

com

Logical E

Page 24: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 24/40

Nexus 7000

ACI Fabric

EPG Ext

Graph

EPG Ext

ACI

ASA

EPG Web

PhysicalLogical

EPG Web EPG DB

ASACluster

Units added as capincrease

Physical appliancemore power

Fabric programs inVLAN, or tag pair afor new inter-EPG

Fabric instantiatesnew tenants

PHYSICAL NORTH TO SOUTH DEPLOYEMNT

Page 25: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 25/40

 ASAv deployed in fail

New instances can bedemand for new tena

Fabric programs VLA

tag pairs for inter-EPG

 APIC uses API to instadditional ASAv baseand oversubscription

ACI Fabric

Graph

Physical

Logical

EPG Web ACI ASA EPG DB

EPG WebASAv

standbyASAvactive EPG DB

VIRTUAL EAST TO WEST DEPLOYMENT

Page 26: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 26/40

© 2015 Cisco and/or its affiliates. All rights reserved.

Use Cases

Ci ASA5585 X U C

Page 27: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 27/40

Physical to Virtual

•  North-South Traffic Protection

• Network Virtualization andZone/Tenant based flow control. 

• Unique policies and traffic decisionsapplied to each zone

• Physical Infrastructure mapped per

zone VRF, Nexus Virtual Device Context,

VLANs, SGT

 ASA 5585-X supports Max of 256Context

 ASA Context supports mix of Router

and Transparent mode

Segmentation VRF-VLAN-Virtual Context

28

ASAv ASAZone A

Nexus 7K

ASA 5585-X

CTX1 CTX

VLANx1

VLAN x 2

VLANy

VLANy

Segmentation Building Blocks

Cisco ASA5585-X Uses Cases

SERVER

SGT SGT SGT

Page 28: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 28/40

Cisco ASAv Use Cases

Cisco ASAv as Tenant Edge

Security Policy and ACL Using VLAN

Security policy per vNIC or VLAN Includes per-interface IPv4/v6 ACLs,

NAT66/NAT64/NAT46, etc. Suits a large tenant on multiple VLAN

10 vNICs and 200 VLAN subinterfa  Provide Remote VPN for secure con

VM 1

VM 2

VM 3

VM 4

VM 5

VM 6

Vswitch or Cisco Nexus

vPath-Enabled ServCis

CAS

VLAN

10

Cisco ASAv for East-West Traffic Policy

Cisco ASA Firewall Policy per VLAN

Bridges up to 4 interfaces  Allows for 8 BVIs per Cisco ASAv

Centralized policy on a VM

 Required Vlan Stitching

 All inter-VLAN traffic passes through Cisco ASAv

VM 1

VM 2

VM 3

VM 4

VM 5

VM 6

VM 7

VM 8

Cisco ASAvBridges

VLANs/vNICs

VLAN 10 VLAN 20

Cisco Nexus ® 1000V

 APP Tier 1  APP Tier 2  APP Tier 1  AP

Page 29: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 29/40

© 2013-2014 Cisco and/or its affiliates. All rights reserved.

NGIPSv Use Cases

Virtualizing Security SecuringVirtualization

Servi

Drivers

• Frequent expansion – requireselasticity

• Disconnected environments

• Small environments (e.g. PoS)

Solution Provides 

• Support for existing virtualinfrastructure

• Rapid, low-overhead deployment

• Single pane-of-glass for physical andvirtual environments

Drivers

• Visibility into virtual networkcommunications

• Virtualized workloads in PCI scope

• Virtual hosted desktop deployments

Solution Provides 

• Intrusion detection/prevention forvirtual network

• Single pane-of-glass for physical andvirtual environments

Drivers

• Virtualizing n

• Providers loovalue-added

• Organizationmodel

Solution Provi

• Cost-effectivedetection/pre

• Support for v

• Rapid, low-ov

• Consistent se

Page 30: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 30/40

10.1.1.1

172.16.1

192.168.10

Server

192.168.1.1

192.168.1.100

172.18.20.13

Source EPG

Leaf 1, port 1 Users

Leaf 1, port 10 Users

Destination EPG

Leaf 3, port 2 Servers

Leaf 4, port 8 Servers

Leaf 5, port 12 Servers

Service Action

TCP/80 Redirect, ASA1

TCP/443 Redirect, ASA1

TCP/22 Redirect, ASA1

TCP/25 Redirect, ASA1

ICMP Redirect, ASA1Leaf 2, port 12 Users

Port Rules

Network Admin

 Add client 172.18.20.13,

use standard ASA

template

Remove client

192.168.1.1

Create stand

 ASA advanc

policy templat

 APIC

 Advanced policies,

limited ACL rules

Same 5 port –level

service rules and

actions

 ASA1Clients

Cisco ASA in ACI Use Case

Page 31: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 31/40

© 2015 Cisco and/or its affiliates. All rights reserved.

Increasing the Opportunity

Page 32: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 32/40

Cisco Data Center Security Leadership

Cisco is thleading da

security s

Cisco holbrand for security

Cisco in t

vendors uevaluationpurposes

YOUR CALL TO ACTION: Walk your customer through this report as a standard part of

center security sales engagementshttp://wwwin.cisco.com/marketing/borderless/security/docs/Infonetics_dcSecSurvey_mar2013.pdf

Page 33: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 33/40

Security Increases DC Deal Size

 AverageDC Deal

$370K

IncrementalSecurity

$150K

ST

Nexus 7K/5K/3K/2K

UCS

Nexus 1000V

Nexus 1010

VM-FEX

UCS for Virtualized Environments

 ASA 5585-X

 ASAv

VSG

NGIPSIncr

Page 34: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 34/40

Connecting the Partner Programs

Importa

Through Spartners ge

discounts o

generation

registered

Opportunit

(OIP) or Te

Program (T

http://www.c

s/incentives

urity-ignite.h

Up-Front

Discount

Back-End

Rebate

OIP or TIP

Security Ignite

VIP

Extra VIP if Gold

Up-Front

CreditTMP

Up to 6%

Up 50%

Trade inCredit

ExistingRebate

Programs

Page 35: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 35/40

Products in the following product families are eligible for Ssome exceptions.

• Cisco® Cloud Web Security – all products

• Cisco Web Security Appliances – all products

• Cisco Email Security Appliances – all products

•Cisco Security Management Appliances – all products

• Cisco Identity Services Engine – all products

• Cisco FirePOWER® Appliances – all products

• Cisco Next-Generation Firewall – select products, refer to the list of Eligible ProSecurity Ignite page 

Note: Based on Specialization

Eligible Products

Page 36: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 36/40

© 2015 Cisco and/or its affiliates. All rights reserved.© 2015 Cisco and/or its affiliates. All rights reserved.

Summary

Page 37: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 37/40

© 2015 Cisco and/or its affiliates. All rights reserved.

Maximized

Performance

Maximized

PerformanceEase of provisioning

Maximized

PerformanceEase of provisioning

Speeds

adoption of

new services

from weeks to

hours

16% less input

power versus

competitive

firewalls

80% reduction

in manual

firewall rules

SummaryCisco Data Center Security Accelerates Your Business

vPC and

FabricPath

optimize

traffic flow

Max of 640Gb

firewall

throughput.

Page 38: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 38/40

© 2015 Cisco and/or its affiliates. All rights reserved.

Data Center Security

is a Key Opportunity

Use Cisco’s Industry Leadershipand Competitive Differentiators

Leverage Cisco’s Partner Programs

Key Takeaways

1

2

3

© 2015 Cisco and/or its affiliates. All rights reserved.

Page 39: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 39/40

• Go to the Secure Data Center

Solutions Web page on cisco.com

• Go to the Design Zone Website

• Provide a Capabilities Gap

 Assessment

to help customers maximize their

Cisco investment• http://www.cisco.com/go/securedc

• http://www.cisco.com/go/designzone

Next Steps

Page 40: Building the Next Gen Secure Data Center Apr 14

7/21/2019 Building the Next Gen Secure Data Center Apr 14

http://slidepdf.com/reader/full/building-the-next-gen-secure-data-center-apr-14 40/40

Thank You