Security has been a much-touted impediment to broad cloud adoption. Migrating virtual applications to the cloud means that enterprise customers have to overcome the security concerns of using shared infrastructure in a multi-tenant environment. The hesitation comes partly from having to implement changes to well-entrenched enterprise security designs and policy enforcement while still having to adhere to industry compliance and regulations.
How can you maintain existing security policies while leveraging the benefits of cloud orchestration? Cisco and Citrix are addressing this with the capabilities in CloudPlatform 4.2, powered by Apache CloudStack. CloudPlatform enables you to support both traditional enterprise applications which may have strict enterprise-focused security and network policies as well as cloud-native applications in a single orchestration platform with the ability to define infrastructure zones tailored to the needs of the application.
Introducing the Solution Components
Citrix CloudPlatform has unique integrations with Cisco hardware and software, making it easier for customers to configure network devices and leverage their existing Cisco resources. Components of the solution includes:
- Citrix CloudPlatform 4.2 – the application-centric cloud solution proven to reliably and efficiently orchestrate both enterprise and cloud native application workloads with a single unified cloud management platform.
- Cisco Unified Computing System (UCS) – the set of servers that unify computing, networking, management, virtualization, and storage access into a single integrated architecture that provides control for both bare metal and virtual environments including Citrix XenServer and other leading hypervisors.
- Cisco ASA1000v Cloud Firewall – the enterprise-class network security solution which can be deployed on a VM for public and private clouds, supporting physical, virtual, and multi-tenant cloud environments.
- Cisco Virtual Network Management Center (VNMC) – the centralized multi-device and policy management for Cisco network virtual services
Large-Scale Bare Metal Provisioning using Citrix CloudPlatform
With the new Citrix CloudPlatform 4.2 release and integration with Cisco UCS, operational tasks such as adding new UCS blades into hardware resource pools can be streamlined and automated. Pre-defined UCS hardware profiles are brought over through the API to the user interface in CloudPlatform and admins can associate the desired hardware profile to the blade. With a simple step, the admin provisions guest OS/bare metal rapidly onto discovered UCS blades to offer Bare-metal-as-a-service, all within a single unified cloud management platform. Admins create bare-metal templates with pre-defined operating system or hypervisor configurations and store the templates in their HTTP/webservers so that they are readily accessible. Once the URL locations are registered with CloudPlatform, admins automate hardware provisioning onto UCS or any server with this feature. This is how service providers like BT and Bell Canada running CloudPlatform on UCS maintain consistency and accelerate hardware deployment for thousands of machines.
Maintaining Security and Networking Policies
Another Cisco integration with CloudPlatform is through the Cisco ASA1000v Cloud Firewall. Deployed on a VM instance, Cisco ASA1000v is an integrated network service provider for CloudPlatform and can be used to secure applications on isolated networks. A key benefit of using Cisco ASA1000v Cloud Firewall in CloudPlatform allows admins to deploy cloud applications while preserving their existing network security configurations.
Leading networking and firewall providers like Cisco ASA1000V and Citrix NetScaler have integrated with CloudPlatform to provide a variety of L2 to L7 network services. Network services currently supported include load balancing, routing, port forwarding, usage data, firewall, gateway DNS, DHCP, source NAT, static NAT, VPN and VLAN.
Once the admins have pre-defined the Network Service offerings in CloudPlatform, users select the network configuration of choice while deploying a VM and when migrating VMs from one network offering to another.
Citrix and Cisco Experts Working Together, Better Together
We realize that building your own infrastructure solutions from components can be time-consuming and complex. For that reason, Cisco and Citrix engineers are working together to develop a pre-sized and pre-tested, Cisco-validated solution for CloudPlatform.
As a preview of the Cisco Validated Design (CVD), you can read about the Reference Architecture and Solution Brief developed by CloudPlatform and UCS subject matter expects so that you know the security capabilities of the cloud before you deploy.
Interested in hearing more about Citrix and Cisco