Is the Security Appliance Going Virtual?

A look at the potential future of the Security Appliance.

A few short weeks ago I had the privilege of attending Gestalt ITs Networking Tech Field Day. It became apparent very quickly that the topic of interest to all the vendors was that of Data Center Virtualization. Each vendor that we visited showed off their high end equipment and gave technical presentations on them. You could quickly get a feel for the fact that they all position themselves to take on Cisco. So upon returning from the event I began to look at some of the data center designs that Cisco Makes available. In particular I referenced the Security and Virtualization in the Data Center document. What stood out to me was that the document covered the ASA 5580 at the Data Center Aggregation Layer. As I read through this document I had to see what HP said. My good Friend Google gave me the Real Security For Virtual Networks. In that document the following statement is made:

"For this reason, the secure perimeter approach is giving way to the secure network fabric, indicative of the need for pervasive security throughout the network to better deal with a host of internal threats and policy requirements."

The document further goes on to state:

"The answer to these questions relies in taking advantage of virtual firewalls."

Now there is no suprise there for me. I know the ASA supports multiple context mode and that's what HP is talking about. But then I look at what VMware is doing and I have to ask, with vShield could this all change? Could we be heading toward a future where the physical choke point seen with the Cisco ASA and other physical security devices at the edge. I also wonder if it makes more sense to virtualize our firewall so that if a VM moves the firewall and firewall policy can go with it. Additionally, who owns the firewall if this comes to be? Does the Network Security guy become the Virtual Security Guy or does the Data Center guy become the Security guy? Who owns the policy? Who makes the changes and controls the change control? I'm sure the discussion could go on, but i'll leave it there for now. What are your thoughts?

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022