Exam Topic 4: Virtualization Overview
Virtualization technologies abstract logical elements from hardware (applications or operating systems) or networks (LANs and SANs) and run them in a virtual state
- Allow a physical device to share its resources by acting as multiple versions of itself
- Allow multiple physical devices to logically appear as one
Benefits of virtualization
- improves network efficiency
- provides enhanced flexibility – management, reassignment, resources
- reduces operational expenses and increased uptime
- Reduced power and space
- Traffic isolation – separation of user groups
- Per-departmental security policies
- Better use of computing resources
Driving forces for virtualization adoption
- Need to reduce power costs
- Consolidation of assets – reduce number of devices
- Logically separate user groups and traffic
- Eliminate underutilized hardware
Virtualization types
- Network Virtualization – logical isolation of network segments that share the same physicalinfrastracture
- VLAN: Virtual local-area network
- VSAN: Virtual storage-area network
- VRF: Virtual routing and forwarding
- VPN: Virtual private network
- vPC: Virtual Port Channel
- Device Virtualization – single physical device acts as many copies of itself or multiple physical devices to act as one logical unit
- Server virtualization: Virtual machines (VM)
- Cisco Application Control Engine (ACE) context
- Virtual Switching System (VSS)
- Cisco Adaptive Security Appliance (ASA) firewall context
- Virtual device contexts (VDC)
Exam Topic 5: Virtualization Technologies
Virtualization – building abstracting logical entities from pooled physical resources
- Virtual Machines
- Virtual Switching Systems (VSS) – 2 6500 switches act as one logical virtual switch
- Network Virtualization technology
- Increased efficiencies
- Ups bandwidth up to 1.4 Tb/s
- Limited to 2 physical chassis connected together
- Similar to Stackwise technology (Cisco 3750)
- Virtual Switches
- Virtual Storage Area Networks (VSAN)
- Virtual Private Networks (VPN)
- Virtual Routing and Forwarding (VRF)
- Routing Virtualization technology
- Creates multiple routing tables on the same physical router
- Especially used in MPLS VPN environments – allows multiple networks to coexist in the same MPLS network
- Routing information is in the VRF and is visible to only to routers participating in the same VRF
- Duplicate IP addressing can be used as routing tables are separated
- Virtual Local Area Networks (VLAN)
- Virtual Port Channels (vPC)
- Combines 2 Cisco Nexus 7000 or 5000 switches with 10GE
- The switches act as one logical switch for port channeling
- Enables the spanning-tree topology to appear loop-free although multiple redundant paths are present in the physical topology
- Virtual Device Contexts (VDC)
- Enables a single physical device to host multiple virtual network devices
- Each context is independent – own policy, configuration, interfaces, management accounts
- Context operates similar to standalone devices
- Supported in
- Nexus 7000 (VDC)
- ASA
- 6500 Firewall Services Module (FWSM)
- Cisco Application Control Engine Appliance
- 6500 Application Control Engine Module
- IPS
Server Virtualization
Server virtualization – software technique that abstracts server resources from the hardware.
- The server virtualized hypersupervisor provides the foundation for the virtualized environment on the host
- Hypersupervisor controls hardware and physical resources allocated to virtual machines running on the host
- VMs are unaware of the physical hardware but can use CPU, memory, network infrastructure
Vendors:
- VMware ESX Server
- Citrix XenServer
- Microsoft Hyper-V
Exam Topic 6: Network Virtualization Design Considerations
- Access needs to be controlled
- Path isolation eg using MPLS VPN to provide independent logical paths in a shared network
- Secured edge – the right services should be available to the intended users or groups
CyberSecFaith 