Cisco’s Unified Computing System (UCS) Has Security Gaps

Zeus Kerravala, analyst and senior vice president with Yankee Group, told eWEEK that Cisco certainly is expert at some aspects of security but isn’t particularly known for others.

“Cisco sells more security than just a couple of companies,” Kerravala told eWEEK. “Their security business is huge. A lot of it is VPN and firewall security, however.”

Can Cisco Provide the Right Kind of Security?

But is this the kind of expertise that enterprises will be able to depend upon during the crucial production workloads that can make or break a business?

“This is an integrated solution, so I guess if you crack part of it, you crack all of it,” Kerravala said. “There are other ways around this; I’m sure you could encrypt the disks. Looking back, though, I am a little surprised that with all the third-party vendors they brought in, there wasn’t a security vendor that was part of it. It would have been good to have had a third party legitimise the security of it.”

Cisco is a good security company when it comes to securing transport, Kerravala said, but has he added that Cisco has never been proven to secure the data itself.

“All a (knowledgeable) hacker has to do to get into this UCS system is to hack into the (Cisco) switch, which controls the data flow and the data itself,” Desai said. “For some (sophisticated) hackers, this is not that hard to do.”

What asked about this, Brian Schwartz, Cisco director of product management for the UCS platform, pointed out the EMC-RSA relationship to eWEEK as a possible option for potential customers. Nonetheless, RSA is not a part of the original UCS initiative. But it is certainly possible that Cisco will bring in RSA as a security partner at a later date.

It also turns out that for other specific kinds of security that might be required in a UCS deployment, customers are expected to use their own existing server, storage and management security vendor, not one provided by Cisco itself.

Schwartz told eWEEK; “When we go out and talk to customers (about UCS), we tell them this; there are things in this system that we (provide that) add value, and there’s a bunch of stuff that’s essentially unchanged.”

“There are a lot of standard best practices and solutions that we don’t factor into solving customers’ challenges. Built into the UCS Manager, however, we do have a sophisticated RBAC (role-based access control ) security system that handles both internal and external (network) authentication, that we’ve spent a lot of time on.

“This is very granular, to give people appropriate privileges, and also to support a full set of (standard) authentication devices. It supports LDAP (Active Directory authentication for server administrators) and others; on the network side, customers often use a Radius-type server or something similar. … Most customers already have one of these systems in place, and what they want is for our system to fit into it gracefully,” Schwartz said.

Conclusion

So, the bottom line is this: In the UCS scheme, Cisco will provide the built-in network protection through its UCS Manager.

However, if an enterprise wants to encrypt storage disks or desires high-end protection for its application, database, Web, or any other type of servers, then the customer is on their own.