Cisco’s Unified Computing System (UCS) Has Security Gaps

Cisco Systems made big news March 16 when it boldly announced that it was moving into the full-service data center systems business with its Unified Computing System (UCS).

But in all the hubbub of the UCS product launch, Cisco left something important out of the conversation; how is security for UCS going to be handled?

It turns out that there are in fact, some real questions that need to be addressed.

To review, the Unified Computing System consists of a new data start-up architecture, a new application server (the Cisco UCS B-Series), and a new management software and services package. Cisco partners are providing most of the UCS components.

Intel’s Xeon 5500 processors make up the UCS computing foundation. Long-time Cisco partners EMC and NetApp provide the storage hardware. BMC Software brings the only provisioning, change management and configuration software in the stack. Customers will have a choice of either VMware or Microsoft Hyper-V virtualisation layers; systems integrator Accenture will help shape the individual product packages for customers.

Now we’re back to that glaring omission involving security. With the main news focus being on Cisco entering a huge new business, little or nothing was said about the security aspect at the March 16 product launch.

Although EMC is a major partner in the storage component, its RSA Security subsidiary was not mentioned as being a part of this initiative. Neither were Symantec, McAfee, Iron Mountain or any other well-known security vendor.

What Will Secure Cisco UCS?

So, potential customers are wondering, who will be guarding the fort? How much security will Cisco itself provide?

“The idea of uniting compute, storage and networking capabilities as one system requires a common backbone—a fabric—so that administrators can ‘see’ and control what’s happening throughout the system,” Vik Desai, a veteran virtualisation expert and the new CEO of Toronto-based Liquid Computing, told eWEEK.

Liquid Computing is a 3-year-old start-up that will be among Cisco’s competitors in the unified computing space.

“This requires an approach that goes beyond the simple connectivity offered by a networking provider that’s simply repurposing existing technology used in ‘cable-once’ scenarios,” Desai said. “I, for one, doubt that a vendor that has focused for 20-plus years on routing or switching can hope to appreciate, interpret or resolve the security implications resulting from the establishment of a broad networking fabric.”

To deliver a full solution, especially in a cloud environment, the fabric must be intelligent enough to introduce new levels of application-aware security that common standards don’t deliver, Desai said.

“The big players haven’t even brought up the issue of security as yet, so I suspect that they haven’t figured it out,” he said.