Cisco Nexus v1000 vs VShield

hombreguate · ‎07-28-2011

I have my VMWare hosts and VM on a single vlan (server vlan). I like to apply security to this vlan, but not sure what's better Cisco Nexus 1000v or VShield? Can anyone recommend one or the other?

logiboy123 · ‎07-28-2011

The Nexus requires Enterprise Plus licensing, so if you don't have that then this is a no go.

vShield is more about bringing firewalls to "zones" or "groups" of VM's. The Nexus is about handing over control of your networking infrastructure back to the networking guys.

If you want to VM's on the same hosts/cluster with firewalls in between then this is what you use vShield for. If you want to have a fully fledged Cisco router instead of a standard or distributed vSwitch then this is what the Nexus is for.

It would be easier to give you an answer if you could tell us what it is you are trying to accomplish.

Regards,

Paul

hombreguate · ‎07-28-2011

Thank Lobi, this helps. Now ,what I'm trying to accomplish is the following, I have 10 VLANs, 9 for Workstations across my building, and 1 VLAN dedicated for my servers that serve my users. The server VLAN is a Class C/24. 1) I'd like to secure the Server VLAN, and Isolate Web Servers, and isolate 2 Tentants whom I host VMs on my ESx host. I like my to have my other VLANs access the server VLAN, and close it to the outside world, only open 80, 22, 443 for my web servers, and isolate my two tentants so their servers can't to each other or mine.

logiboy123 · ‎07-28-2011

vShield is probably the best use case for this situation. Having said that it might be worth engaging a vendor to implement the solution or at least design it for you.

Regards,

Paul

All

Cisco Nexus v1000 vs VShield