Cisco Virtual Network Management Center (VNMC) is a virtual appliance that provides centralized device and security policy management. Designed for enterprise and multi-tenant cloud deployments, Cisco VNMC offers transparent, scalable, and automation-centric management for securing virtualized data center and cloud environments. With both a built-in GUI and an XML API, centralized management of Cisco VSG can be performed by an administrator or programmatically. Cisco VNMC is built on an information-model architecture in which each managed device is represented by its subcomponents, which are parametrically defined. This model-centric approach enables a flexible and simple mechanism to securing virtualized infrastructure with Cisco VSG.
Cisco VNMC uses security profiles for template-based configuration of security policies. A security profile is a collection of security policies that can be predefined and applied on an on-demand basis at the time of virtual machine instantiation. This profile-based approach significantly simplifies authoring, deployment, and management of security policies, including in a dense multi-tenant environment, while enhancing deployment agility and scaling. Security profiles also help reduce administrative errors and simplify audits.
The XML API for Cisco VNMC facilitates coordination with third-party provisioning tools for programmatic provisioning and management of Cisco VSG. By providing visual and programmatic controls, Cisco VNMC enables the security operations team to author and manage security policies for virtualized infrastructure and enhances collaboration with the server and network operations teams.
Cisco VNMC implements an information-model architecture in which each managed device, such as Cisco VSG, is represented by the device's object-information model. The model-based architecture enables: stateless managed devices: by abstracting security policies and object configurations into a centralized repository. Dynamic device allocation: a centralized resource management function that manages pools of devices that are commissioned in service and a pool of devices that are available for commissioning. This approach simplifies large-scale deployments because managed devices can be pre-instantiated and then configured on demand, and devices can be allocated and deallocated dynamically across commissioned and noncommissioned pools. Scalable management: a distributed management-plane function implemented using an embedded agent on each managed device that enables greater scalability.
A security profile represents Cisco VSG's security policy configuration in a profile. It simplifies provisioning, reduces administrative errors during security policy changes, reduces audit complexities, and enables a highly scaled-out data center environment.
Stateless device provisioning
The management agent in Cisco VSG is stateless, receiving information from Cisco VNMC. It enhances scalability; provides robust end-point failure recovery without loss of configuration state.
Security policy management
Security policies are authored, edited, and provisioned centrally. It simplifies operation and management of security policies; helps ensure that security intent is accurately representated in the associated security policies.
Context-aware security policies
Cisco VNMC obtains virtual machine contexts from VMware vCenter. It allows security administrators to institute granular policy controls across the entire virtual infrastructure.
Dynamic security policy and zone provisioning
When virtual machines are dynamically instantiated by server administrators and appropriate port profiles applied, their association with trust zones is also established. It helps enable security profiles to stay aligned with rapid changes in the virtual data center.
Multi-tenant (scale-out) management
Cisco VNMC is designed to manage Cisco VSG and security policies in a dense multi-tenant environment, so that administrators can rapidly add and delete tenants and update tenant-specific configurations and security policies. It reduces administrative errors, helps ensure segregation of duties in administrative teams, and simplifies audit procedures.
Role-based access control (RBAC)
RBAC simplifies operation tasks across different types of administrators, while allowing subject-matter experts to continue with their normal procedures. It reduces administrative errors; simplifies auditing requirements.
XML-based APIProduct Highlights
Cisco VNMC XML API allows external system management and orchestration tools to programmatically provision Cisco VSG. It allows use of best-in-class management software; offers transparent and scalable operation management.
- Rapid and scalable deployment through dynamic, template-driven policy management based on security profiles
- Transparent operation management through an XML API that enables programmatic integration with third-party management and orchestration tools
- Collaboration across security and server teams while maintaining administrative separation and reducing errors via a consistent and repeatable deployment model