Episode 6

From AstroArch

Virtualization Security Round Table Podcast Episode 6 show notes

  • Unified Fabric

Back to main podcast site

Go to Talkshoe to download or listen to the podcast. Soon to be available also on iTunes.

Our guest panelist was Steve Phillips of Cisco. Thank you for joining us Steve.

This podcast ended up being a Q&A about Unified Fabric and related security issues. So here is what we learned:

  • Unified fabric combines both FCoE and standard Network
  • Unified fabric is split into minimally 8 channel
  • 5Gbs of a 10Gb connection is reserved for the FCoE channel
  • Unified fabric is an endpoint technology. In other words you have a straight line connection between the Nexus switch and the CNA within the host
    • There is no way to put a firewall between the switch and CNA as the FCoE would not pass through the firewall
    • To use a firewall you need to attach to it the Nexus switch and send all traffic to it before sending the traffic down the wire to the host or place a firewall before the Nexus switch.
  • The Nexus switch has FC out ports
  • Only the Nexus 7000 switch supports Link Encryption but does not connected to CNAs
  • Nexus 1000V fits into this by passing packets with a VN-tag (to which they are trying to make an RFC and get other organizations involved).

We did really hedge around the possibility of being able to sniff the FCoE data but to do so you would need to either compromise the switch or compromise the host involved. The link between the two is safe.

We were on the fence on whether NPIV (N_port ID Virtualization) would be an issue.

Panelist BIOs

  • Steve Phillips works in Cisco Data Center solutions team focused on solutions architectures, including virtualiation and security. He is a frequent presenter at conferences and has published a number of both technical papers and patents. Steve joined Cisco in 1996 where he has held a number of technical as well as consulting engineering positions within Cisco, and is also a 12 year CCIE veteran (#1504).
  • Michael Berman is the CTO of Catbird, with over 20 years experience in system engineering, architecture, design and implementation of secure computing. Michael's experience includes implementation of C2 UNIX; Fortune 100 enterprise security; and expert support in the prosecution of computer crimes. He is a member of the Electronic Crimes Task Force and High-Tech Crime Investigation Association and a Certified Information Security Systems Professional (CISSP). Michael is a frequent speaker on the topic of virtualization and security.
  • Chris Hoff is Unisys Corporation’s Systems & Technology division chief security architect. Hoff has over 15 years of experience in high-profile global roles in network and information security architecture, engineering, operations and management. Prior to Unisys, he served as Crossbeam Systems' chief security strategist, was the CISO for a $25 billion financial services company and was founder/CTO of a national security consultancy and led the security engineering team of one of the first global managed network security service providers. Hoff is a prolific blogger and sought after speaker at leading security conferences.
  • Iben Rodriguez is an Infrastructure Consulting Professional with over 20 years experience working in complex IT environments. Iben has an extensive knowledge of VMware-specific environments having spent 2 years working for VMware in various roles. Iben has led and delivered very complex projects for Fortune 500 companies, including Switzerland based pharmaceutical companies, one of the world's largest online auction companies and a large city government in southern California. Iben is considered one of the foremost industry experts in VMware-based security and infrastructure design.
  • Edward L. Haletky is the author of VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers. Haletky owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development. Haletky is also a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions, prolific blogger, and is working on new books on Virtualization.

Comments

Name (required):

Website:

Comment:

Talk:Episode 6

Back to main podcast site

Podcast audio improvements by Tim Pierson of DataSentry, Inc.

Retrieved from "http://www.astroarch.com/wiki/index.php/Episode_6"