BACKUP SECURITY WITH CSW & ACI: ABOUT THE CLIENT
The customer is a global engineering, procurement, consulting, and construction company.
The customer was facing a risk management compliance business requirement to protect their physical servers, virtual servers, and Cohesity¹ data backup appliances. The key challenge the customer faced is that, since Cohesity uses locked-down appliances, the customer could not deploy any software agents on the Cohesity servers. This limited the ability to detect and segment traffic to or from the Cohesity server, using only a workload protection system like Cisco Secure Workload (CSW).
CISCO & BTA SOLUTION
CISCO SECURE WORKLOAD & APPLICATION CENTRIC INFRASTRUCTURE
BTA used their proven, repeatable S.I.M.P.L.E. methodology, along with Cisco Secure Workload and Cisco Application-Centric Infrastructure (ACI), to microsegment the customer’s Cohesity applications. The Cohesity appliances were connected directly to the customer’s ACI fabric, to provide automated, high-speed connectivity. BTA exported network flow data from ACI, and workload flow data from CSW agents on the customer’s servers, to gain visibility into all traffic to and from the Cohesity appliances. With the combination of those two solutions, we were able to view the complete traffic picture, build effective and accurate policies, and enforce discrete application segmentation.
CSW policy was built, analyzed, and approved by the customer in accordance with BTA’s S.I.M.P.L.E. methodology. This policy was enforced at the servers using CSW software agents. For workloads without CSW agents, the policy was enforced in the network fabric using ACI policy objects: End Point Groups and Contracts.
Using the BTA process, architects, engineers, and the unique capabilities of Cisco Secure Workload, BTA implemented segmentation for the customer across 100 workloads to better protect their environments from external threats. At BTA we use our S.I.M.P.L.E. process to effectively plan engagements with clients and deliver best-in-class time to value (TTV).
¹Cohesity is a combination of an appliance and an application. The solution combines a rack of servers that will back up a set of applications where the Cohesity agent is deployed. The Cohesity backup appliance is highly robust, highly available, and highly resilient.