Arista Debuts Data Center Network Protection

Protects so-called 'east-west traffic' inside the data center.

Mitch Wagner, Executive Editor, Light Reading

October 6, 2015

3 Min Read
Arista Debuts Data Center Network Protection

Arista on Tuesday announced network software designed to help data center operators protect so-called "east-west traffic" between devices inside a data center.

Arista Networks Inc. CloudVision Macro-Segmentation Services are intended to complement traditional security architectures, which work at the perimeter protecting traffic flowing into and out of the data center -- the "north-south traffic."

"Software at the perimeter is great, but there's a soft inner core where there's no security," Arista principal engineer Lincoln Dale tells Light Reading. [Editor's note: This helpful diagram illustrates the principle.]

New IP networks see most traffic in the east-west direction, inside the data center. For example, end-users running an app inside a browser will connect to a web server, which in turn connects to an application and database server, all communicating with each other inside the data center, Dale says.

Without east-west protection, malware that penetrates data centers can operate as a persistent threat inside the network.

Traditional network architectures protect against those risks by ensuring that east-west traffic passes through firewalls and other security devices, but that makes network architectures rigid and hard to scale, Dale says.

Arista's Macro-Segmentation logically places firewalls and application delivery controllers in the path of east-west traffic, with the ability to change with changing policies, Dale says.

If that sounds familiar it's because VMware Inc. (NYSE: VMW) offers similar technology, which it calls micro-segmentation. (See VMware Upgrades NSX, Beefs Up OpenStack Support.)

But the Arista technology is different in that VMware works only on virtual machines, whereas Arista works on both virtual and physical networks. And Arista and VMware are partnering, on Macro-Segmentation, along with Check Point Software Technologies Ltd. (Nasdaq: CHKP), F5 Networks Inc. (Nasdaq: FFIV), Fortinet Inc. and Palo Alto Networks Inc.

Find out more about key developments related to the systems and technologies deployed in data centers on Light Reading's data center infrastructure channel

Macro-Segmentation uses the native APIs for security devices to communicate with those devices, so device makers don't need to write new software to work with Macro-Segmentation, Dale says.

Macro-Segmentation will be available in the first half of 2016, included as part of the subscription CloudVision software, which allows network operators to manage all their Arista switches through a single tool. (See Arista Launches Network-Wide Cloud Automation.)

The new security software by Arista comes as arch-rival Cisco Systems Inc. (Nasdaq: CSCO) is making a big push into protecting networks. Cisco says it can integrate security into a comprehensive architecture of hardware, software and services. Cisco introduced an all-purpose security service that can run applications for firewall, deep packet inspection and other security services. And it paid $635 million for security business OpenDNS, which provides a cloud platform helping IT departments identify and respond to attacks targeting the Domain Name System. (See Cisco Launches All-Purpose Security Server and Cisco to Buy Security Expert for $635M.)

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected].

About the Author(s)

Mitch Wagner

Executive Editor, Light Reading

San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.

He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.

Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.

Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like