The integration, announced by vArmour today, comes on the heels of the startup’s partnership with Hewlett Packard Enterprise (HPE), in which vArmour will be able to act as part of the composable infrastructure that HPE is developing.
Check out our full RSA Conference 2016 Coverage.
ACI programs virtual network connections, and its scope can include devices that aren’t Cisco‘s. What vArmour is announcing is that its software can be part of that mix, like a service added to ACI.
vArmour’s Distributed Security System (DSS) is distributed, as you might guess, providing Layer 7 visibility into the network.
In the case of ACI, vArmour can do something else more specific: It can provide a security-level view of what’s happening to an endpoint group. In ACI, endpoints that would fall under the same policy rules are grouped together. Then, the Application Policy Infrastructure Controller (APIC) sends a contract to the group rather than to individual endpoints. It all adds up to an intent-driven architecture.
vArmour would come in when something starts going afoul of policy. “I need the ability to have monitoring and control within that group,” says Keith Stewart, VP of strategic markets and business development.
DSS could detect which servers in an endpoint group are acting suspiciously, for instance. DSS could notify the APIC, which could send a new policy quarantining those servers.
vArmour and HPE
Hyperconverged infrastructure combines servers and storage in a modular way, so that the two can be scaled independently. Composable infrastructure takes the idea a step further: Pools of computing and storage are just there, in the data center, and applications spin up as much of each as they need.
There are cost savings to be had here, but the concepts also target efficiency. Convergence means “resources can be deployed to enable organizations to accelerate time to business value, by unifying resource silos into adaptive pools of assets that can be shared by many and managed as an overall service,” writes analyst Scott Raynovich in the SDxCentral report, “The Future of the Converged Data Center.”
The idea here is that vArmour’s security software can become a resource pool as well.
That’s a nice fit for DSS’s distributed nature, but it also might be a better way to think about security in general, says vArmour’s Stewart: “Security should be thought of as a resource, not a gateway that you drive traffic through.”
Photo: By Patrick McFall on Flickr, CC2.0 license. Photo has been cropped.