Cisco Adaptive Security Virtual Appliance (ASAv)

Agile Security for Virtual and Cloud Environments

The Adaptive Security Virtual Appliance is a virtualized network security solution based on the market-leading Cisco ASA 5500-X Series firewalls. It supports both traditional and next-generation software-defined network (SDN) and Cisco Application Centric Infrastructure (ACI) environments to provide policy enforcement and threat inspection across heterogeneous multisite environments.

Features and Capabilities

Purpose Built for Data Center Security

The Adaptive Security Virtual Appliance brings full ASA firewall and VPN capabilities to virtualized environments to help safeguard traffic and multitenant architectures. Optimized for data center deployments, it’s designed to work in multiple hypervisor environments, reduce administrative overhead, and increase operational efficiency.

Virtual-switch independent, it may be deployed in Cisco, hybrid, and non-Cisco based data centers. VMware, KVM, Hyper-V, Amazon Web Services, and other cloud platforms offer flexibility and choice.

Predetermined configurations accelerate and simplify security service provisioning to match the speed of application deployment. These configurations provide the appliance with critical security functions that dynamically scale to protect assets as business demands change.

Fully Integrated ACI Security

The appliance has been fully and transparently integrated into the fabric of the next-generation Application Centric Infrastructure data center architecture. For those deployments, the Cisco Application Policy Infrastructure Controller provides a single point of control for both network and security management. It can provision the appliance’s security as a service, manage policy, and monitor the entire network and security environment for a unified view. This approach removes the limitations of traditional network-oriented security solutions, allowing for significantly streamlined provisioning.

In the ACI topology-independent environment, ASAv services are managed as a pool of security resources. These resources can be selected and attached to specific applications or transactions to provide dynamic, scalable, policy-based security.

Management Options

The virtual appliance, along with the physical ASA 5500-X Next Generation Firewalls can be managed by security administrators as a pool of resources that scale on demand. It provides programmable automation for deployment and management and uses a common policy-based operational model across physical and virtual environments, reducing cost and complexity.

Management options include the following.

Representational State Transfer (REST) application programming interface (API): This API simplifies device management; integrating the virtual appliance with custom policy orchestration systems used in SDN environments.

Cisco Security Manager: You can use this solution for comprehensive multi-device deployment and management of both the virtual appliance and the physical ASA 5500-X appliances. You gain a consolidated view of the entire firewall and VPN policy across the network.

Cisco Adaptive Security Device Manager: This no-cost GUI-based single-device management option can be used for configuring, monitoring, and troubleshooting the virtual and physical appliances.

Command-line interface: A flexible command-based management interface uses scripting for quick provisioning and automation of the appliances.

Additional Resources

Let Us Help