Segmentation in virtual environments was the topic of a call I was on this morning. It reminded me that virtualization gets a hard time for something that exists in many other areas of “emerging” technology. Take wireless, for example, which now includes co-tenancy multi-mode configurations on devices like the RFS 7000 Wireless RF Switch from Motorola. Although not mentioned in their list of security options, it can support up to 256 WLANs using multi-ESS/BSSID traffic segmentation:
Exceptional level of data and network protection without sacrificing fast roaming, including: WPA2-CCMP (with 802.11i fast roaming options); Stateful Firewall at Layer 2 and Layer 3 for the wired and wireless network with role based configurations; Geofencing, integrated RADIUS Server; IPSec VPN Gateway; Secure Guest Access Provisioning; 802.11w for management frame protection, and 24×7 dedicated security via Motorola’s Wireless IPS, providing the advanced technology required to detect any rogue network, including 802.11n
It seems to me that wireless (and network in general) segmentation is pressing ahead; it will be deployed with little resistance from the standards council other than what has already been said. Cisco will not be asked for guidance. Meanwhile, security professionals and managers are hotly debating whether mixed-mode virtualization should be allowed and some are even asking virtualization vendors to provide guidance.