VMware NSX provides an integrated Distributed Firewall (DFW), which offers L2-L4 security at the vNIC level and protects East-West traffic, and an Edge Firewall provided by the Edge Services Gateway (ESG), which offers L2-L4 security at the edge and protects North-South traffic in and out of the Software Defined Data Center (SDDC). Continue reading
Category Archives: VMware NSX
The VMware NSX network virtualization platform allows us to build sophisticated networking and security constructs in software. NSX has a rich RESTful API which allows one to build highly flexible and automated environments. In this blog, we’re going to focus on operations and automation; we’ll demonstrate one example of automation around security policies/rules that can be done with NSX.
VMware NSX allows for micro-segmentation with a distributed firewall service (DFW). The DFW is a kernel-level module and allows for enhanced segmentation and security across a virtualized environment. One of the common questions we get asked is, “how do I decide what rules to build?” NSX allows for multiple options to create rules such as the use of NSX flow-monitoring or analyzing traffic patterns via logging to create the rules.
We’ll demonstrate how the VMware NSX DFW can be monitored with the popular Splunk platform. Further, we’ll demonstrate, along with using Splunk for monitoring traffic passing through the DFW, how the NSX REST API can be leveraged to automate workflows and creation of DFW rules. Continue reading
While external perimeter protection requirements will most likely command hardware acceleration and support for the foreseeable future, the distributed nature of the services inside the data center calls for a totally different set of specifications.
Some vendors have recently claimed they can achieve micro-segmentation at data center scale while maintaining a hardware architecture. As I described in my recent article in Network Computing, this is unlikely because you have to factor in speed and capacity. Continue reading
The VMware NSX reference design guide has been a trusted source for NSX implementers to ensure a smooth and successful deployment. The NSX design guide has been incorporated as a baseline in industry recognized and validated architectures such as VCE VxBlock, Federation Enterprise Hybrid Cloud and the VMware Validated Designs.
We are introducing a new updated version of the NSX design guide just in time for the holiday break to add to your yearend reading list. This design guide incorporates tons of feedback we have received from our readers and is based on the learnings of over 200+ production customer deployments of NSX. Continue reading
VMware NSX network virtualization and vRealize Automation deliver a feature rich, dynamic integration that provides the capability to deploy applications along with network and security services at provisioning time while maintaining compliance with the required security and connectivity policies. This native integration highlights the value of NSX when combined with automation and self-service and shows how VMware brings together compute, storage, network and security virtualization to provide a comprehensive software-based solution. Continue reading
VMware NSX equips Armor with the ability to orchestrate each customer in a cloud-like environment while giving them a threat-tight security wrapper via micro-segmentation from day one. Continue reading
VMware NSX has been around for more than two years now, and in that time software-defined networking and network virtualization have become inextricably integrated into modern data center architecture. It seems like an inconceivable amount of progress has been made. But the reality is that we’re only at the beginning of this journey.
The transformation of networking from a hardware industry into a software industry is having a profound impact on services, security, and IT organizations around the world, according to VMware’s Chief Technology Strategy Officer for Networking, Guido Appenzeller.
“I’ve never seen growth like what we’ve found with NSX,” he says. “Networking is going through a huge transition.” Continue reading
In the last post, VMware NSX™ Distributed Firewall installation and operation was verified. In this entry, the FTP (file transfer protocol) ALG (Application Level Gateway) is tested for associating data connections with originating control connections – something a stateless ACL (access control list) can’t do.
An added benefit over stateless ACLs – most compliance standards more easily recognize a stateful inspection-based firewall for access control requirements. Continue reading
In Part 1, I covered traditional segmentation options. Here, I introduce VMware NSX Distributed Firewall for micro-segmentation, showing step-by-step how it can be deployed in an existing vSphere environment.
Now, I have always wanted a distributed firewall. Never understood why I had to allow any more access to my servers than was absolutely necessary. Why have we accepted just network segmentation for so long? I want to narrow down allowed ports and protocols as close to the source/destination as I can.
Which brings me to my new favorite tool – VMware NSX Distributed Firewall. Continue reading
Applications are a vital component of your business…but are your applications and data safe? Have you considered implementing a Zero Trust model at your organization to protect your vital resources? Join this hour-long webcast on Tuesday, September 29, 2015 at 11:00 AM PST / 2:00 PM EST to find out how to leverage micro-segmentation to build a true Zero Trust data center network.
Join our guest speaker, John Kindervag, VP and Principal Analyst at Forrester Research, as he discusses the results of the August 2015 commissioned research study, “Leverage Micro-segmentation To Build A Zero Trust Network”, conducted on behalf of VMware. Kindervag will cover Forrester’s three key findings from the study:
- Security gaps and disconnects are the unfortunate norm across Enterprises today.
- Network virtualization helps to reduce risk and supports a higher-level security strategy.
- Micro-segmentation provided through network virtualization paves the way for implementing a Zero Trust model.
Protecting your data doesn’t have to be difficult! Reserve your spot for this webcast today.
Micro-Segmentation and Security at Tribune Media
And to learn more about how other leading organizations are using micro-segmentation to build a Zero Trust Model, watch the video below from David Giambruno, CIO of Tribune Media.