Home > Blogs > The Network Virtualization Blog > Tag Archives: security

Tag Archives: security

A Customer Perspective: VMware NSX, Micro-Segmentation & Next-Generation Security

VMware NSX and Palo Alto Networks are transforming the data center by combining the Columbia-S12_WTR_MGHI_564fast provisioning of network and security services with next-generation security protection for East-West traffic. At VMworld, John Spiegel, Global IS Communications Manager for Columbia Sportswear will take the stage to discuss their architecture, their micro-segmentation use case and their experience. This is session SEC1977 taking place on Tuesday, Aug 26, 2:30-3:30 p.m.

Micro-segmentation is quickly emerging as one of the primary drivers for the adoption of NSX. Below, John shares Columbia’s security journey ahead of VMworld

+++++++++++++++++++++++++++++++++++++++

When I started at Columbia, we were about a $500 million company. Now we’re closing in on $2 billion and hoping to get to $3 billion rather quickly. So as you can imagine, our IT infrastructure has to scale with the business. In 2009, we embarked on a huge project to add a redundant data center for disaster recovery. As part of the project, we partnered with VMware and quickly created a nearly 100% virtualized datacenter.  It was a huge success. But something was missing; a security solution that matched our virtualized data center. There just wasn’t a great way to insert security in order to address east-west traffic between VMs, nor have the security tied to the applications as they moved around dynamically.

 We set out looking for a solution to bridge that gap.

To address our security needs in the data center, we looked at several different strategies and at that time, there really weren’t any good solutions. Many of the solutions were physical in nature. They required us to do some crazy configurations to apply security. We looked at the Cisco 6500 firewall blades, Juniper’s virtual solution and a few other lightweight security offerings, but they just didn’t have what we needed. The solutions at the time didn’t have what we needed. We kept looking.

At VMworld last year, we were introduced to VMware NSX. I saw the power of the platform, and it all started to click. And when Palo Alto Networks (our perimeter firewall vendor) announced they were a major partner, and that their technology integrated with NSX to give us an additional level of security, things really came together for us. The ability to drive security down into the infrastructure, down to the kernel level, and then take advantage of Palo Alto Networks next generation security was very attractive. Doing micro-segmentation with NSX, and then having the option of inserting next generation firewalling services from Palo Alto Networks in those areas of the business that require them, will really help us improve our overall security posture. A solution like this is where we need to be. These tools give us the ability to manage both physical and virtual security policies centrally with Palo Alto Networks management tool Panorama. I know that when workloads move the security and policies follow the workloads.

To me, that’s what it is about – advanced security inside the data center, plus automation via software that’s completely independent of the underlying physical infrastructure. With solutions such as NSX and the integration with Palo Alto Networks to provide advanced security services, we are going put security back in the data center, the right way.=

Jspiegel

John Spiegel
Columbia Sportswear

 

Micro-Segmentation: VMware NSX’s Killer Use Case

The advantages a software-defined data center, using network virtualization as a core underpinning, include service delivery speed, operational efficiency, reduced hardware dependency and lower cost. However, by far the most popular use case by customers thus far has been the use of NSX for network microsegmentation. Why? Because perimeter-centric network security has proven insufficient, and micro-segmentation has to date been operationally and economically infeasible. With NSX, security teams, in partnership with their network and virtualization teams, are benefiting from network micro-segmentation to begin to transform their data center security architecture. Then read the VMware SDDC Micro-Segmentation White Paper.

Rod

The Goldilocks Zone: Security In The Software-Defined Data Center Era

Last week, we spoke at the RSA Conference about a new concept in security – the Goldilocks zone.  With the help of Art Coviello, Executive Chairman of RSA, Chris Young, senior vice president and GM of Cisco’s Security business unit, and Lee Klarich, senior vice president of product management from Palo Alto Networks, we departed from the typical discussions about new controls or the latest threats.  We took the opportunity to lay out what we believe is a fundamental architectural issue holding back substantial progress in cyber security, and how virtualization may just provide the answer. The growing use of virtualization and the move towards software-defined data centers enable huge benefits in speed, scalability and agility; those benefits are undeniable. It may turn out, however, that one of virtualization’s biggest benefits is security. Continue reading

VMware at RSA Conference 2014 (#RSAC)

Summary:logo_rsac

  • Company outlines vision for security in the Software-Defined Data Center
  • Product and partner demonstrations in Booth #1615 to showcase growing security portfolio
  • New PCI-DSS 3.0 and FedRAMP reference architectures to be presented

Throughout its history, RSA Conference has consistently attracted the world’s best and brightest in the security field, creating opportunities for attendees to learn about IT security’s most important issues through first-hand interactions with peers, luminaries and emerging and established companies. Continue reading

Network Security: The VMware NSX Network Virtualization Platform’s Hidden Gem

This week, we announced a new joint solution with our partner Palo Alto Networks that will

Best-In-Class Partners

automate and accelerate the deployment of next-generation network security with centralized management across physical and virtual domains. You can read the full announcement about the forthcoming integrated solution from our companies in our press release here.

For most data center operators, the idea of achieving the operational model of a VM for their data center networks is a top of mind benefit associated with the VMware NSX network virtualization platform. Through this model they can gain greater agility, efficiency and provisioning speed while reducing complexity as they implement a software-defined data center architecture. An often-overlooked feature set, fundamental to VMware NSX, is network security. Continue reading

Networking and Security Session Guide for VMworld 2013

So, you’re a network geek, security ninja or cloud architect and you’re wondering what to attend at VMworld 2013. Well, here’s your handy guide to the sessions at this year’s conference in San Francisco you will be most interested in..

This year we have a full agenda of networking and security track sessions. We recognize that there may be overlap in times and many of these sessions will be repeated so make sure you check the schedule builder to catch any repeats.

Monday August 26, 2013
Networking Track
Session ID Session Title Times Audience
NET5529 VMware NSX: A Customer’s Perspective 2:00 – 3:00 pm Cloud Architect
VI / Network Admin
NET5847 NSX: Introducing the World to VMware NSX 2:30 – 3:30 pm Cloud Architect
VI / Network Admin
NET5716 Advanced VMware NSX Architecture 5:00 – 6:00 pm Cloud Architect
VI / Network Admin
Security
SEC5893 Changing the Economics of Firewall Services in the Software-Defined Center – VMware NSX Distributed Firewall 11:00 – 12:00 pm Firewall Architect
Security Architect
SEC5428 VMware Compliance Reference Architecture Framework Overview 11:00 – 12:00 pm Security Admin
Security Architect
SEC5749 Introducing NSX Service Composer:  The New Consumption Model for Security Services in the SDDC 5:00 – 6:00 pm Security Admin
Security Architect
Tuesday Aug 27, 2013
Networking Track
Session ID Session Title Times Audience
NET5266 Bringing Network Virtualization to VMware environments with NSX 11:00 – 12:00 pm VI / Network Admin
NET5184 Designing Your Next Generation Datacenter for Network Virtualization 11:30 – 12:30 pm Cloud Architect
NET7388-S Network Virtualization: Moving Beyond the Obvious 12:30 – 1:30 pm Cloud Architect
NET5270 Virtualized Network Services Model with VMware NSX 12:30 – 1:30 pm VI / Network Admin
NET5516 An Introduction to Network Virtualization 12:30 –  1:30 pm Cloud Architect
NET5521 vSphere Distributed Switch -  Design and Best Practices 2:00 – 3:00 pm Cloud Architect
NET5584 Deploying VMware NSX Network Virtualization 2:00 – 3:00 pm VI / Network Admin
NET5796 Virtualization and Cloud Concepts for Network Administrators 3:30 – 4:30 pm Network Admin
NET5716 Advanced VMware NSX Architecture 3:30 – 6:00 pm Cloud Architect
VI / Network Admin
NET5525 Real-world Deployment Scenarios for VMware NSX 5:00 – 6:00 pm Cloud Architect
NET5790 Operational Best Practices for VMware NSX 5:00 – 6:00 pm VI / Network Admin
Security
SEC5318 NSX Security Solutions In Action – Deploying, Troubleshooting, and Monitoring for VMware NSX Service Composer 11:00 – 12:00 pm Security Admin
Security Architect
SEC5755 VMware NSX with Next-Generation Security by Palo Alto Networks 1:00 – 2:00 pm Firewall Architect
SEC5253 Get on with Business – VMware Reference Architectures Help Streamline Compliance Efforts 3:30 – 4:30 pm Security Architect
SEC5891 Technical Deep Dive: Build a Collapsed DMZ Architecture for Optimal Scale and Performance Based on NSX Firewall Services 3:30 – 4:30 pm Firewall Architect
SEC5775 NSX PCI Reference Architecture Workshop Session 1 – Segmentation 3:30 – 4:30 pm Security Architect
Wednesday, August 28, 2013
Networking Track
Session ID Session Title Time Audience
NET5520 VMware NSX Integration with OpenStack 11:00 – noon Cloud Architect
NET5522 VMware NSX Extensibility: Network and Security Services from 3rd party vendors 8:00 – 9:00 am Cloud Architect
NET5654 Troubleshooting VXLAN and Network Services in a Virtualized Environment 9:30 – 10:30 am VI / Network Admin
Security Track
SEC5624 VMware Compliance Reference Architecture Framework: Accelerate your Deployments 8:30 – 9:30 am Security Architect – Panel Discussion
SEC5828 Datacenter Transformation with Network Virtualization: Today and Tomorrow 9:30 – 10:30 am Cloud Architect, VI /Network Admin
SEC5750 Security Automation Workflows with NSX 10:00 – 11:00 am Security Architect
SEC5889 Troubleshooting and Monitoring NSX Service Composer (and Partner) Policies 1:00 – 2:00 pm Firewall Admin
SEC5820 NSX PCI Reference Architecture Workshop Session 2 – Privileged User Control 2:30 – 3:30 pm Security Architect
SEC5894 Deploying, Troubleshooting, and Monitoring VMware NSX Distributed Firewall 4:00 – 5:00 pm Firewall Admin
SEC5847 NSX PCI Reference Architecture Workshop Session 3 – Operational Efficiencies 4:00 – 5:00 pm Security Architect
Thursday, August 29, 2013
Networking and Security Tracks
Session ID Session Title Time Audience
NET5520 VMware NSX Integration with OpenStack 11:00  – noon Cloud Architect
NET5522 VMware NSX Extensibility: Network and Security Services from 3rd party vendors 8:00 – 9:00 am Cloud Architect
SEC5582 Multi-site Deployments with Network Virtualization 12:30 – 1:30 pm Cloud Architect

Hands-on Labs @VMworld 2013

The team has built some great lab exercises to see Networking and Security in action:Hands-on Labs @VMworld 2013

  • HOL-SDC-1302: vSphere Distributed Switch from A to Z
  • HOL-SDC-1303: VMware NSX Network Virtualization Platform for VMware environments
  • HOL-SDC-1319 – VMware NSX Network Virtualization Platform

Hope you have a great event. Follow us at @VMwareNSX and let us know if you want to come by and meet us at the booth.

See you in San Francisco.

The VMware Team

What is a Distributed Firewall?

In the post “What is Network Virtualization?” I described a model where the application’s complete L2-L7 virtual network is decoupled from hardware and moved into a software abstraction layer for the express purpose of automation and business agility. In this post I’ll focus on network security, and describe an imminent firewall form factor enabled by Network Virtualization — the Distributed Firewall.

ALL YOUR PACKET ARE BELONG TO US

If InfoSec ruled the world … well, OK, maybe not the world … if InfoSec ruled the data center network design, and if money was no object, we would probably have something like this. Every server in the data center directly connected to its own port on one massive firewall. Every packet sent from every server would be inspected against a stateful security policy before going anywhere. And every packet received by every server would pass one final policy check before hitting the server’s NIC receive buffer. The firewall wouldn’t care about the IP address of the servers, for the simple reason that it’s directly connected to every server. E.g. “The server on this port can talk to the server on that port, on TCP port X”. And if that wasn’t good enough, the firewall knows everything about the servers connected to it, and can create rules around a rich set of semantics. All of this with no performance penalty. That would be awesome, right? Continue reading