Home > Blogs > The Network Virtualization Blog > Tag Archives: security

Tag Archives: security

The Goldilocks Zone: Security In The Software-Defined Data Center Era

Last week, we spoke at the RSA Conference about a new concept in security – the Goldilocks zone.  With the help of Art Coviello, Executive Chairman of RSA, Chris Young, senior vice president and GM of Cisco’s Security business unit, and Lee Klarich, senior vice president of product management from Palo Alto Networks, we departed from the typical discussions about new controls or the latest threats.  We took the opportunity to lay out what we believe is a fundamental architectural issue holding back substantial progress in cyber security, and how virtualization may just provide the answer. The growing use of virtualization and the move towards software-defined data centers enable huge benefits in speed, scalability and agility; those benefits are undeniable. It may turn out, however, that one of virtualization’s biggest benefits is security. Continue reading

VMware at RSA Conference 2014 (#RSAC)

Summary:logo_rsac

  • Company outlines vision for security in the Software-Defined Data Center
  • Product and partner demonstrations in Booth #1615 to showcase growing security portfolio
  • New PCI-DSS 3.0 and FedRAMP reference architectures to be presented

Throughout its history, RSA Conference has consistently attracted the world’s best and brightest in the security field, creating opportunities for attendees to learn about IT security’s most important issues through first-hand interactions with peers, luminaries and emerging and established companies. Continue reading

Network Security: The VMware NSX Network Virtualization Platform’s Hidden Gem

This week, we announced a new joint solution with our partner Palo Alto Networks that will

Best-In-Class Partners

automate and accelerate the deployment of next-generation network security with centralized management across physical and virtual domains. You can read the full announcement about the forthcoming integrated solution from our companies in our press release here.

For most data center operators, the idea of achieving the operational model of a VM for their data center networks is a top of mind benefit associated with the VMware NSX network virtualization platform. Through this model they can gain greater agility, efficiency and provisioning speed while reducing complexity as they implement a software-defined data center architecture. An often-overlooked feature set, fundamental to VMware NSX, is network security. Continue reading

Networking and Security Session Guide for VMworld 2013

So, you’re a network geek, security ninja or cloud architect and you’re wondering what to attend at VMworld 2013. Well, here’s your handy guide to the sessions at this year’s conference in San Francisco you will be most interested in..

This year we have a full agenda of networking and security track sessions. We recognize that there may be overlap in times and many of these sessions will be repeated so make sure you check the schedule builder to catch any repeats.

Monday August 26, 2013
Networking Track
Session ID Session Title Times Audience
NET5529 VMware NSX: A Customer’s Perspective 2:00 – 3:00 pm Cloud Architect
VI / Network Admin
NET5847 NSX: Introducing the World to VMware NSX 2:30 – 3:30 pm Cloud Architect
VI / Network Admin
NET5716 Advanced VMware NSX Architecture 5:00 – 6:00 pm Cloud Architect
VI / Network Admin
Security
SEC5893 Changing the Economics of Firewall Services in the Software-Defined Center – VMware NSX Distributed Firewall 11:00 – 12:00 pm Firewall Architect
Security Architect
SEC5428 VMware Compliance Reference Architecture Framework Overview 11:00 – 12:00 pm Security Admin
Security Architect
SEC5749 Introducing NSX Service Composer:  The New Consumption Model for Security Services in the SDDC 5:00 – 6:00 pm Security Admin
Security Architect
Tuesday Aug 27, 2013
Networking Track
Session ID Session Title Times Audience
NET5266 Bringing Network Virtualization to VMware environments with NSX 11:00 – 12:00 pm VI / Network Admin
NET5184 Designing Your Next Generation Datacenter for Network Virtualization 11:30 – 12:30 pm Cloud Architect
NET7388-S Network Virtualization: Moving Beyond the Obvious 12:30 – 1:30 pm Cloud Architect
NET5270 Virtualized Network Services Model with VMware NSX 12:30 – 1:30 pm VI / Network Admin
NET5516 An Introduction to Network Virtualization 12:30 –  1:30 pm Cloud Architect
NET5521 vSphere Distributed Switch -  Design and Best Practices 2:00 – 3:00 pm Cloud Architect
NET5584 Deploying VMware NSX Network Virtualization 2:00 – 3:00 pm VI / Network Admin
NET5796 Virtualization and Cloud Concepts for Network Administrators 3:30 – 4:30 pm Network Admin
NET5716 Advanced VMware NSX Architecture 3:30 – 6:00 pm Cloud Architect
VI / Network Admin
NET5525 Real-world Deployment Scenarios for VMware NSX 5:00 – 6:00 pm Cloud Architect
NET5790 Operational Best Practices for VMware NSX 5:00 – 6:00 pm VI / Network Admin
Security
SEC5318 NSX Security Solutions In Action – Deploying, Troubleshooting, and Monitoring for VMware NSX Service Composer 11:00 – 12:00 pm Security Admin
Security Architect
SEC5755 VMware NSX with Next-Generation Security by Palo Alto Networks 1:00 – 2:00 pm Firewall Architect
SEC5253 Get on with Business – VMware Reference Architectures Help Streamline Compliance Efforts 3:30 – 4:30 pm Security Architect
SEC5891 Technical Deep Dive: Build a Collapsed DMZ Architecture for Optimal Scale and Performance Based on NSX Firewall Services 3:30 – 4:30 pm Firewall Architect
SEC5775 NSX PCI Reference Architecture Workshop Session 1 – Segmentation 3:30 – 4:30 pm Security Architect
Wednesday, August 28, 2013
Networking Track
Session ID Session Title Time Audience
NET5520 VMware NSX Integration with OpenStack 11:00 – noon Cloud Architect
NET5522 VMware NSX Extensibility: Network and Security Services from 3rd party vendors 8:00 – 9:00 am Cloud Architect
NET5654 Troubleshooting VXLAN and Network Services in a Virtualized Environment 9:30 – 10:30 am VI / Network Admin
Security Track
SEC5624 VMware Compliance Reference Architecture Framework: Accelerate your Deployments 8:30 – 9:30 am Security Architect – Panel Discussion
SEC5828 Datacenter Transformation with Network Virtualization: Today and Tomorrow 9:30 – 10:30 am Cloud Architect, VI /Network Admin
SEC5750 Security Automation Workflows with NSX 10:00 – 11:00 am Security Architect
SEC5889 Troubleshooting and Monitoring NSX Service Composer (and Partner) Policies 1:00 – 2:00 pm Firewall Admin
SEC5820 NSX PCI Reference Architecture Workshop Session 2 – Privileged User Control 2:30 – 3:30 pm Security Architect
SEC5894 Deploying, Troubleshooting, and Monitoring VMware NSX Distributed Firewall 4:00 – 5:00 pm Firewall Admin
SEC5847 NSX PCI Reference Architecture Workshop Session 3 – Operational Efficiencies 4:00 – 5:00 pm Security Architect
Thursday, August 29, 2013
Networking and Security Tracks
Session ID Session Title Time Audience
NET5520 VMware NSX Integration with OpenStack 11:00  – noon Cloud Architect
NET5522 VMware NSX Extensibility: Network and Security Services from 3rd party vendors 8:00 – 9:00 am Cloud Architect
SEC5582 Multi-site Deployments with Network Virtualization 12:30 – 1:30 pm Cloud Architect

Hands-on Labs @VMworld 2013

The team has built some great lab exercises to see Networking and Security in action:Hands-on Labs @VMworld 2013

  • HOL-SDC-1302: vSphere Distributed Switch from A to Z
  • HOL-SDC-1303: VMware NSX Network Virtualization Platform for VMware environments
  • HOL-SDC-1319 – VMware NSX Network Virtualization Platform

Hope you have a great event. Follow us at @VMwareNSX and let us know if you want to come by and meet us at the booth.

See you in San Francisco.

The VMware Team

What is a Distributed Firewall?

In the post “What is Network Virtualization?” I described a model where the application’s complete L2-L7 virtual network is decoupled from hardware and moved into a software abstraction layer for the express purpose of automation and business agility. In this post I’ll focus on network security, and describe an imminent firewall form factor enabled by Network Virtualization — the Distributed Firewall.

ALL YOUR PACKET ARE BELONG TO US

If InfoSec ruled the world … well, OK, maybe not the world … if InfoSec ruled the data center network design, and if money was no object, we would probably have something like this. Every server in the data center directly connected to its own port on one massive firewall. Every packet sent from every server would be inspected against a stateful security policy before going anywhere. And every packet received by every server would pass one final policy check before hitting the server’s NIC receive buffer. The firewall wouldn’t care about the IP address of the servers, for the simple reason that it’s directly connected to every server. E.g. “The server on this port can talk to the server on that port, on TCP port X”. And if that wasn’t good enough, the firewall knows everything about the servers connected to it, and can create rules around a rich set of semantics. All of this with no performance penalty. That would be awesome, right? Continue reading