VMware NSX network virtualization and vRealize Automation deliver a feature rich, dynamic integration that provides the capability to deploy applications along with network and security services at provisioning time while maintaining compliance with the required security and connectivity policies. This native integration highlights the value of NSX when combined with automation and self-service and shows how VMware brings together compute, storage, network and security virtualization to provide a comprehensive software-based solution. Continue reading
Tag Archives: software-defined data center
What will be our security challenge in the coming decade? Running trusted services even on untrusted infrastructure. That means protecting the confidentiality and integrity of data as it moves through the network. One possible solution – distributed network encryption – a new approach made possible by network virtualization and the software-defined data center that addresses some of the current challenges of widespread encryption usage inside the data center. Continue reading
In the last post, VMware NSX™ Distributed Firewall installation and operation was verified. In this entry, the FTP (file transfer protocol) ALG (Application Level Gateway) is tested for associating data connections with originating control connections – something a stateless ACL (access control list) can’t do.
An added benefit over stateless ACLs – most compliance standards more easily recognize a stateful inspection-based firewall for access control requirements. Continue reading
In Part 1, I covered traditional segmentation options. Here, I introduce VMware NSX Distributed Firewall for micro-segmentation, showing step-by-step how it can be deployed in an existing vSphere environment.
Now, I have always wanted a distributed firewall. Never understood why I had to allow any more access to my servers than was absolutely necessary. Why have we accepted just network segmentation for so long? I want to narrow down allowed ports and protocols as close to the source/destination as I can.
Which brings me to my new favorite tool – VMware NSX Distributed Firewall. Continue reading
Applications are a vital component of your business…but are your applications and data safe? Have you considered implementing a Zero Trust model at your organization to protect your vital resources? Join this hour-long webcast on Tuesday, September 29, 2015 at 11:00 AM PST / 2:00 PM EST to find out how to leverage micro-segmentation to build a true Zero Trust data center network.
Join our guest speaker, John Kindervag, VP and Principal Analyst at Forrester Research, as he discusses the results of the August 2015 commissioned research study, “Leverage Micro-segmentation To Build A Zero Trust Network”, conducted on behalf of VMware. Kindervag will cover Forrester’s three key findings from the study:
- Security gaps and disconnects are the unfortunate norm across Enterprises today.
- Network virtualization helps to reduce risk and supports a higher-level security strategy.
- Micro-segmentation provided through network virtualization paves the way for implementing a Zero Trust model.
Protecting your data doesn’t have to be difficult! Reserve your spot for this webcast today.
Micro-Segmentation and Security at Tribune Media
And to learn more about how other leading organizations are using micro-segmentation to build a Zero Trust Model, watch the video below from David Giambruno, CIO of Tribune Media.
Last week at VMworld, Pat Gelsinger made a statement that got folks buzzing. During his keynote, he said that integrating security into the virtualization layer would result in organizations being twice as secure at half the cost. As a long-time security guy, statements like that can seem a little bold, but VMware has data, and some proven capability here in customer environments.
We contend that the virtualization layer is increasingly ubiquitous. It touches compute, network, and storage – connects apps to infrastructure – and spans data center to device. More importantly, virtualization enables alignment between the things we care about (people, apps, data) and the controls that can protect them (not just the underlying infrastructure).
Let me speak to the statement from the data center network side with some real data. VMware has a number of VMware NSX customers in production that have deployed micro-segmentation in their data centers. Here’s what we found:
- 75% of data center network traffic is East-West, moving VM to VM regardless of how convoluted the path may be.
- Nearly all security controls look exclusively at North-South traffic, which is the traffic moving into and out of the data center; 90% of East-West traffic never sees a security control.
- Micro-segmentation with NSX enables full inspection of East-West traffic by logical network isolation, stateful firewalling, and with partners, even more sophisticated security controls can be implemented (next-generation firewalls, intrusion prevention systems, etc).
By my math using the above data, we’ve enabled organizations to move from security controls that only cover one third of their data center traffic to a much higher percentage – in some customer environments, they’ve deployed security controls to 100% of the traffic (full micro-segmentation, 100% of East-West traffic). That’s actually better than twice as secure.
Now, the “half the cost” aspect of the statement we’ve proven many times over. We’ve seen enough customer business cases that demonstrate doing micro-segmentation with hardware firewalls is three times the cost of doing it with VMware NSX. Never mind the fact that it is operationally infeasible to do this. You can read about that here in our whitepaper.
So, in a sense, Pat was being conservative in my view. It’s actually more like three times as secure at one-third the cost. Either way, it’s a huge improvement.
Here are just a few stories of real world customers that are starting to reap the benefits of using virtualization and micro-segmentation to improve the effectiveness and economics of security.
- Tribune Media Reinvents Networking and Security
- City of Avondale Boosts Datacenter Security with Network Virtualization
- Synergent Taps VMware NSX for Micro-Segmentation and IT Automation in the SDDC
- Columbia Sportswear Enhances Network Security with SDDC
The basis of competition has shifted from individual products and technologies to platforms,
but with everyone aspiring to be a platform the bar is set high. A platform must be a value-creation entity, underpinned by a robust architecture that includes a set of well-integrated software artifacts and programming interfaces to enable reuse and extensibility by third parties. Platforms must support an ecosystem that can function in a unified way, foster interactions among its members and orchestrate its network of partners. And finally, platforms must adhere to the network effect theory which asserts that the value of a platform to a user increases as more users subscribe to it, in effect, creating a positive feedback loop.
The VMware NSX network virtualization platform meets this criteria resoundingly. NSX is specifically designed to provide a foundation for a high-value, differentiated ecosystem of partners that includes some of the networking industry’s most significant players. The NSX platform leverages multi-layered network abstractions, an extensible and distributed service framework with multiple entry points, and transparent insertion and orchestration of partner services. What distinguishes NSX from other platforms is its inherent security constructs which partner solutions inherit, and a context sharing and synchronization capability that allows partners to fine-tune the delivery of their services on the NSX platform inside the data center in a closed feedback loop. Continue reading
After three consecutive months attending 75 customer meetings throughout the U.S., Europe and Asia, I came away with plenty of frequent flyer miles and, more importantly, tons of insight to share with you.
What I learned from customers is that VMware NSX is truly a game-changer. And as we exit the second quarter, the list of customers excited about NSX is only getting bigger. We recently announced that we have grown from more than 150 VMware NSX customers a year ago, to more than 700 customers today. These customers are setting the stage for others to follow. They are providing best practices that we are feeding back to others, and giving us valuable insight into challenges they encounter along the way.
So as I promised, I’ve pulled together highlights from these meetings and condensed them into three key themes that emerged. For you IT pros out there reading this, let me know if any of this sounds familiar. Continue reading
Last month, we outlined VMware’s vision for helping customers achieve one cloud for any application and any device. We believe the prevailing model for cloud adoption will be the hybrid cloud, and the best architecture for achieving the hybrid cloud is through a software-defined data center architecture. The fastest path to building reliable infrastructure for the hybrid cloud is through the use of converged infrastructure systems, and no company has been more successful at delivering on the promise of converged infrastructure than our partner VCE.
Now, the ability to procure and deploy the VMware NSX network virtualization platform with VCE converged infrastructure is about to get whole lot easier.
Today, VCE launched VCE VxBlock Systems, a new family of converged infrastructure systems that will factory-integrate VMware NSX for software-defined data center deployments. The new VxBlock Systems will include VCE pre-integration, pre-testing and pre-validation of VMware NSX, with seamless component-level updates, ongoing lifecycle assurance, and unified single-call support from VCE.
As I wrote previously, VMware NSX already runs great on existing Vblock Systems. Customers today are deploying VMware NSX with their existing Vblocks, and customers will be able to extend VMware NSX environments across their entire VCE converged infrastructure environment as they move to the new VxBlock Systems.
This solution will be a powerful building block for the software-defined data center, delivering unparalleled IT agility through automation, and unparalleled security through micro-segmentation.
Agility through IT Automation
- Reduce time to provision multi-tier networking and security services from weeks to minutes.
- Achieve faster development, testing and deployment of new applications by aligning network and security provisioning with compute and storage provisioning.
- Streamline IT operations through programmatic creation, provisioning, snapshotting, deleting and restoration of complex software-based networks.
- Build advanced workflows through cloud management platforms to automate provisioning of networking and security, including switching, routing, firewalling, and load balancing without manually reconfiguring physical network devices.
- Use micro-segmentation and isolation capabilities of VMware NSX to build security directly into the data center infrastructure.
- Insert advanced partner services from leading security vendors to improve threat protection, reduce risk and help address their compliance requirements.
- Achieve better security inside the data center through fine-grained policies that enable firewall controls and advanced security down to the level of the virtual NIC.
- Create dynamic security policies that are automatically applied when a virtual machine spins up, are moved when a virtual machine is migrated and are removed when a virtual machine is de-provisioned
VMware NSX is the ideal platform for virtualizing the network running on top of VCE converged infrastructure.
We’re excited to take to the road for another edition of our VMware Software-Defined Data Center Seminar Series. Only this time, we’ll be joined by some great company.
VMware & Palo Alto Networks invite you along for a complementary, half-day educational event for IT professionals interested in learning about how Palo Alto Networks and VMware are transforming data center security.
Thousands of IT professionals attended our first SDDC seminar series earlier this year in more than 20 cities around the globe. Visit #VirtualizeYourNetwork.com to browse the presentations, videos, and other content we gathered.
This free seminar will highlight:
- The Software-Defined Data Center approach
- Lessons learned from real production customers
- Using VMware NSX to deliver never before possible data center security and micro-segmentation
Who should attend?
People who will benefit from attending this session include:
- IT, Infrastructure and Data Center Managers
- Network professionals, including CCIEs
- Security & Compliance professionals
- IT Architects
- Networking Managers and Administrators
- Security Managers and Administrators
- 8:30 a.m. Registration & Breakfast
- 9:00 a.m. VMware: Better Security with Micro-segmentation
- 10:00 a.m. Palo Alto Networks: Next Generation Security Services for the SDDC
- 11:00 a.m. NSX & Palo Alto Networks Integrated Solution Demo
- 11:45 a.m. Seminar Wrap-up
- 12:00 p.m. Hands-on Workshop
- 1:30 p.m. Workshop Wrap-up
Check out the schedule and register. Space is limited.
- U.S. Cities- http://info.vmware.com/content/26338_nsx_us_cities?src=&xyz=
- EMEA Cities – http://info.vmware.com/content/26338_nsx_emea_cities?src=&xyz=
- APJ Cities – http://info.vmware.com/content/26338_nsx_apj_cities?src=&xyz=
Learn more at http://info.vmware.com/content/26338_nsx_series