Breaking down cloud infrastructure silos with consistent, enterprise-class networking and security for cloud-native applications
Applications are the driving force of digital business, delivering competitive differentiation, and innovation. But many enterprises are running their applications and workloads in private and public clouds, creating a new set of infrastructure silos that raise management and operational challenges for cloud IT.
Each public cloud has its own networking and security policies, which complicate management and operations, increase complexity, and drive increased OpEx outlays. Even a single public cloud provider can have operational limitations like security groups and rules that do not span across VPCs, forcing IT to re-create policies for each VPC and hard limits like a limited number of security rules per group, which will impact the majority of instances.
VMware NSX Cloud helps IT overcome these challenges by providing an enterprise-class networking and security framework for applications running in public clouds. Having a common networking and security model across public clouds improves operational scalability, control, and visibility for cloud-native applications – with lower OpEx.
VMware NSX Cloud enables cloud IT to achieve:
Unified and scalable micro-segmentation security for applications
Micro-segmentation security allows IT to control East-West traffic between application instances running in public clouds. Security can be applied directly to workloads running in VPC underlay networks or NSX Cloud overlay networks.
Policy is dynamically applied based on workload attributes and user-defined tags and automatically follows instances when they are moved. Policy can be defined once and used across multiple VPCs, regions, and clouds – without re-creating security groups and rules each time.
Security policy can also be defined to quarantine rogue and compromised workloads that do not have micro-segmentation. Quarantined instances are immediately prevented from communicating on the cloud network.
NSX Cloud also enables real-time visibility and auditing of security events. Security event information can then be sent to a Syslog server, such as Splunk or any other tool the enterprise has standardized on.
Control and agility for cloud networking
NSX Cloud provides an abstraction layer that is independent of the underlying cloud networking constructs. You can think of NSX Cloud as a way to bring your own enterprise networking management and controls to the public cloud. This gives IT more precise control over the networking topologies, traffic flows, IP addressing, and protocols used within and across public clouds. For example, IT can easily stretch NSX Cloud subnets to applications running across multiple regions or clouds.
NSX Cloud provides a RESTful API, enabling the use of existing automation tools to programmatically provision and configure networking and security infrastructure in a public cloud. Templates can be used – for one or multiple public clouds – to simplify provisioning and management of applications, including their networking and security services.
End-to-end visibility into application traffic flows
NSX Cloud provides standard network data that can be consumed with existing operations tools. This enables deep, real-time operational visibility of application traffic flows within and between public clouds for diagnostics and troubleshooting.
VPC traffic can be monitored using IPFIX, network connectivity and performance issues can be identified using Traceflow, and application packets can be captured for analysis using Port Mirroring.
With NSX Cloud you can confidently embrace multiple public clouds while scaling your cloud networking and security operations, reducing operational complexity and expenditures, and cultivating productivity and innovation across your organization.
To learn more about VMware NSX Cloud and our other VMware Cloud Services, visit cloud.vmware.com/nsx-cloud
