Jefferson County, Colorado (“Jeffco”) is a local jurisdiction located against the beautiful Rocky Mountains and adjacent to the state capital in Denver. Jeffco’s IT organization is charged with meeting the needs not only of the various internal departments of the county, but also of serving its half million residents.
As with most IT departments, Jeffco’s IT team has some key priorities to address, including modernizing application infrastructures and bringing more efficiency to business processes — all while fundamentally enhancing security. It was these needs that led Jeffco to VMware NSX. “We’re doing as much as we can to simplify our infrastructure, yet provide more security, higher up time, and better performance,” says Matt Alexander, Senior Systems Administrator.
Like many other organizations, Jeffco first considered VMware NSX for micro-segmentation. Their network had followed the traditional model of data center security: perimeter firewalls, DMZ, internal security zone. But this legacy security model wasn’t enough. Jeffco recognized the need to treat all network traffic — regardless of whether it originated inside or outside the data center — as potentially insecure. “From a micro-segmentation and east-west firewalling perspective, we may have had the ability [in the past] but it was exceptionally expensive with physical firewalls,” says Alexander. “With VMware NSX, every host essentially has a firewall at the level of the vNIC, so you can have a policy that says VM ‘A’ can’t talk to VM ‘B’ — even if it’s on the same network or host.”
As with any team responsible for running a network, operations plays a critical component. The Jeffco team uses VMware vRealize Log Insight to monitor traffic flows in their NSX environment. They review Log Insight to determine if there are any change to traffic patterns that require attention.
Since deploying VMware NSX, Jeffco is one step closer to a Zero Trust model of security, and looking ahead, the team is planning to accrue more benefits by adopting more of NSX’s network automation capabilities. It’s worth noting that the Jeffco IT team deployed VMware NSX by themselves. Leveraging their existing networking know-how, the team attended the VMware NSX Install, Configure, Manage (ICM) course and designed their VMware NSX network independently. They validated some assumptions and designs with their local VMware team, and within a few weeks, their VMware NSX network was up and running.