posted

0 Comments

Check-out the new white paper on leveraging NSX-V for security within the VxRAIL hyper-converged platform. The paper outlines how VxRAIL hyper-converged solutions leveraging NSX-V for security solves many of the security challenges with traditional silo-based architectures. A brief outline is provided below. Make sure to checkout the white paper for additional details. 

Figure 1 below shows a visualization of going from a traditional silo-based solution to a converged solution leveraging VxRAIL with NSX-V for security.  The optional NSX add-on provides security baked into the VxRAIL converged appliance allowing for a single pane of glass for managing workloads and their respective security policies.

Figure 1: Evolution to a Hyper-Converged Design with VxRAIL + NSX

Figure 1: Evolution to a Hyper-converged Design with VxRAIL + NSX

In addition to NSX-V complementing the hyper-converged architecture of VxRAIL, NSX-V security on VxRAIL provides for several use cases outlined below.


1. VDI with NSX-V Providing for Enhanced Security Services

In this security use case, the organization is utilizing VDI desktops and has a need to secure the VDI nodes and back-end services being utilized; for this NSX-V DFW is utilized as shown in Figure 2 below.

Figure 2: VDI with NSX-V Providing for Enhanced Security Services

Figure 2: VDI with NSX-V Providing for Enhanced Security Services

 

2. Micro-segmentation for Applications

In this use case, the organization has multiple applications running within a VxRAIL environment and desires to provide enhanced security to the application by further segmenting the data center/network and providing security closer to the application via micro-segmentation.

Figure 3: NSX Micro-segmentation and Security for Applications Running on VxRAIL

Figure 3: NSX Micro-segmentation and Security for Applications Running on VxRAIL

Since NSX is applying security policies at the vNIC-level, NSX is agnostic to whether the security policies are for workloads on the same network or between networks as shown in Figure 4 and Figure 5. Additionally, unlike physical security appliances, there is no hair-pinning an external device.

Figure 4: NSX-V Micro-segmentation and Security Between Applications on Different Networks

Figure 4: NSX-V Micro-segmentation and Security Between Applications on Different Networks

 

Figure 5: NSX-V Micro-segmentation and Security Between Applications on the Same Network

Figure 5: NSX-V Micro-segmentation and Security Between Applications on the Same Network

 

3. DMZ Anywhere

In this last security use case, the organization is leveraging NSX-V to easily create a DMZ environment anywhere within the network simply by leveraging native NSX-V security capabilities.

Figure 6: NSX-V Providing a DMZ Anywhere Architecture Leveraging NSX-V

Figure 6: NSX-V Providing DMZ Anywhere Architecture Leveraging NSX-V

Optionally, advanced 3rd party security services with Palo Alto Networks, Check Point, etc. can be leveraged within the virtual environment leveraging the NSX-V network introspection framework as shown below in Figure 7.

Figure 7: NSX-V Providing a DMZ Anywhere Architecture Leveraging NSX-V DFW and 3rd Party Security

Figure 7: NSX-V Providing DMZ Anywhere Architecture Leveraging NSX-V DFW and 3rd Party Security

For additional information/details make sure to checkout the white paper: Security for Hyper-Converged Solutions: Dell EMC VxRAIL Appliances – VMware vSAN Readymades with VMware NSX-V.