Microsegmentation and network segmentation are critical components of Zero Trust. But, historically, segmentation projects have been fraught with operational challenges and limited by platform capabilities.  

Not anymore 

VMware NSX enables a new framework and firewall policy model that allows applications to define access down to the workload levelNSX does this by understanding application topologies and applying appropriate policy per workload. Creating zones in the data center where you can separate traffic by application simultaneously helps stop the spread of lateral threats, create separate development, test, and production environments, and meet certain compliance requirements. 

VMworld attendees who want to learn more about how to set up micro-segmentation/network segmentation in their data centers should consider the following sessions: 

Permit This, Deny That – Design Principles for NSX Distributed Firewall (ISNS2315D) 

Micro-segmentation is something that is certainly easier said than done. Although micro-segmentation allows applications to define access down to the component level, the operation of such an environment can be daunting without structure and guidance. In this session, youll learn how to develop a new framework and a firewall policy model for automated platforms and self-service clouds. Well dive into best practices, lessons learned, and a phased approach for evolving a robust firewall policy design. 

Overcoming the Four Barriers to Micro-Segmentation (ISNS1416) 

Micro-segmentation is one of the key pillars of a Zero Trust network architecture and something that’s top of mind for every CISO. However, achieving Zero Trust microsegmentation has historically been fraught with operational challenges and limited by platform capabilities. Learn how NSX—which offers layer7 security controls with traffic inspection to truly enable Zero Trusthas simplified the deployment and operation of microsegmentation in brownfield environmentsWe’ll discuss the four key barriers to creating a successful micro-segmentation strategyand how to overcome them. 

NSX Intelligence: Visibility and Security for the Modern Data Center – Pt1 (ISNS1144) 

NSX Intelligence leverages the distributed architecture of VMware NSX to deliver analytics within the vSphere and NSX platforms. This innovative approach builds on the deep workload and network context unique to NSX to provide new capabilities for networking and security by leveraging artificial intelligence and machine learning. In Part 1 of this two-part session, well cover how NSX Intelligence delivers detailed visualization, automated security policy recommendations, continuous monitoring of every flow, and an audit trail of security policies. Well dive deep into the solution architecture and also present a demo of the latest product capabilities, including end-to-end visibility, how to build NSX firewall policy and rules, and security anomaly detection.  

NSX Intelligence: Visibility and Security for the Modern Data Center – Pt2 (ISNS2496) 

While the NSX Intelligence Part 1 session focused on the core NSX Intelligence platform, this session (Part 2) will cover integrations and extensibility with VMware solutions like Carbon Black and vRealize Network Insight, as well as our partner ecosystem. Well focus on how NSX Intelligence has been built to enable extensibility through several interfaces and how leveraging these integrations and feeds provides even more context and endtoend visibility. In addition, youll hear from a partner (Ordr) and customer (Christus Health) on their experiences using and integrating NSX Intelligence, and we’ll provide a demonstration.  

Operationalizing the NSX Firewall with VMware Professional Services (ISNS2648) 

During this session, we will review the methodology used by VMware Professional Services to operationalize the NSX Distributed Firewall. The process includes collecting firewall information from application vendors and owners, using vRealize Network Insight and NSX Intelligence to inspect physical and virtual netflows, and analyzing existing firewall rule sets. Using all of the information acquired through this analysis, we can architect a comprehensive firewall policy approach that takes advantage of the advanced grouping capabilities of the NSX Firewall to create a policy that is both secure and easy to maintain. NSX Intelligence provides additional application communication visibility that can be used for troubleshooting and iterating the firewall ruleset. Emphasis is placed on utilizing methods which make continued application of the policy easy via automated virtual machine tagging or grouping membership network segment, operating system, or other environment-specific metadata. The end result is a highly effective firewall policy that includes automated enforcement but requires minimal manual processes to onboard new applications. 

Implement Microsegmentation in the Data Center at Scale 

Microsegmentation and Network Segmentation are critical components in building modern networks for modern applications. The ability to separate traffic by application or other characteristic hardens security and meets new compliance requirements. VMware NSX allows you to do this at scale without adding IT complexity or overhead. 

Explore how you can implement micro-segmentation/network segmentation in your data center by viewing the VMworld sessions today. Also, check out the on-demand catalog for more Network and Cloud Security sessions.