VMware Cloud Foundation (VCF) seamlessly integrates on-premises virtual infrastructure with the agility of the public cloud. This empowers customers to establish their own private cloud within a secure and controlled data center environment, delivering scalability, rapid innovation, and effective cost management.
Security is a crucial consideration for any cloud environment. Organizations should design and implement their VCF private cloud infrastructure using a zero-trust security approach to mitigate potential malicious activity.
Use case
Building a secure VCF private cloud infrastructure is the foundation for protecting organizations’ applications that run on top of it. The Management workload domain is a critical element of the VCF stack, hosting the resources that power VCF and ensure continuous operations. It is essential that the VCF workload and its management components be equally protected at the required level to prevent potential network intrusion activities and misuse and to establish a secure VCF operation.
Solution
VMware vDefend is the VCF integrated security solution that solves this matter through a distributed, scale-out architecture. The vDefend Distributed Firewall (DFW) is uniquely positioned outside the guest operating system but within the host itself, allowing it to protect the VCF private cloud in a way other solutions cannot. It provides a stateful L2-L7 firewall that is transparently applied to the workload’s network interface. This allows customers to implement any level of segmentation without redesigning the data center network infrastructure.
VCF 5.2 (NSX 4.2) introduced new capabilities for customers to secure VCF workloads regardless of the network backing (NSX VLAN and Overlay segments, and vSphere VLAN distributed port groups – DVPGs). This new capability simplifies VCF customers’ security journey by allowing them to enforce security without the need for workload migration from vSphere virtual distributed switch (VDS) networking backing to NSX segments.
Notably, this also provides a simple, built-in approach to securing the VCF management components (SDDC Manager, vCenter Servers, NSX Managers, etc.) connected to vSphere DVPG.
To empower VCF consumers with technical guidance on that matter, Broadcom’s Application Networking and Security (ANS) Division has published the “Secure VCF Management Workload Domain with VMware vDefend” white paper. The document directs VCF architects, infrastructure, and security administrators through the steps to implement vDefend Distributed Firewall (DFW) and protect the VCF Management domain components. It includes examples of security policies, recommendations, and implementation workflows.
Check out this brief demo to learn how to use VMware vDefend DFW to protect the VCF Management workload domain.
https://www.youtube.com/watch?v=WWJw31jHjsc
Summary
VMware vDefend is a foundational element of NSX, providing cutting-edge capabilities for zero-trust lateral security. The vDefend Firewall delivers distributed, software-defined protection at the scale to ensure that VCF private cloud infrastructures and applications are safeguarded. vDefend is seamlessly integrated into VCF and is available immediately for consumption, thus making it the perfect choice for customers to protect their private cloud.
