Enterprise IT is evolving quicker than ever before. Unless you’ve been living under a rock, you know most companies are leaning into digital transformation in order to stay accessible and relevant to customers. With its hybrid and “always on” capabilities, cloud is destined to usher in those grand changes. But with wide sweeping change comes obstacles — who hasn’t read the dozens of headlines on breaches and cybersecurity attacks in the past year? While many IT teams have on premise security nailed down, cloud can feel like a different world. Isn’t there a way to better manage cloud security using the security concepts that IT has already mastered?
vCloud Air Hybrid DMZ was built for exactly this purpose. Simply put, imagine placing a security layer to direct all the traffic to your clouds. Better still, this can be based logically on the current policies you have on premise. Let’s face it. It’s Herculean, and unnecessary, to re-architect network security entirely in the cloud. However, a typical migration might force IT into a corner of mixing-and-matching inconsistent policies and architectures. Throw in duplicity in skill sets and multiple copies of appliances, and you’ve got quite a mess. Instead, try thinking along these lines: it’s not only applications and data that can be lift-and-shifted. With Hybrid DMZ, you can do the same with security.
But extending familiar security concepts to the cloud is only the beginning. After all, cloud appeals to organizations because it isn’t an on premise data center. That introduces new security challenges — requiring greater control to be placed in IT’s hands. Yet by placing Hybrid DMZ at the front of your security perimeter, you can have any mix of clouds in the back. It will always be a secure endpoint exiting the DMZ. Management also isn’t limited to only the perimeter. With Hybrid DMZ, you can easily isolate different services and parts of the network. Define North/South and East/West parameters, then use BFP and dynamic routing for choosing the priority path. From a singular security control point, you can manage granular details and further separating duties for end users. Let’s face it, this type of management is crucial. Nobody really believes that IT should sacrifice overall security in order for application teams to access their own environments. Now teams can be happily agile while the cloud stays secure. That’s a win-win for IT.
Here’s a useful analogy to help explain Hybrid DMZ. Imagine it as a traffic cop-meets-border security officer. As the first contact-point that connections run into, it funnels traffic along different paths. And as a security layer, it consolidates all those connections to virtualized and cloud data centers into one entry point.
Of course, there are other elements that can’t go overlooked. Security is innately connected to networking — what are Hybrid DMZ’s effects on infrastructure for cost and performance? Well, it turns out that centralizing sharing services, with isolation of workloads from virtual data centers, makes provisioning much easier and more cost-effective. Then you have to add up all the cost reductions that Hybrid DMZ allows. Get rid of duplicate licensing requirements with its better security management. The Edge can also function as a router, eliminating the need to supply your own for multi-segment design. And the overall effect on performance is fantastic — our customers report up to 10Gbps bandwidth for active state MPLS connectivity. How about that for a sure-fire way to get better SLAs?
Ultimately, the pace of digital transformation is only accelerating. Luckily, so are improvements to Enterprise IT solutions. While security is a key barrier to cloud adoption, it can be overcome. After all, in order for hybrid clouds to truly be launch pads of business innovation, IT needs smarter solutions overall. So the moral of the story is clear: extend your on-premises security concepts to the cloud, then use a smart layer for efficient management. Start with vCloud Air Hybrid DMZ.
To learn more about how Hybrid DMZ Reference Designs for vCloud Air, click here.