by: VMware VP of Engineering Huseyin Dursun
To learn more about how VMware IT implemented NSX micro-segmentation in its SAP deployment, read the blog,“How VMware IT Implemented NSX Data Center Micro-Segmentation for SAP.”
As virtualization proliferates within our data center, managing the network using just traditional tools is not realistic. Given the current security threats, maintaining proper security using only perimeter firewalls is not enough. This situation is what led us to deploy NSX with micro-segmentation using distributed firewallsinternally in VMware. The NSX Distributed Firewall is a hypervisor kernel-embedded stateful firewall that provides visibility and control for virtualized workloads and networks.
In a traditional data center, east-west (server-to-server) communication is open in most cases. Externally facing systems are prioritized and patched more frequently than internally facing systems. Standard enterprise software expects east-west communication to be unrestricted. This creates a scenario where the compromise of one internally facing server could lead to the compromise of other more critical servers.
NSX Data Center micro-segmentation helps us define exactly which servers can communicate with each other and how. The server virtual machine (VM) carries these policies even if it is moved from one host to other. With these policies in place, if a server is infected, the propagation of this infection is restricted.
We started our micro-segmentation process with a mandate that any new application must be micro-segmented before it goes live. With this mandate in place, we also started retrofitting the existing applications with micro-segmentation.
We will be posting technical blogs that describe how we are deploying micro-segmentation for different applications within our environment. Stay tuned to the VMware on VMware blog site to learn more about these implementations.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or firstname.lastname@example.org to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.