THE NEW IT SECURITY PARADIGM PART 4 – VMware’s NSX, and its Promise of a New Standard

By Richard Dornhart, National Security Practice Manager, Data#3

[Reading Time – 2:50 minutes]

Over my last 3 blogs, I’ve explored the role that network virtualisation looks set to play in resolving the challenges of securing enterprise networks – particularly with the rise of distributed applications and composed services. You can read them here:

Such a perspective on the capabilities of network virtualisation is quite new, and is a foundational capability of VMware NSX. This vSphere hypervisor based solution, allows security policies to be created that are not only enforced at every virtual machine, but directly aligned to application workloads like never before.

Virtualised security, tangible results.

This view is the most promising opportunity yet to close the architectural gap that has precluded us from thinking of enterprise IT security in a truly holistic fashion. It will have dramatic implications, allowing companies to better secure the growing number of software-defined data centres, and the applications they own.

By leveraging the existing benefits of virtualisation, and extending the same ease and flexibility to the network, VMware’s NSX promises to allow users to spin up a network easily as one might spin up a VM – complete, multi-tier virtual networks that can be saved, deleted, and restored as simply as virtual machines.

NSX will also enable users to connect virtual machines to virtual networks that span multiple subnets, across physical locations, allowing a workload to be moved to wherever compute capacity is available.

Applying granular security.

NSX’s ability to embed security functions directly into the hypervisor will enable micro-segmentation to be delivered, and granular security to be applied to the individual workload. As a result, data centre security promises to be significantly improved, as security policies are enabled to travel with the workloads, regardless of where those workloads are or how they’re attached to the underlying network.

One such scenario might be to spin servers and workloads up in an NSX compatible Cloud, and connect the logical ports of the workloads to the NSX logical switch, which is stretched from the on-premises data centre to the Cloud data centre. Application components can then be added to a security group, independent of the workload location or underlying network, thus automatically protecting on-premises and Cloud-based workloads via one, centrally managed security policy.

Zero Trust environments could be provisioned readily, and any VMs moved would take their policies with them. Should any vulnerability be detected, the NSX Security tag for the VM would be dynamically updated, and quarantine controls enforced. Each VM could then effectively be given its own perimeter defence.

According to VMware, future NSX capabilities may extend to include adding encryption as simple as drag-and-drop. A dashboard solution would show all available micro-segments across Public and Private Clouds, to which policies can be applied in real-time. Encryption, for instance, becomes a checkbox on an application group.

That’s an approach that would alleviate any number of headaches for security experts.

VMware – from virtualisation provider to software-defined-security platform builder.

While NSX has been shipping for 3 years now, VMware has been careful to remind us that NSX is not a security product, and NSX is not the only security capability you need in the virtual data centre. NSX is positioned as a platform for high throughput, stateful firewalling up to layer 4, however for deeper, next generation firewalling, close relationships with vendors will be vital to its success.

As a result, VMware has partnered with an ecosystem of leading hardware and software vendors, including Palo Alto, Checkpoint, Fortinet, Intel Security, Trend Micro and Symantec, ensuring data at rest and traffic between VMs can be easily inspected by market leading security solutions. In addition, NSX Security Groups – which are dynamically updated as VMs come and go – can be used in security policy synchronised with the supported Next-Gen Firewall vendor and used in firewall rules, pushed right through to physical firewalls at the data centre perimeter.

This latest iteration of the vSphere platform goes a long way towards closing the architectural gap that continues to hamper end-to-end security in the extraordinarily dynamic application environments of today.

For more information, visit Data#3 Secure or contact a Data#3 security specialist.

Tags: Cybersecurity, Network Security, Security



Managed Services eBook
Your guide to Data#3 Managed Services

Digital disruption is causing significant changes in the workplace, leading to higher expectations for access, security, and support regardless of…

JuiceIT Guest Blog | How XDR can help when time is of the essence

The only thing worse than cyber threats is an inability to detect those threats in time. Organisations need the…

JuiceIT Guest Blog | Veeam Platform: Reliable and Fast Recovery from Ransomware in a Hybrid World.

Ransomware attacks have become a growing concern for organisations of all sizes in Australia and New Zealand, resulting in significant…

Customer Story: Pernod Ricard Winemakers

Azure Migration gives Pernod Ricard Greater Flexibility and Improved Performance Download Customer Story Contact a Specialist…

Why would you deploy SASE?
If Secure Access Software Edge (SASE) with Cisco Meraki is the destination, what does the journey to get there look like?

Firstly, let’s set the scene. The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues…

Data#3 named (HPE) Platinum Partner of the Year and Aruba GreenLake Partner of the Year
Data#3 enjoys double scoops at HPE/Aruba awards night

December 08, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Azure BaaS
Protecting Data in a Cloud World: Will Backup as a Service be what Keeps Your Business Online Through a Crisis?

Very few organisations could run in a technology-free environment, so naturally, strong IT departments put considerable effort into business continuity…

Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…