THE NEW IT SECURITY PARADIGM PART 4 – VMware’s NSX, and its Promise of a New Standard

By Richard Dornhart, National Security Practice Manager, Data#3

[Reading Time – 2:50 minutes]

Over my last 3 blogs, I’ve explored the role that network virtualisation looks set to play in resolving the challenges of securing enterprise networks – particularly with the rise of distributed applications and composed services. You can read them here:

Such a perspective on the capabilities of network virtualisation is quite new, and is a foundational capability of VMware NSX. This vSphere hypervisor based solution, allows security policies to be created that are not only enforced at every virtual machine, but directly aligned to application workloads like never before.

Virtualised security, tangible results.

This view is the most promising opportunity yet to close the architectural gap that has precluded us from thinking of enterprise IT security in a truly holistic fashion. It will have dramatic implications, allowing companies to better secure the growing number of software-defined data centres, and the applications they own.

By leveraging the existing benefits of virtualisation, and extending the same ease and flexibility to the network, VMware’s NSX promises to allow users to spin up a network easily as one might spin up a VM – complete, multi-tier virtual networks that can be saved, deleted, and restored as simply as virtual machines.

NSX will also enable users to connect virtual machines to virtual networks that span multiple subnets, across physical locations, allowing a workload to be moved to wherever compute capacity is available.

Applying granular security.

NSX’s ability to embed security functions directly into the hypervisor will enable micro-segmentation to be delivered, and granular security to be applied to the individual workload. As a result, data centre security promises to be significantly improved, as security policies are enabled to travel with the workloads, regardless of where those workloads are or how they’re attached to the underlying network.

One such scenario might be to spin servers and workloads up in an NSX compatible Cloud, and connect the logical ports of the workloads to the NSX logical switch, which is stretched from the on-premises data centre to the Cloud data centre. Application components can then be added to a security group, independent of the workload location or underlying network, thus automatically protecting on-premises and Cloud-based workloads via one, centrally managed security policy.

Zero Trust environments could be provisioned readily, and any VMs moved would take their policies with them. Should any vulnerability be detected, the NSX Security tag for the VM would be dynamically updated, and quarantine controls enforced. Each VM could then effectively be given its own perimeter defence.

According to VMware, future NSX capabilities may extend to include adding encryption as simple as drag-and-drop. A dashboard solution would show all available micro-segments across Public and Private Clouds, to which policies can be applied in real-time. Encryption, for instance, becomes a checkbox on an application group.

That’s an approach that would alleviate any number of headaches for security experts.

VMware – from virtualisation provider to software-defined-security platform builder.

While NSX has been shipping for 3 years now, VMware has been careful to remind us that NSX is not a security product, and NSX is not the only security capability you need in the virtual data centre. NSX is positioned as a platform for high throughput, stateful firewalling up to layer 4, however for deeper, next generation firewalling, close relationships with vendors will be vital to its success.

As a result, VMware has partnered with an ecosystem of leading hardware and software vendors, including Palo Alto, Checkpoint, Fortinet, Intel Security, Trend Micro and Symantec, ensuring data at rest and traffic between VMs can be easily inspected by market leading security solutions. In addition, NSX Security Groups – which are dynamically updated as VMs come and go – can be used in security policy synchronised with the supported Next-Gen Firewall vendor and used in firewall rules, pushed right through to physical firewalls at the data centre perimeter.

This latest iteration of the vSphere platform goes a long way towards closing the architectural gap that continues to hamper end-to-end security in the extraordinarily dynamic application environments of today.

For more information, visit Data#3 Secure or contact a Data#3 security specialist.

Tags: Cybersecurity, Network Security, Security


Subscribe to our blog


Azure Cosmos Vulnerability
Vulnerability in Microsoft Azure Cosmos DB

TLDR: I recommend all customers using Cosmos DB rotate all connection keys for each instance of Cosmos DB immediately.  …

Microsoft Data#3 Certified
Data#3 leads the way with Microsoft certifications and advanced specialisations

August 10, 2021; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, today announced that it has successfully renewed…

Email Security
Email: E for Error?

A number of years ago while on a family vacation, a younger member of the household that stayed behind was…

Q&A St Vincents Health
A new Era in Data Management:
Q&A with Cohesity and St Vincent’s Health Australia

Legacy data management environments are complex and siloed, leading to unnecessary expense and overheads that today’s IT teams simply don’t…

Data#3 recognised as a global finalist of 2021 Microsoft OEM Device Distributor/Reseller Partner of the Year

July 09, 2021; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, today announced it has been named a…

Blog | Cohesity Use Cases
The modern use cases driving an evolution in data protection and recovery

In our previous post, we looked at what’s driving the increased interest in Cohesity and introduced a few use…

Customer Story: A Cisco Firepower Case Study

Cisco Firepower Strengthens Organisational Cybersecurity Defences Objective As a large organisation that places a high priority on IT security to…

Why Cohesity?
What’s driving the increased interest in Cohesity?

There has been a quiet evolution taking place in an area that often gets overlooked when it comes to technology…