VMware Inc. is dialing further into security with its latest upgrades to its network virtualization platform: VMware NSX.
The network virtualization platform comes in two options: NSX for vSphere, meaning it can be deployed in the vendor’s suite of virtualization products; and NSX-T, network virtualization for new application frameworks and architectures that have heterogeneous endpoints and technology stacks.
Both options create an offering that allows organizations to deploy an agile software-defined infrastructure in order to build public-cloud native application environments.
“We have customers that are now able to deliver entire new applications within minutes scaling faster whether it’s in their data centre or the public cloud using the VMware portfolio. NSX is one of the biggest reasons for that because of the agility we bring for networking and security,” said Milin Desai, vice president of products for VMware’s networking and security business unit, in an interview with ITWC.
Desai describes data centre security similar to a house: you have a strong perimeter defense, or north-south protection, but once you’re inside, you have unprecedented access to anything inside. Just like how you aren’t locking every individual door in your house, applications within the data centre don’t often have additional security.
To tackle this issue, the NSX portfolio provides micro-segmentation, or east-west protection, by locking down unnecessary communication between applications. Essentially, north-south is traffic coming from the outside into your web layer, and east-west is traffic from your web layer to your database layer.
“Let’s say an end user’s virtual desktop, or an application, gets breached, because of this east-west protection, the malware can not then jump laterally to another application or control system because of this micro-segmentation,” said Desai. “This is something we can uniquely deliver in the data centre.”
For those customers interested in micro-segmentation, VMware can offer a free tool called the virtual network assessment. By running this tool, VMware customers can get an idea of what their data centre looks like, from east-west traffic to north-south traffic. Ultimately this move is done to help customers accelerate digital transformation, and that starts by helping them understand what type of security they need, and how quickly they need it.
Desai explains that digital transformation comes down to how organizations, whether it be health care, banking, insurance agencies, etc., are trying to create more frequent and meaningful interactions with their customers. This is being done by integrating faster.
“You integrate faster with agility, and it can only be agile if you can deliver applications faster, and that’s what we’re really driving with NSX. Delivering applications with networking and security faster to achieve the end goal of unique interactions for these organizations with their end users,” Desai said.
NSX for vSphere supports vSphere 6.5, and features enhancements in four areas:
Security: New Application Rule Manager and Endpoint Monitoring features provide unique visibility from OS-level activity to network flows, resulting in automated policy and rule updates and making micro-segmentation easier to implement and more capable.
Application Continuity: New enhancements deliver consistent and dynamic security policies for customers scaling SDDC environments across multiple data centres and multiple VMware vCenters.
SDDC to Branch Connectivity: NSX now allows customers to extend a unified virtual network infrastructure with consistent performance security controls to remote endpoints from a central location, enabling enterprises to connect an SDDC to branch locations.
Service Provider/NFV Deployments: Enhanced support for VMware vCloud Director provides advanced self-service NSX capabilities for multi-tenant service provider deployments and NFV initiatives.
Additionally, VMWare has announced a new beta program for those customers interested in container networking and security for application frameworks called the Container Network Interface (CNI), support for its enterprise cloud-native infrastructure platform, the VMware Photon Platform, updated support for OpenStack Newton and Mitaka, and expanded support for multiple KVM distributions from Canonical and Red Hat.