Using VMware NSX for the Microsegmentation of Security
- Date: 12 October, 2016
The methods we have used in the past to secure our networks won’t work for tomorrow’s networks. Cloud-based applications and multi-tenant environments require greater scalability, agility and control. Software-defined networking (SDN), such as that provided by VMware NSX, can deliver a new platform that transforms networking and provides for much more specific control of the security of your data and networked applications. In this white paper, author Bill Ferguson describes the microsegmentation of security and illustrates how you can use NSX to provide security that works on today’s and tomorrow’s networks.
In the past, before we had virtual machines (VMs), each of our servers existed in a specific physical location and rarely if ever moved from that location. Therefore, we configured our security policies to either allow or deny traffic to and from that physical location. I can remember setting up powerful (at that time) firewalls called “bastion hosts” that stood between one part of my network and another to protect my servers. The rules that we applied to those firewalls were customized to take into account the specific physical location of each resource. After all, how else could one secure anything?
Well, times have changed and the explosive growth in software-defined data centers (SDDCs) and SDNs makes it mandatory that we find a new and better solution than we’ve used in the past. Most businesses have hundreds or even thousands of applications that they need to protect. Each of these applications may require a different type of protection with different security parameters needed to protect the data and connectivity of the application. In addition, these applications are not necessarily “sitting still” in the same physical location anymore. In fact, services such as VMware’s vMotion can move a running VM server from one physical location to another, and services such as Distributed Resource Scheduler (DRS) can automate those moves to balance compute loads across hosts in a cluster. Because of these new capabilities to “play musical chairs” with our servers, we need to be able to control their security without regard to their physical location. That way, we can keep our data and networked applications safe; regardless of where their servers are located. VMware NSX provides not only a virtualized network but also the possibility for microsegmentation of security. The microsegmentation of security is the ability to individually configure and continue to apply security for each connection on every VM on your network regardless of its physical location; and regardless if the VM is moved to another physical location.