Segmentation It can be extremely difficult to secure and maintain security in your production environment. The traditional security model focuses on the perimeter defense but continued security breaches show that this model is not affective.  Firewall can be deployed at each VM, but that proves to be unmanageable. With NSX 6.1 it is possible to micro segment your network, so that only traffic that is allowed can travel through the network between virtual machines.
Traditionally, network segmentation is a function of a physical firewall or router, designed to allow or deny traffic between network segments or tiers. The traditional processes for defining and configuring segmentation are time consuming and highly prone to human error, resulting in a large percentage of security breaches. Implementation requires deep and specific expertise in device configuration syntax, network addressing, application ports and protocols. Network segmentation is a core capability of NSX. A virtual network can support a multi-tier network environment, meaning multiple L2 segments with L3 segmentation or micro-segmentation on a single L2 segment using distributed firewall rules. These could represent a web tier, application tier and database tier. Physical firewalls and access control lists deliver a proven segmentation function, trusted by network security teams and compliance. Confidence in this approach for cloud data centers, however, has been shaken, as more and more attacks, breaches and downtime are attributed to human error in to antiquated, manual network security provisioning and change management processes. In a virtual network, network services (L2, L3, ACL, Firewall, QoS etc.) that are provisioned with a workload are programmatically created and distributed to the hypervisor vSwitch. Network services, including L3 segmentation and fire-walling, are enforced at the virtual interface. Communication within a virtual network never leaves the virtual environment, removing the requirement for network segmentation to be configured and maintained in the physical network or firewall.
0 Comments
VMware CEO Pat Gelsinger announced a new hybrid cloud strategy today along with a series of product updates, including a new version of vSphere, VSAN, VVOLs, a distribution of OpenStack and integrations of NSX with vCloudAir. The new vision laid out by VMware CEO Pat Gelsinger is one of a "Seamless and Complete Picture," of Any Device, Any Application and One Cloud.  VMware spoke with their customers and found that they are looking for three key areas when it comes to IT:
With a foundation of vSphere 6.0 and new features including One Management, whether on premise or off, NSX built into vCloudAir, VSAN, and VVOLs the architecture is designed to bring a unified cloud. CEO Pat Gelsinger states that "customers increasingly need a software-defined infrastructure to enable the level of speed, agility and flexibility to respond to the challenges of IT." VMware vSphere 6.0 VMware is raising the bar again with more than 650 new features in vSphere 6.0. Some of the newly announced features include:
VMware VSAN With significant improvements in scale and functionality new features in VSAN include:
VMware vSphere 6.0 is the next major release since 5.5 and with any major release it is packed with new features and enhancements along with increased scalability. This version comes with some big improvements to VSAN which I'll discuss below. Host ImprovementsIn vSphere 5.5 the maximum supported host memory was 4TB, in 6.0 that jumps up to 12TB. Also, in vSphere 5.5 the maximum supported number of logical (physical) CPUs per host was 320 CPUs, in vSphere 6.0 that is increased to 480 CPUs. The last improvement to the hosts is the maximum number of VMs per host, increasing from 512 in 5.5 to 1000 VMs per host in 6.0 This gives the ability to create some monster VMs.  Fault Tolerance IprovementsFault Tolerance (FT) was introduced in vSphere 4. FT provides protection of VMs by preventing downtime in case of a host failure. FT has never been greatly used due to its design preventing anyone that required multiple CPUs from utilizing FT. FT now supports more than one vCPU and moves from 1 vCPU to 4 vCPU support.
|
RSS Feed