virtualizationvelocity
  • Home
  • About
  • VMware Explore
    • VMware Explore 2023
    • VMware Explore 2022
  • VMworld
    • VMworld 2021
    • VMworld 2020
    • VMworld 2019
    • VMworld 2018
    • VMworld 2017
    • VMworld 2016
    • VMWorld 2015
    • VMWorld 2014
  • vExpert
  • Back-to-Basics
    • The Class Room
  • VMUG Advantage
  • Book Reviews

VMware NSX 6.1 Features and Security

2/10/2015

0 Comments

 
With the advent of NSX 6.1, security breaches and the rise in security issues around the globe I thought I would discuss some of the new features of NSX 6.1 both security and none.
Picture
Segmentation
It can be extremely difficult to secure and maintain security in your production environment. The traditional security model focuses on the perimeter defense but continued security breaches show that this model is not affective.
Picture
Firewall can be deployed at each VM, but that proves to be unmanageable. With NSX 6.1 it is possible to micro segment your network, so that only traffic that is allowed can travel through the network between virtual machines.

Traditionally, network segmentation is a function of a physical firewall or router, designed to allow or deny traffic between network segments or tiers. The traditional processes for defining and configuring segmentation are time consuming and highly prone to human error, resulting in a large percentage of security breaches. Implementation requires deep and specific expertise in device configuration syntax, network addressing, application ports and protocols.

Network segmentation is a core capability of NSX. A virtual network can support a multi-tier network environment, meaning multiple L2 segments with L3 segmentation or micro-segmentation on a single L2 segment using distributed firewall rules. These could represent a web tier, application tier and database tier. Physical firewalls and access control lists deliver a proven segmentation function, trusted by network security teams and compliance. Confidence in this approach for cloud data centers, however, has been shaken, as more and more attacks, breaches and downtime are attributed to human error in to antiquated, manual network security provisioning and change management processes.

In a virtual network, network services (L2, L3, ACL, Firewall, QoS etc.) that are provisioned with a workload are programmatically created and distributed to the hypervisor vSwitch.  Network services, including L3 segmentation and fire-walling, are enforced at the virtual interface. Communication within a virtual network never leaves the virtual environment, removing the requirement for network segmentation to be configured and maintained in the physical network or firewall.
Picture
Two Stage ECMP
Equal cost multi path (ECMP) routing for distributed logical routers and NSX Edges has been added to 6.1. This gives NSX the ability to support ECMP between the Distributed Logical Router (DLR) and the NSX Edges to the physical network. This is limited to 8 ECMP paths. With this new feature you can better utilize bandwidth by way of multiple NSX Edges and their respective uplinks.
Picture
Load Balancing
Every NSX Edge has the ability to provide load balancing which can provide support for load balancing policies of IP hash, least connection, round robin and URI. NSX 6.1 includes the ability to load balance TCP, UDP and FTP.
Picture
Firewall Enhancements
  • Firewall Reject action.
  • Troubleshooting and Monitoring.
    • Advanced filtering of rules.
    • CPU/Memory Thresholds.
    • IPFIX Support in DFW.
  • Provisioning
    • Combined Edge and DFW Management.
    • Network Oriented service insertion.
Integration with Palo Alto
VMware NSX platform to distribute the Palo Alto Networks VM-Series next generation firewall, making the advanced features locally available on each hypervisor. Network security policies, defined for applications workloads provisioned or moved to that hypervisor, are inserted into the virtual network’s logical pipeline. At runtime, the service insertion leverages the locally available Palo Alto Networks next-generation firewall feature set to deliver and enforce application, user, context-based controls policies at the workloads virtual interface.
Picture
VMware NSX provides a platform that allows automated provisioning and context-sharing across virtual and physical security platforms. Combined with traffic steering and policy enforcement at the virtual interface, partner services, traditionally deployed in a physical network environment, are easily provisioned and enforced in a virtual network environment, VMware NSX delivers customers a consistent model of visibility and security across applications residing on both physical or virtual workloads.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Recognition

    Picture
    Picture
    Picture
    Picture
    Picture
    Picture

      Subscribe!

    Subscribe to Newsletter

    Categories

    All
    Amazon
    Ansible
    Azure
    Broadcom
    Certifications
    Citrix
    Cloud Foundation
    Containers
    Converged
    Enterprise Architecture
    General
    Horizon
    Hyper-Converged
    NetApp Spot
    NSX
    Nutanix
    SD-WAN
    VeloCloud
    VMCoAWS
    VMUG
    VMware
    VMware Aria Cost
    VSAN
    VSphere
    Workspace One

    Archives

    September 2023
    July 2023
    June 2023
    May 2023
    March 2023
    February 2023
    January 2020
    October 2019
    April 2019
    May 2018
    April 2018
    December 2017
    October 2017
    June 2017
    April 2017
    March 2017
    February 2017
    October 2016
    September 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    October 2015
    March 2015
    February 2015
    January 2015
    November 2014
    September 2014
    August 2014
    June 2014
    May 2014
    April 2014
    December 2013
    September 2013

    RSS Feed

    Follow @bdseymour
  • Home
  • About
  • VMware Explore
    • VMware Explore 2023
    • VMware Explore 2022
  • VMworld
    • VMworld 2021
    • VMworld 2020
    • VMworld 2019
    • VMworld 2018
    • VMworld 2017
    • VMworld 2016
    • VMWorld 2015
    • VMWorld 2014
  • vExpert
  • Back-to-Basics
    • The Class Room
  • VMUG Advantage
  • Book Reviews