With the number of virtualized compute resources and workloads continuing to increase, it’s inevitable that organizations worry about how to protect all those valuable, virtualized resources. Fortunately, VMware created VMware NSX virtual networking with micro-segmentation.
“Micro-segmentation” is pretty big word for a fairly simple idea. It sounds complicated, but it’s really not.
Traditional networking and security has been around for a long time, and conventional network engineers have become experts at protecting the traditional network. But computing has evolved with the pervasive nature of virtualization, so the network needs to evolve as well.
Most organizations have already deployed next-generation firewalls, security access lists and maybe even an intrusion-detection and prevention system. But it’s still not enough. When the executives ask, “Are we as protected as possible?” most network and security engineers know the answer is, “no.” Even with expensive Host Intrusion Detection and Prevention Systems there are still gaps in endpoint security.
The challenge with traditional network security is that it’s tied to physical devices and interfaces. In the optimized, virtualized computing world, workloads are continually moving from host to host to ensure each workload always has the resources available to get the job done.
But when a workload moves to a different host, using a different physical network interface, all of the security that was assigned to the previous network interface is no longer able to protect that workload. VMware NSX overcomes this physical limitation by staying with the workload. In the software-defined data center, VMware NSX installs directly into the kernel of every hypervisor on the network.
With VMware NSX in the software-defined data center, your old headaches of having to individually manage ports, IP addresses, and access lists all becomes part of the NSX policy engine. You define, in software policies, how you want your virtualized workloads to behave, and VMware NSX ensures those policies are consistently applied, even when workloads move to different places on the network.
One of the most common complaints we hear from IT executives is that project work takes far too long because every engineer is busy, “fighting fires” or simply, “keeping the lights on.” Deploying VMware NSX means network security can now be applied to east-west traffic without the traditional change management process needed to maintain complicated, hard-to-manage firewall and access control rules. This changes the security engineer’s mode of operation from constantly reactive, to proactive.
VMware NSX is also an outstanding gateway into newer technologies such as the software-defined data center, and VXLAN. VXLAN is significantly less complicated to implement on VMware NSX than in hardware.
Adoption of VMware NSX couldn’t be easier for two fundamental reasons: It’s software, so there’s nothing to unbox, rack, and cable, and it leverages the familiar vCenter interface virtualization teams have been using for years.
Another key feature of software-defined networking is the ability to implement multi-tenancy to support different environments, such as a test environment and a production environment. The elegance of the VMware NSX solution is that both environments can implement identical, overlapping IP address ranges that NSX maintains as separate and distinct. This enables test to resemble production more closely without the need to purchase and maintain separate hardware networking environments.
VMware has taken even more steps to bring NSX to heterogeneous or non-VMware environments. VMware NSX-T version 1.1 is the next evolution of the VMware multi-hypervisor virtual networking product. This allows organizations running hybrid or non-VMware hypervisors to take advantage of VMware NSX.
For these reasons: Ease of implementation, a familiar user interface, software-defined networking, multi-tenancy, and cross-platform support, organizations are moving to VMware NSX.
To learn more about VMware NSX and how NSX can transform your organization, visit www.keyinfo.com/networking-hybrid-architecture/.