Security with VMware NSX Data Center

Confidential │ ©2019 VMware, Inc.

Security withVMware NSX Data Center

Brian WilsonSLED SEM SDDC East25 February 2020

2Confidential │ ©2019 VMware, Inc.

“In short, software is eating the world.”

Marc Andreessen

General Partner, Andreessen Horowitz and Netscape co-founder

Confidential │ ©2019 VMware, Inc. 3

ESX

NSX Evolution

BRANCH

DC

EDGE/IOT

PUBLIC CLOUD

PRIVATE CLOUDvSphere


vSphere

BRANCH

BRANCH

EDGE/IOT

TELCO/NFV

BRANCH

BRANCHDCDC

DC

EDGE/IOT

Virtual Cloud NetworkNSX Evolution

Tied Together.Everywhere.

vRNI

CLEAR VISIBILITY

Virtual Machines | Containers | Bare Metal

VCN


The Foundation of the Virtual Cloud NetworkVMware NSX Portfolio

NETWORK AND SECURITY VIRTUALIZATION

Security Integration Extensibility Automation Elasticity

NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION

vRealize AutomationEnd-to-end workload automation

Network InsightNetwork discovery and insights

Cloud-Based Management Workflow Automation Blueprints / Templates Insights / Discovery Visibility

AppDefenseModern application

security

NSX SD-WANby VeloCloud

WAN connectivity services

NSX Data CenterNetworking and security for data center workloads

NSX CloudNetworking and

security for Public Cloud workloads

NSX Hybrid ConnectData center and cloud

workload migration

NSX IntelligenceSecurity Analytics


How does VMware NSX Data Center deliver on the promise of network virtualization?


There Has Been a Lot of Innovation and Virtualization in the Data CenterThe Data Center Networking Challenge

Except for one area…

Compute Storage Networking


The Lack of Networking Virtualization is Holding Back Your Ability to…The Data Center Networking Challenge

Keep up with the pace of business

Secure your data centers

Control cost

Compute Storage Networking


From Data Centers to Centers of Data

IOT / BRANCH

CLOUD

SaaS

PaaS IaaS DATA CENTER

SECURITY AND CONTROL


SaaS

PaaS IaaS

IOT / BRANCH

CLOUD

DATA CENTER

SECURITY AND CONTROL

From Data Centers to Centers of Data


NSX Data Center

DATA CENTER

Virtualization Layer

NSX Platform

Physical Infrastructure

Hypervisor


NSX Data Center

DATA CENTER


NSX Platform

Workloads

vSwitch


NSX Data Center

DATA CENTER


NSX Platform

Workloads

vSwitch


NSX Data Center

DATA CENTER


NSX Platform

Workloads

vSwitch


NSX Data Center &NSX Cloud

DATA CENTER CLOUD

vSwitch

Native Clouds

VMware Clouds

16©2019 VMware, Inc.

Networking in the Multi-Cloud EraFirst & only network & security platform across all apps, sites, and clouds. VM, Container, Physical, Private, Public

Network Infrastructure as

Code

Ops. Simple. Consistent.

Cloud Scale Platform

Intrinsic Security

Bare-metalVMs VMwareCloud

Public Cloud

PhysicalSwitching OutpostsContainers


Ops. Simple. Consistent.The simplest way to run your network

Bare-metalVMs VMwareCloud

Public Cloud

PhysicalSwitching OutpostsContainers

Day 0Install in one click

Day 1Guided configuration with

end-to-end network visibility

Day 2UI built for anyone to run the

network

In one place, wherever your app runs

Intrinsic SecurityNetwork Infrastructure as Code Ops. Simple. Consistent. Cloud Scale

Platform


Cloud-Scale Platform, for Anyone

From Four Hosts

• Install in one click

• Guided configuration with end-to-end network visibility

• UI built for anyone to run the network

To A Thousand Hosts

• Hardware Accelerated Performance (DPDK) on distributed, centralized, and bare-metal network services

• Carrier-Grade Networking at Scale thousands of hosts, multi-tenant, IPv6,

• ResilientNew clustered distributed platform, iBGP, Inter-SR, Multipath AS, BFD convergence


Platform


Intrinsic Security

Baremetal

VMsVMC

on AWS

Public Clouds,

AWS, AzureContainers

Micro-segmentation

Zone Firewalling

Realtime visibility

Net-SecAnalytics

Data Center Branch VMC Cloud


Platform Intrinsic Security

Unified Management Plane

Layer 4-7

Edge appliance

URL Classification

Layer 4-7

Identity Firewalling

URL Whitelisting

Endpoint Protection


What’s New in NSX-T 2.5 Advanced Analytics &Visibility, Multi-Cloud & Security

Analytics & Visibility

Flow-based analytics and visibility for VMs and containers

Multi-Cloud Security

Flexible bimodal cloud policy enforcement

Extended Security

Extended L7, service insertion, and VPN capabilities

Operational Simplicity

Simplified Firewall Operations and Capacity monitoring

Enhanced ComplianceFIPS 140-2 Compliance and Reporting

21©2019 VMware, Inc.

NSX Data Center Use Cases

Security Multi-Cloud Networking

Automation Cloud-NativeApps


Our Security RealitiesWhen Threats Breach the Perimeter, It’s Hard to Stop Lateral Spread

Low priority systems are often targeted first

Attackers can move freely around the data center

Attackers then gather and exfiltrate the valuable data

Network Perimeter

Internet


What If You Could…Build in Zero Trust at the Most Granular Level of the Data Center?

Every Workload can have:

Individual firewalls

Individual security policies

Policies can be defined based on any context

VM attributes

Network attributes

Application attributes

PCIScope

Network Perimeter


Challenges with Traditional Network Operations Tools

Traditional network management tools are inadequate for modern virtual networks and multi-cloud environments

24

Siloed, Complex Tools

New, Dynamic Environment

Operational visibility, control, and compliance are challenging

NetFlow Analyzers

Packet-Capture Solutions

Network Management Tools

Lack end-to-end troubleshooting

Not scalable, lack security perspective Lack visibility into

virtual network and security infra

Limited Visibility


VMware Network InsightAccelerate application security and networking across private, public, and hybrid clouds

25

Use Cases

Plan Application Security and Migration

• Accelerate micro-segmentation deployment

• Troubleshoot security for SDDC, native AWS, and hybrid applications

• Minimize business risk during application migration

Optimize and Troubleshoot Virtual and Physical Networks

• Reduce mean time to resolution for application-connectivity issues

• Optimize application performance by eliminating network bottlenecks

• Audit network and security changes over time

Manage and Scale NSX

• Scale across multiple NSX managers

• Boost uptime by proactively detecting misconfiguration errors

• Ensure compliance for NSX

Visualization

Interfaces

NSX IntelligenceA powerful Network and Security Analytics platform

Intelligent Policy Formulation

Security Analytics

Network Analytics

( … )

NSX Intelligence Platform

Distributed Analytics Single Pass Inline Processing Layer 2 to Layer 7

(…)

vRealizeNetwork Insight

3rd party Threat Intelligence


“ I can’t overstate how much easier it is with NSX-T to ensue that all the environments with cardholder data is segmented into their own little section of the network.”

Nesta CampbellSenior Systems Administrator


The SDDC Is Not Fully AutomatedNetworking & Security are often manual, causing bottlenecks

Networking and security is manual, slow, error-prone

Deploying and moving apps has significant time and resource costs

Decommissioning apps is highly labor intensive

Minutes

Multiple days

Minutes

Any updates restart the process again

Networking Package DeploymentCompute

MonitoringSecurityStorage


Automated Networking & SecurityCompletes the Vision of the SDDC

Networking and security handled in software

App services can be blueprinted and consumed in self-service portals

Blueprinted policies follow apps throughout lifecycle

Minutes

Networking Package DeploymentCompute

MonitoringSecurityStorage

NSX DataCenter

vRealize Automation

Blueprints


NSX for Cloud-Native AppsCloud-Native Network Services Platform for Cloud-Native Apps

Enterprise-grade networking & security for containers

Automated with platform integration, architected in as part of developer workflow

Consistent policy across traditional & cloud-native apps

Microservices visibility, connectivity, security & load balancing

On-Premises – vSphere, Bare-metal and KVM

Business App 2 / LOB 2

CF K8s

Business App 1 / LOB 1

CF K8s

NSX Platform


The result of organizational silos Multi-Cloud Challenges

Manual Process

Private Cloud Public Cloud Public Cloud Public Cloud

Security Policies

Security Policies

Security Policies

Security Policies


Ready for the future

Reinvent Wide Area Networking (WAN)

Reinvent security

Expand the network

Value from the network

Rethink networking

Software-Defined Data Center

Nicira

Insights

Automation

Multi-Cloud andMulti-Hypervisor

App Security

Connectivity and Hybridity

Network Virtualization

NSX

Network Insight (Arkin)

vRealize Automation

NSX-T

AppDefense

Micro-Segmentation

vSphere Distributed Switch

NSX SD-WAN by VeloCloud

NSX Hybrid Connect

Container Frameworks Pivotal Container Service (PKS)

Public Cloud AWS, IBM and Azure

Virtual Cloud Network

VMware Advancing Business Transformation with Networking and Security in Software


Driving value with our NSX partner ecosystem

Cloud Network Infrastructure

Networking & Security Services

Orchestration & Management

HCI Platforms

vSANReady Node

BARE METAL

vRealize Automation

vCloud Director

vRealize Orchestrator VIO

Network Insight

Log Insight


VMware Networking Customer and Partner Momentum

Approaching 10,000NSX customers

Broad AdoptionSmall-to-large enterprises

across all verticals

82%Of the Fortune 100 run NSX

70%Fortune Global 500 Telcos


You don’t need to go it alone. VMware is here to help you every step of the way.

We’ve helped thousands of organizations succeed with NSX through

Professional Services

Training

VMUG community


Where to Get Started

Join the NSX VMUG Communityvmug.com/nsxConnect with your Peerscommunities.vmware.com

Embrace the NSX Mindsetnsxmindset.comFind NSX Resourcesvmware.com/go/networkingRead the Network Virtualization Blogblogs.vmware.com/networkvirtualization Free Hands-on Labs

Test drive NSX with expert-led or self-paces hands-on labslabs.hol.vmware.com

VMware Education - Training and Certificationvmware.com/go/nsxtraining

Free NSX Training on Courseravmware.com/go/coursera

Engage and Learn

Try

Take

http://vmug.com/nsx

https://communities.vmware.com/community/vmtn/nsx

http://www.vmwarensxmindset.com/

http://www.vmware.com/go/networking

http://blogs.vmware.com/networkvirtualization

http://labs.hol.vmware.com/

http://www.vmware.com/go/nsxtraining

http://www.vmware.com/go/coursera


Thank You

Documents

Security with VMware NSX Data Center