NSX 9 Core Use Cases
Download as PPTX, PDF1 like781 views
NSX provides micro-segmentation that allows each machine to have its own firewall, preventing attackers from moving freely within the datacenter. It also provides security for virtual machines and mobile devices accessing infrastructure resources. NSX enables scaling resources up and down without compromising security, including using it for developer clouds, multi-tenant infrastructure, disaster recovery, hybrid networking, and metro pooling across datacenters with Layer 2 stretching.
NSX 9 Core Use Cases
- 1. © 2015 VMware Inc. All rights reserved. NSX Core Cases Secure & Scale Beyond the Network.
- 2. Today’s Network / Security Paradigm. Why Are We Still at Risk? Little or no lateral controls inside perimeter Low priority systems are targeted first. Attackers can move freely around the data center. 10110100110 101001010000010 1001110010100 Attackers then gather and exfiltrate data over weeks or even months. Internet Data Center Perimeter
- 3. Today’s Network / Security Paradigm. It’s Not Just Servers, but Users and the Controls. …and controls make it even harder to manage. VDI to VDI Desktop-to-desktop hacking inside the DC VDI to VM Desktop-to-server hacking inside the DC Bringing desktops into the data center opens up new risks for attack. And a matrix of policies is needed on centralized, choke-point firewalls for the correct security posture. Finance HR Engineering
- 4. Security. Secure holistically from the Datacenter, to the VM, to the Network and beyond. 1. Datacenter Security1 Data Center Perimeter Internet DMZ • Micro-segmentation allows each machine to retain it’s own hypervisor level firewall. • Attackers can no longer move freely once access is gained to the datacenter. • Virtual machines retain their firewall security as the migrate to ensure portability and security retention. • The firewall is outside the scope of the VM, ensuring attackers are unable to compromise from the VM
- 5. Security. Secure holistically from the Datacenter, to the VM, to the Network and beyond. 1. Virtual Machine Security2 • Firewall and filter traffic for VMs based upon logical groupings, or based upon provisioning for VDI • Threats to the datacenter from user interaction are eliminated through micro-segmentation • Service-chaining with AV and NGFW partners deliver automated, policy integrated AV/malware protection, IPS/IDS, etc. FinanceMarketing HREngineering • The attack surface increases when all machines are consolidated into a single infrastructure • VDI deployments increase complexity for security due to user interaction and internal access of trusted resources.
- 6. Security. Secure holistically from the Datacenter, to the VM, to the Network and beyond. 1. Mobile Device Security3 • Mobile devices gain access to infrastructure resources through mobile applications • Users cannot discern which data they’re interacting with, and datacenter controls cannot programmatically manage control • Administration can granularly control which data streams are secured • Control can be applied per device, per user/group or based upon business case or point of access, etc. • NSX and AirWatch together can address the issue of "overprovisioning," in which users get access to more apps and data that they need to do their jobs
- 7. Scale & Elasticity. Create the ability to scale and shrink as needed, while not compromising security. 1. IT Automation4 IT automating IT • Faster project on boarding Elastic Services • Streamline Security Enforcement • Mergers & Acquisition Developer cloud • Leverage vSphere investment • Faster application development • Brings power of cloud on-prem Multi-tenant infrastructure • Robust security to isolate each tenant organization • Multi-tenancy for legacy apps Switching Routing Load Balancing Connectivity to Physical Networks Firewalling VPN Data Security Activity Monitoring
- 8. Scale & Elasticity. Create the ability to scale and shrink as needed, while not compromising security. 1. Developer Clouds5 • NSX can be used in a DevOps model, setting up developer environments through APIs quickly. • Using libnetwork, containers can leverage strong, granular security in real time. • libnetwork is a community supported framework that enables Docker plugin models and has been endorsed by the networking community • Containers all share the same kernel. If a contained application is hijacked with a privilege escalation vulnerability, all running containers and the host are compromised. • Since containers are effectively managed by the kernel, a kernel- level exploit has the opportunity of compromising the applications running inside containers
- 9. Scale & Elasticity. Create the ability to scale and shrink as needed, while not compromising security. 1. MultiTenant Infrastructure • NSX provides isolation between different groups within an organization, or different tenants • Some companies need isolation but may also want overlapping IP addresses for multitenancy, or for going from development and testing into production, and NSX can provide this • NSX integrates directly into VMware’s vRealize Automation platform, allowing for self service creation of secure, scalable networks across tenants and platforms 6
- 10. 1. Disaster Recovery7 • NSX plays a big role in disaster recovery scenarios, ensuring that networking and security configurations are kept in place when a failure occurs and workloads have to be moved across data centers • NSX can also ensure that firewalls and networking constructs are protected to provide ease of recovery and solidity of business continuity Security. Secure holistically from the Datacenter, to the VM, to the Network and beyond. vCenter B / SRM B Prod_Web_V130 Prod_Web_V130 Prod_Web_V120 Prod_Web_V120 Prod_Web_V110 Prod_Web_V110 Universal Logical Switch vCenter A / SRM A Implicit Mapping Implicit Mapping Implicit Mapping Primary Secondary Data Center 2Data Center 1 SRM-based Disaster Recovery
- 11. Scale & Elasticity. Create the ability to scale and shrink as needed, while not compromising security. 1. Hybrid Networking Services8 • NSX is a key enabling technology for moving workloads between different clouds • NSX is also part of VMware's "cross-cloud vMotion" technology, which allows running virtual machines to be moved from a private cloud to a public cloud.
- 12. L2 Extensions Scale & Elasticity. Create the ability to scale and shrink as needed, while not compromising security. 1. Metro Pooling9 • NSX makes it possible for customers to run virtual data centers in which compute, storage and networking are all driven through the hypervisor. Admins can use NSX to create pools of resources, each with their own distinct service level agreements and quality of service rules, which is core to the cloud computing model. • NSX lets customers run an app in multiple data centers with Layer 2 stretched across them