VMware NSX, the network virtualization and security solution, enables the creation of networks in software and effectively embeds them in the hypervisor layer. VMware NSX also embeds security functions into the hypervisor, delivering microsegmentation and granular security to individual workloads—delivering a fundamentally more secure data center. NSX enables security policies to travel with specific workloads, independent of where they are in the network topology.
The VMware publication – An Introduction to the Security Advantages of Micro-segmentation – addresses three ways that microsegmentation (via network virtualization) delivers data center security.
- Isolation and Segmentation. One important element to network security is keeping your development, test, and production environments separate from each other. With virtualization, this separation is inherent to the technology unless you connect them. Another capability inherent in virtualization is network segmentation, which allows you to assign different trust levels depending on the network segments.
- Least Privilege and Unit-Level Trust. East-west security threats cannot be addressed with traditional network security. With microsegmentation, however, you can achieve a positive control model. As VMware says, “You can achieve a positive control model over east-west threats by establishing multiple trust boundaries at an extremely fine level of granularity and applying appropriate policies and controls to individual workloads in the data center. As a result, you can exercise the capabilities of least privilege and unit-level trust—explicitly identifying flows that are allowed on the network and blocking everything else. By contrast, negative control only defines traffic that is not allowed and implicitly permits the rest.”
- Ubiquity and Centralized Control. It’s no longer possible to put everything behind a firewall, but since security functions are part of the technology itself with microsegmentation and virtualization, security can be ubiquitous and persistent for every workload. By tying security policies to the virtual network, you get what VMware calls “centralized control with granular enforcement.” This maintains a fast reaction to security threats even if the physical IP address changes.
VMware NSX leverages Software-Defined Networking (SDN) to provide better visibility into on-going attacks and can adapt your security posture automatically. NSX reduces your risk to growing threats through microsegmentation of your network helping you realize the full potential of your Software-Defined Data Center (SDDC).