BlogVxRail and NSX-V – Delivering Built-In Security for Hyper-Converged Infrastructure

Delivering Built-In Security for Hyper-Converged Infrastructure

The Dell EMC VxRail Appliance, the ideal platform for IT infrastructure and security transformation, delivers a secure, present-day hyper-converged infrastructure solution. Developed with VMware, VxRail is designed to defend the data center against today’s evolving cyber-attacks. A dynamic virtual environment such as VxRail stands to benefit from the inherent flexibility provided by Software Defined Networking (SDN). The simplest way to provide SDN on VxRail is with VMware NSX-V, or NSX for vSphere.

A big part of NSX’s success over the past few years was driving home the killer micro-segmentation use-case. Security is a pain point for every company and most have robust budgets or allocations to improve security. To champion this internally, many organization’s CIO, CISO / CSO and other senior security leaders promote the success of NSX in solving the following security challenges:

  • East-west security across the data center
  • Security for VDI environments
  • Security between VMs (simple network)
  • Security for multiple zones (DMZ, internal)
  • Security for multi-tier applications

The Dell EMC white paper – VxRail: Comprehensive Security by Design – outlines a number of organization benefits of using NSX-V with VxRail that are worth sharing:

  1. The ability to apply security policies closest to the workload. Security policies are applied in software and the security controls move with the workload between hosts in the cluster.
  2. Simplified management with security is integrated with the vSphere stack and managed centrally through vSphere Web Client and NSX Manager plug-in.
  3. Consistent and automatic security controls using groups and policy. Workloads are automatically identified and dynamically placed within the correct security posture.
  4. Efficient implementation of security controls at the hypervisor level reduces application latency and bandwidth consumption when compared to external or perimeter-based security controls.
  5. DMZ-level isolation to control ingress and egress for both internal and external clients from the Internet using appropriate allow-and-deny rules to control traffic.
  6. Detection and blocking of spoofed virtual machine IP addresses using the SpoofGuard feature.
  7. Identity Firewall that allows an NSX administrator to create Active Directory user-based DFW rules.
  8. Integrates with third party security services such as Intrusion Detection and Intrusion Prevention (IDS/IDP).

NSX-V together with VxRail helps deliver a truly converged appliance with network security built-in, versus on the perimeter. Because security controls are part of the appliance, new applications are more easily and quickly deployed.

To learn more about the benefits of VxRail and the security it can deliver with NSX-V, download the whitepaper below.

Download the whitepaper: VxRail: Comprehensive Security by Design


 

About the Author

Dave Bratton

Dave Bratton, Vice President of Architectural Services

Throughout his 20-year career in IT operations, Dave Bratton has helped companies transform at key junctures using his extensive knowledge of enterprise infrastructure management and IT economics. As the Director of Service Delivery at ASG, Dave develops strategic, five-year plans that help companies develop operational and technological innovations.