Improve Network Security with VMware NSX

How Microsegmentation Increases Security

Network Virtualization with VMware NSX

Network Virtualization with VMware NSX: How Microsegmentation Increases Security

The risk of cyber-attacks is increasing. With digitization, the attack surface is growing, and cyber criminals are becoming more and more sophisticated. It is no longer sufficient to simply secure your networks with perimeter firewalls. You also need internal protective walls. VMware NSX enables firewalls to be implemented even for the smallest segments - and thus considerably increases IT security.

How microsegmentation works can be illustrated with a simple example: Everyone knows the ruse of the Trojan horse. Thus, the ancient Greeks succeeded in invading Troy unnoticed. But what if all the houses in the city had also had their own protective wall? The soldiers would have stood in front of closed doors everywhere and the attack would have failed.

Detach Network Services from the Hardware

Today, virtualization is a must to make IT infrastructures more agile and scalable. But while most companies are already using server virtualization, networks are often still trapped in hardware. This setup slows down progress and makes better protection more difficult. Hardware-bound network services are complex to manage, less scalable and more cost-intensive. Every single component must be configured by hand down to the smallest detail and expanding or rebuilding the network takes a lot of time. Firewalls ensure security in the network. But today you no longer only need them on the perimeter, but also in the internal area. Ideally, each individual system would be surrounded by its own protective wall. In hardware-bound networks that would be unaffordable and highly complex.

Virtualized networks make the impossible possible. They decouple the network services switching, routing, load balancing and firewalling from the hardware and make them available as software. That doesn't mean you don't need any hardware at all - the existing devices will continue to be used. However, your only task now is to transport the data packets. All intelligence and control migrates to the software and can therefore be managed separately from the hardware. The virtual network forms an overlay network: a virtual layer that is simply placed over the physical network. This has many advantages. Administrators can manage all components in the network from a central console and automate processes. This enables them to plan, set up or remodel networks faster. Above all, however, virtualization makes it possible to implement advanced security concepts.

A Separate Firewall for Even the Smallest Network Segment

Since firewalls are implemented on the software side in virtual networks, they can be deployed in next to no time. Whether 10, 100 or 10,000 firewalls - the costs always remain the same and are already included in the virtualization solution. This enables companies to carry out microsegmentation. They can divide their network into the smallest, protected areas and control all communication paths between these areas through firewalls. If an attacker succeeds in overcoming the outer perimeter firewall, he can still hardly cause any damage because he is right in front of the next protective wall.

Automated Security with VMware NSX

For those who already use VMware solutions for server virtualization, VMware NSX is the best solution for network virtualization. The software does not run in an additional virtual machine, but directly in the hypervisor which means that the network services are available at high performance. Even with thousands of firewalls in operation, network performance remains unaffected. Administrators see all systems in their central dashboard and can configure them from there. From here, the security rules are distributed to the hypervisors and you can control what each VM is allowed or not allowed to do. Since the policies are linked to the virtual machine, they automatically migrate with it if the VM is moved to another host, for example with vMotion.

A Separate Firewall for Even the Smallest Network Segment

Since firewalls are implemented on the software side in virtual networks, they can be deployed in next to no time. Whether 10, 100 or 10,000 firewalls - the costs always remain the same and are already included in the virtualization solution. This enables companies to carry out microsegmentation. They can divide their network into the smallest, protected areas and control all communication paths between these areas through firewalls. If an attacker succeeds in overcoming the outer perimeter firewall, he can still hardly cause any damage because he is right in front of the next protective wall.

Automated Security with VMware NSX

For those who already use VMware solutions for server virtualization, VMware NSX is the best solution for network virtualization. The software does not run in an additional virtual machine, but directly in the hypervisor which means that the network services are available at high performance. Even with thousands of firewalls in operation, network performance remains unaffected. Administrators see all systems in their central dashboard and can configure them from there. From here, the security rules are distributed to the hypervisors and you can control what each VM is allowed or not allowed to do. Since the policies are linked to the virtual machine, they automatically migrate with it if the VM is moved to another host, for example with vMotion.

Integration of Security Solutions from other Manufacturers

To further increase security, VMware NSX enables third-party security solutions to be integrated. For example, companies can integrate a virus scanner or a Next Generation Firewall (NGF). These are simply docked to the virtualized or physical network card. If additional checks are to be carried out, the NSX firewall forwards data packets to the NGF. Virus scanning can also take place at a central point in the network and be managed centrally. If a scanner finds something suspicious, the affected VM is immediately removed from the network and examined calmly. This means that pests cannot spread further.

Integration of Security Solutions from other Manufacturers

To further increase security, VMware NSX enables third-party security solutions to be integrated. For example, companies can integrate a virus scanner or a Next Generation Firewall (NGF). These are simply docked to the virtualized or physical network card. If additional checks are to be carried out, the NSX firewall forwards data packets to the NGF. Virus scanning can also take place at a central point in the network and be managed centrally. If a scanner finds something suspicious, the affected VM is immediately removed from the network and examined calmly. This means that pests cannot spread further.

Get Started Step by Step

You can greatly improve network security with VMware NSX. You don't have to roll out the new solution in one fell swoop either – you can get started slowly, step by step. You can continue to use your existing hardware and your physical network. Gradually, you can move functions to virtualization. We'll gladly assist you. In a free workshop we explain NSX to you in a practical way. If you wish, we can also conduct an assessment in which we analyze your network and show you how you can close it with NSX.

SoftwareONE is a long-term VMware partner. We support you in optimizing your VMware workloads, planning and implementing cloud projects as well as managing your VMware licenses and their compliance. Together we will find the right solution for your requirements and support you every step of the way.

VMware Partner Logo

Improve Network Security with VMware NSX

We can support you in optimizing your VMware workloads and ensuring they remain secure. Learn more about our VMware Advisory Services today!

Learn more

Improve Network Security with VMware NSX

We can support you in optimizing your VMware workloads and ensuring they remain secure. Learn more about our VMware Advisory Services today!

Learn more

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Oliver Siems - IT Consultant - Cloud and Virtualization

Oliver Siems

IT Consultant

Cloud and Virtualization

Related Articles

security-is-not-privacy-ways-to-keep-personal-data-secure
  • 14 October 2020
  • Bala Sethunathan
  • Managed Security, Cybersecurity User Awareness, Cybersecurity
  • Data Security, Data Backup

Security is Not Privacy: Ways to Keep Personal Data Secure

Organizations must know the difference between data security and privacy, the ways your data could be compromised, and how to keep it secure.

IT Insights in September 2020
  • 08 October 2020
  • Blog Editorial Team
  • IT Market, Publisher Advisory
  • Trends, News, Updates, Microsoft

IT Insights in September

What has been going on in the world of IT lately? Find out by reading our monthly summary of the most important vendor and tech news.

6 Enterprise Email Security Risks
  • 07 October 2020
  • Bala Sethunathan
  • Managed Security, Cybersecurity, Cybersecurity User Awareness
  • Managed Security Services, Spoofing, Vishing, Cyber Security, Cyber Attack

6 Enterprise Email Security Risks

When employees use their email, they could be vulnerable to risks. Read this post to understand what these risks are and how to protect against them.