Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Similar documents
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Hybrid Cloud Solution

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Cloud Foundation Real-World Success with Professional Services

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

A Practitioner s Guide to Migrating Workloads to VMware Cloud on AWS

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Management Product Overview and Glimpse into the Future

Redefining Hybrid Cloud Management with vcenter Hybrid Linked Mode

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

VMware Cloud Provider Platform

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Redefine: Enterprise Hybrid Cloud

VMworld 2018 Content: Not for publication or distribution

What You Need to Know About OpenStack + VMware

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

DISASTER RECOVERY- AS-A-SERVICE FOR VMWARE CLOUD PROVIDER PARTNERS WHITE PAPER - OCTOBER 2017

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer

Disclaimer CONFIDENTIAL 2

IBM Cloud IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager and BCDR Leader VMware on IBM Cloud VMworld 2017 Content: Not for publicati

VMware vrealize Suite and vcloud Suite

What s New in VMware vcloud Automation Center 5.1

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Introducing VMware Validated Design Use Cases

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Build an Integrated Software-Defined Data Center Stack with VMware

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMWARE MICRO-SEGMENTATION AND SECURITY DEPLOY SERVICE


Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

IBM Cloud for VMware Solutions

What's New in vsphere?

VMware Cloud on AWS Technical Deck VMware, Inc.

Introducing VMware Validated Designs for Software-Defined Data Center

VMware Cloud on AWS Adoption in the Enterprise

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

1V0-642.exam.30q.

Introducing VMware Validated Designs for Software-Defined Data Center

Introducing VMware Validated Designs for Software-Defined Data Center

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

The Old School Cloud Is No More: Running Your Microsoft Applications on AWS

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Dedicated Hosted Cloud with vcloud Director

Virtustream and VMware Enable Mission-Critical Hybrid Cloud

Improve Existing Disaster Recovery Solutions with VMware NSX

The Latest EMC s announcements

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMworld 2013 Overview

Hybrid Cloud for the Enterprise

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Anything-as-a-Service. Name

VMware Cloud on AWS is now available! #LHC3 159SU CONFI 2 DENTI

VMware Cloud on AWS The Next Generation Hybrid Cloud Architecture

What s New with VMware vcloud Director 9.1. Feature Overview

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer CONFIDENTIAL 2

VMworld 2015 Track Names and Descriptions

OVH: How We Changed the vsphere Cloud Paul Stephenson Staff SE Neal Elinski Technical Product Manager

Back To The Future - VMware Product Directions. Andre Kemp Sr. Product Marketing Manager Asia - Pacific

The Software Defined Data Centre & vsphere 6.5 The foundation of the hybrid cloud Barry Coombs

F5 VMware Virtual Community Roundtable. VMware Alliance F5

How Hybrid Cloud Accelerates IT Transformation

Customer Case Studies on Accelerating Their Path to Hybrid Cloud

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Disclaimer CONFIDENTIAL 2

VMworld 2015 Track Names and Descriptions

LEAD YOUR CLOUD TRANSFORMATION. Copyright 2013 EMC Corporation. All rights reserved.

The Evolution of Data Center Security, Risk and Compliance

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

ForeScout CounterACT. Configuration Guide. Version 1.1

CSP 2017 Network Virtualisation and Security Scott McKinnon

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Workload Mobility and Disaster Recovery to VMware Cloud IaaS Providers

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Transcription:

LHC1753BU Case Study: How VMware NSX Is Empowering a Service Provider to Help Customers Achieve and Maintain Industry Compliance VMworld 2017 Content: Not for publication #VMworld #LHC1753BU

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. CONFIDENTIAL 2

LHC1753BU Case Study: How VMware NSX Is Empowering a Service Provider to Help Customers Achieve and Maintain Industry Compliance VMworld 2017 Luke Huckaba, Principal Architect, Rackspace Anand Iyer, Global Product Marketing, VMware Content: Not for publication #VMworld #LHC1753BU

VMware Cloud Provider Name Change Is Now 4

What Can a VMware Cloud Provider Do for You? BENEFITS / RESULTS 4500+ Cloud Providers globally Seamless integration with vsphere Same operational tools onpremises and in the cloud Value-added services, including management and support Easy on-ramp to the cloud for existing vsphere workloads VMworld 2017 IaaS Cold and Warm Migration Seamless Connectivity (L2VPN Client) Managed Hosting Disaster Recovery Desktop as a Service SDDC + vcloud Director Content: Not for publication Value Added Services 5

Agenda 1 About the Case Study 2 VMware NSX Distributed Firewall Overview 3 Planning 4 Implementation 5 QSA Review 6 Ongoing Maintenance 6

About the Case Study

About the Case Study What it is: Rackspace PCI-DSS certification for management infrastructure What is is not: Rackspace customer certification Customers attain their own certification Problem: Systems in-scope for PCI are comingled in same L2 network as non-pci systems Option 1: Re-IP Option 2: Deploy VMware NSX Distributed Firewall for microsegmentation VMware s NSX Distributed Firewall leveraged to microsegment each environment 8

VMware NSX Distributed Firewall Overview

VMware NSX Distributed Firewall Overview Software VIB that runs on each ESXi host Stateful software firewall Firewall rules are applied to traffic in between the vnic and the vsphere Distributed Switch Layer 2, 3 & 4 firewall rules, and up to layer 7 with 3 rd party vendors/integrations Single management plane per vcenter 10

VMware NSX Distributed Firewall Overview An NSX for vsphere network is made up of distributed network elements embedded in each hypervisor, NSX for vsphere firewalling: fully distributed, embedded in every hypervisor in the data center enabling each VM to have its own firewall Firewalls/policies provisioned simultaneously with VMs Policies move with their VMs Retiring a VM deprovisions its firewall no possibility of stale rules State persistent across VMware vmotion 11

Planning

Planning Documentation is king! Follow an outside-to-in and inside-to-out approach Audit all traffic flows What systems access the VMs from outside of the virtual environment? Inter-VM communication across multiple vcenters Which VMs inside the virtual environment access systems outside of the environment? Inter-VM communication from within the same vcenter 14

Planning Outside Inside to in out VMworld 2017 Content: Not for Inside to out Outside to in Inter-VM traffic vcenter PCI Inter-VM traffic traffic publication Non-PCI 15

Planning Use a spreadsheet to group everything Four (4) key grouping objects IP Sets Group of single IPs, Subnets, IP Ranges Security Groups Group of VMs, IP Sets Services Protocol & ports Service Groups Group of services 16

Planning 17

Planning IP Sets 18

Planning Security Groups 19

Planning Services 20

Planning Service Groups 21

Planning Security Policies 22

Planning Applied Security Policies 23

Implementation

Implementation Follow your documentation Create IP sets first Create Security Groups IP Set 10.1.0.0/24 IP Set 10.2.0.0/24 IP Set 10.10.7.58 Security Group IP Set 10.4.0.0/24 10.5.0.0/24 Security Group Dynamic Security Group 25

Implementation Follow your documentation Create IP sets first Create Security Groups Dynamic, based on VM Name & Security Tag 26

Implementation Follow your documentation Create IP sets first Create Security Groups Static, based on IP Set 27

Implementation Follow your documentation Create IP sets first Create Security Groups Dynamic, based on virtual datacenter And Dynamically exclude based on objects 28

Implementation Follow your documentation Use Service Composer to create Security Policies Offering a service or consuming a service? Where is the traffic initiated from? vcenter 29

Implementation Follow your documentation Use Service Composer to create Security Policies Offering a service Consumers Service Security Group 30

Implementation Follow your documentation Use Service Composer to create Security Policies 31

Implementation Follow your documentation Use Service Composer to create Security Policies Consuming a service Application Service Service Security Group 32

Implementation Follow your documentation Use Service Composer to create Security Policies 33

Implementation Follow your documentation Use Service Composer to create Security Policies Apply policies to security groups Security Security Group Security Group Group Consumers Security Security Group Group Application Service Service Service Security Group Security Group 34

Implementation Follow your documentation Use Service Composer to create Security Policies Apply policies to security groups Security Security Group Security Group Group Security Security Group Group Service Security Group Security Group Service 35

Implementation Follow your documentation Use Service Composer to create Security Policies Dynamically builds firewall rules for you 36

Implementation After going over Service Composer, does this make better sense? 37

QSA Review

QSA Review Start with the spreadsheet Follow a top-down approach Cover all communications starting with IP Sets, Security Groups, Services, and Service Groups Provide overview and walkthrough of Service Composer & Security Policies Explain all firewall rules and how they re generated through Service Composer Create Auditor-role user in NSX if separate team needs to audit the firewall rules regularly 39

Ongoing Maintenance

Ongoing Maintenance Proper change control is a PCI requirement User A submits change request Member of governing group reviews and approves/denies change request Member of approved admins carries out change Maintain Approved spreadsheet Ticketing system to track all changes Update your spreadsheet! Regular audits Quarterly, semi-annually Validate what s in NSX is what s in the Approved spreadsheet 41

VMware Cloud Provider Sponsors Visit their booths at Solution Exchange! 42

Recommended Sessions VMware Cloud Partners Accelerate your digital business transformation with VMware Cloud Provider Partners. Learn more: cloudproviders.vmware.com SESSION ID NAME TIME LHC3139SU Spotlight Session: Achieving Success in a Multi-Cloud World Wednesday, 11:00 LHC1661BU Getting Started with the VMware Cloud Provider Program (Technical Tips and Tricks) Tuesday, 11:00 LHC1539BU Paving the Way to the Hybrid Cloud with VMware Cloud Service Providers and vcloud Availability Tuesday, 12:30 LHC1716BU On-Ramp to the Cloud: Migration Tools and Strategies Tuesday, 14:00 LHC2573BU Achieving Hybrid Cloud Data Agility Securely with VMware NSX Tuesday, 17:00 LHC1746BU Automating Disaster Recovery with vcloud Availability for vcloud Director and vrealize Orchestrator Wednesday, 8:00 LHC2424BU LHC2626BU LHC1753BU 200 to 40,000 VMs in 24 Months: Building Highly Scalable SDDC on Hybrid Cloud: Real-World Example Build VMware Powered Hybrid Clouds: See How vcloud Director and NSX work together to build true Hybrid Clouds Case Study: How VMware NSX Is Empowering a Service Provider to Help Customers Achieve and Maintain Industry Compliance Wednesday, 8:00 Wednesday, 11:00 Wednesday, 12:30 LHC1809BU Use NSX to Deploy a Secure Virtual Network Bridging Multiple Locations for a True Hybrid Cloud Thursday, 13:30 43

Thank You Luke Huckaba @ThepHuck

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback