Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Similar documents
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

This Presentation Will Discuss 1 NSX Infrastructure Communication 2 Using NSX Central CLI 3 Validating and Populating NSX Controller Tables 4 Controll

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Agenda Introduce NSX-T: Architecture Switching Routing Firewall Disclaimer This presentation may contain product features that are currently under dev

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

CASE STUDY INSIGHTS: MICRO-SEGMENTATION TRANSFORMS SECURITY. How Organizations Around the World Are Protecting Critical Data

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Network Virtualization Business Case

CSP 2017 Network Virtualisation and Security Scott McKinnon

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Practical Path to VMware NSX Nimish Desai - NSBU, VMware

NSX Data Center Load Balancing and VPN Services

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Hybrid Cloud Solution

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

Transforming IT: From Silos To Services

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

Accelerate Your Enterprise Private Cloud Initiative

Agenda Basecamp The Journey So Far Enhancements Into the Fear Zone Climbing The VM-Series Performance Peak New VM-Series Models and Licensing Best Pra

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Customer Case Studies on Accelerating Their Path to Hybrid Cloud

AKAMAI CLOUD SECURITY SOLUTIONS

IBM Cloud for VMware Solutions

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Cloud Foundation Real-World Success with Professional Services

DELL EMC VSCALE FABRIC

HCI mit VMware vsan Radikal einfach und vollständig in die SDDC Strategie integriert

Disclaimer CONFIDENTIAL 2

Please give me your feedback

The Software-Defined Enterprise

NET1846. Introduction to NSX. Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

Automated Security for the Real-time Enterprise with VMware NSX and Trend Micro Deep Security Chris Van Den Abbeele, Global Solution Architect, Trend

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

What You Need to Know About OpenStack + VMware

Building a Smart Segmentation Strategy

A Practitioner s Guide to Migrating Workloads to VMware Cloud on AWS

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

How Hybrid Cloud Accelerates IT Transformation

Converged Platforms and Solutions. Business Update and Portfolio Overview

Management Product Overview and Glimpse into the Future

Transforming Security Part 2: From the Device to the Data Center

1V0-642.exam.30q.

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

MODERNIZE INFRASTRUCTURE

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

Driving Business Outcomes: Cisco Data Center Innovation and Solutions

Rethinking Security: The Need For A Security Delivery Platform

NET1821BU THE FUTURE OF NETWORKING AND SECURITY WITH NSX-T Bruce Davie CTO, APJ 2

Dell EMC Forum. Martin Niemer 5.October VMware Inc. All rights reserved.

Data Center Micro-Segmentation

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

Cisco Start. IT solutions designed to propel your business

VMware Cloud Provider Platform

The Software Defined Data Centre & vsphere 6.5 The foundation of the hybrid cloud Barry Coombs

VMworld 2013 Overview

VMware Cloud on AWS is now available! #LHC3 159SU CONFI 2 DENTI

Accelerate Your Cloud Journey

REDEFINING THE ENTERPRISE

STREAMLINING THE DELIVERY, PROTECTION AND MANAGEMENT OF VIRTUAL DESKTOPS. VMware Workstation and Fusion. A White Paper for IT Professionals

What s New at VMware? The Software-Defined Data Center and Network Virtualization

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

NSX Experience Day Axians GNS AG

LEAD YOUR CLOUD TRANSFORMATION. Copyright 2013 EMC Corporation. All rights reserved.

Go Cloud. VMware vcloud Datacenter Services by BIOS

Cybersecurity. Securely enabling transformation and change

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

The Business Case for Network Segmentation

Ewolucja sieci w Data Center

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Realities and Risks of Software-Defined Everything (SDx) John P. Morency Research Vice President

Security Program Guide Security is designed from the outside in.

Enabling Fast IT. In the IoE era. Alberto Degradi DCV Sales Leader. November 2014

in collaboration with

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Transcription:

SAI1303BU Security with NSX. Greater Security in the Digital Business Age Alex Berger, NSX Product Marketing #VMworld #SAI1303BU

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. CONFIDENTIAL 2

Business demands Deliver applications faster to improve time to market Decrease business risk in an environment of advanced persistent threats C 7 1 0 Control costs and dreduce 2 l complexity Mwor V n o i t ibu r t s i d or n By 2020, atio60% of digital businesses t n e t on f t o :N o c lisuffer will major service failures b u p r due to the inability of IT security teams to manage digital risk. Gartner, Special Report: Cybersecurity at the Speed of Digital Business, May 2016. 3

From Monolithic Stack to Distributed Apps UI APP DB STORAGE APP DB DB STORAGE STORAGE STORAGE STORAGE APP DB WEB

The application is a network PERIMETER SECURITY 5

The application is a network PERIMETER SECURITY VMworld 2017 Content: Not for WAF IPS NGFW sfw ENC publication 6

Our approach is not working Security investments are increasing, yet the cost of breaches are rising faster Annual Cost of Security Breaches: $445B (Source: Center for Strategic and Int l Studies) VMworld 2017 Content: Not for Projected Growth Rate in IT Spend from 2014-2019: Zero (Flat) (Source: Gartner) Security as a % of IT Spend: 2012: 11% 2015: 21 % publication (Source: Forrester) IT Spend Security Spend Security Breaches 7

Network virtualization - a point of alignment Abstracting networking and security from the underlying infrastructure Data center Cloud Branch office IoT

NSX value proposition Virtualization layer Network, storage, compute vswitch Hypervisor vswitch Hypervisor

NSX value proposition Network and security services In-hypervisor (on-prem) as a Service (cloud) Hardware/Cloud independent Routing Switching vswitch Load balancing Hypervisor Firewalling Routing Switching Load balancing Firewalling

NSX value proposition Virtual networks Network platform Virtualization layer Network, storage, compute Routing VMworld 2017 Switching vswitch Load balancing Hypervisor Firewalling Routing Switching Load balancing Firewalling Content: Not for publication

Security with NSX Micro-segmentation Secure end user DMZ Anywhere

Our security realities When threats breach the perimeter, it s hard to stop lateral spread INTERNET VMworld 2017 Content: Not for MICRO-SEGMENTATION Low priority systems are often targeted first. publication Attackers can move freely around the data center. NETWORK PERIMETER Attackers then gather and exfiltrate the valuable data. 13

What if you could Enforce security at the most granular level of the data center? INTERNET MICRO-SEGMENTATION Every VM can have: Individual security policies Individual firewalls NETWORK PERIMETER 14

What if you could Maintain that level of consistent security across an entire application Security needs to reach beyond an individual VM VMworld 2017 MICRO-SEGMENTATION Modern apps today are distributed in nature WEB DB Content: Not for publication Each VM is typically part of a larger application

What if you could Maintain that level of consistent security across an entire application MICRO-SEGMENTATION

What if you could Maintain that level of consistent security across an entire application MICRO-SEGMENTATION

Better security, simplified policy Define a policy using workload characteristics, not IPs and ports An NSX security policy can be based on things like: Operating system Machine name Services Application tier Regulatory requirements Security posture VMworld 2017 DATA CENTER PERIMETER PCI Scope MICRO-SEGMENTATION Content: Not for publication Creating and managing policies becomes a whole lot easier

Security with NSX Micro-segmentation Secure end user DMZ Anywhere

Our security realities Proliferation of devices accessing the data center, yet not all are secured INTERNET VMworld 2017 Content: Not for SECURE END USER MOBILE WORKERS HAVE BROAD ACCESS TO DATA CENTER RESOURCES VDI at a branch or remote location publication Mobile device in the field or at home NETWORK PERIMETER Laptop or desktop at work or home 20

What if you could Extend micro-segmentation out to secure the end user device INTERNET VMworld 2017 Content: Not for SECURE END USER MICRO-SEGMENTATION LIMITS DEVICE ACCESS TO ONLY WHAT IS NEEDED VDI at a branch or remote location publication Mobile device in the field or at home NETWORK PERIMETER Laptop or desktop at work or home 21

Security with NSX Micro-segmentation Secure end user DMZ Anywhere

Our security realities Isolating physical infrastructure for security is effective, but inefficient DATA CENTER or DMZ ANYWHERE distribution Manual processes Inefficient use of pooled resources PHYSICAL DMZ CORE INFRASTRUCTURE High CapEx investment 23

What if you could Pool your physical infrastructure resources DATA CENTER DMZ ANYWHERE CORE INFRASTRUCTURE 24

What if you could So that you could provide isolation at the hypervisor layer DMZ ANYWHERE CORE INFRASTRUCTURE 25

What if you could Enabling you to create DMZs anywhere, regardless of their location DMZ DMZ DMZ ANYWHERE Scalable and flexible Increase asset utilization CORE INFRASTRUCTURE Simplify management 26

Driving value with our NSX partner ecosystem Orchestration & Management Networking & Security Services Network Infrastructure vrealize Automation VIO vrealize Orchestrator vcloud Director VMworld 2017 Content: Not for Platforms vsan Ready Node Operations & Visibility publication Compute Infrastructure

NSX customer momentum is growing exponentially Q2 1,300+ 2016 Customers Q2 2,600+ 2017 2,600+ customers across all industries and organizational sizes representing 100% year-over-year growth Deployments NSX Over two new deployments of NSX per day. Number of deployments increased 3x year-over-year Certifications 8,800+ Certified NSX professionals

Customer are using NSX SERVICE PROVIDER To stay one step ahead of hackers TELECOM To keep millions of people connected HEALTHCARE To keep hospitals running smoothly VMworld 2017 EDUCATION To deliver apps to thousands of students FINANCE To process millions of transactions globally RETAIL To process $ billions of retail transactions TECHNOLOGY To keep pace with the explosion of data PUBLIC SECTOR To protect governments and militaries Content: Not for publication TRAVEL AND TRANSPORT To keep planes in the air

State of Louisiana Dustin Glover CISO State of Louisiana - OTS VMworld 2017 Content: Not for publication 30

Division of Administration Office of Technology Services Statewide Enterprise Architecture Information Security Overview or distribution

Business Goals Louisiana Department of Health System Modernization Medicaid Eligibility & Enrollment Systems (Initially) Noticeably Improve Public Facing services for Louisiana Citizens Quality & Availability Division of Administration Office of Technology Services 32 Public

Technology Goals (7) Core Components must be COTS ALL Application Service Integration must be achieved through an Enterprise Service Bus (ESB) Standardize Server and Database platforms Extensive High Availability (HA) (Active\Active) and Recoverability Components: Enterprise Service Bus Identity Access Management Master Data Management Data Warehouse Electronic Document Management Consumer Communications Business Rules Engine Division of Administration Office of Technology Services 33 Public

InfoSec Goals Verifiable Regulatory Compliance CMS MARS-E 2.0 & SSA Compliant (Initially) Establish and Document Secure Baseline for all elements within the published 3 environments: Production w/ Restricted Data, NonProduction w/ Restricted, and NonProduction w/ NonRestricted Create internal Isolation (defense in depth) Significantly improve security monitoring Division of Administration Office of Technology Services 34 Public

Division of Administration Office of Technology Services 35 Public

Issues: Performance loss vcenter VM VM Division of Administration Office of Technology Services 36 Public

Solution: NSX Keep traffic within the virtual fabric vcenter VM NSX VM Division of Administration Office of Technology Services 37 Public

NSX Configuration Approach Every HOST must also have a TAG. Access Policy is applied to TAG for HOST. TAGs are applied to HOSTs that require access. WebServer01 VM NSX AppServer01 VM DBServer01 VM vcenter [TAG]:AppServer01:8443 [TAG]:DBServer01:1443 Division of Administration Office of Technology Services 38 Public

NSX Configuration Division of Administration Office of Technology Services 39 Public

NSX Configuration (cont.) Division of Administration Office of Technology Services 40 Public

NSX Benefits Significantly Increased Performance Routing and Firewall inside virtual fabric Allows for DNS load balancing inside NSX Significantly Increased Security Posture True Micro-Segmentation Positioned for Migration to VMWare Cloud ready IaaS Division of Administration Office of Technology Services 41 Public

Team Effort Big THANK YOU to: Division of Administration Office of Technology Services 42 Public

Where to get started Engage and Learn Join VMUG for exclusive access to NSX vmug.com/vmug-join/vmug-advantage Connect with your peers communities.vmware.com Find NSX Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization Try VMworld 2017 Experience Dozens of Unique NSX Sessions Spotlights, breakouts, quick talks & group discussions Visit the VMware Booth Product overview, use-case demos Visit Technical Partner Booths Integration demos Infrastructure, security, operations, visibility, and more Content: Not for publication Meet the Experts Join our Experts in an intimate roundtable discussion Take Free Hands-on Labs Test drive NSX yourself with expert-led or self-paces hands-on labs labs.hol.vmware.com Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback