SlideShare uma empresa Scribd logo

nsx overview with use cases 1.0

Transferir como PPTX, PDF
Ploynatcha Akkaraputtipat
Ploynatcha Akkaraputtipat

knowledge By VMWare

Tecnologia
1 de 50
Threat Protection with a Zero Trust Model Ng Tock Hiong, CISSP Senior Manager, Systems Engineering Networking and Security Southeast Asia and Korea tng@vmware.com
Agenda 1 Securing the New Digital Landscape 2 Current Networking and Security Challenges 3 The Solution – Network and Security Virtualization 4 Security Use Cases 5 Summary 6 Q & A 2
What is a Zero Trust Model Forrester Research coined the term “Zero Trust” to describe a model that prevents common and advanced persistent threats from traversing laterally inside a network. This can be done through a strict, micro-granular security model that ties security to individual workloads and automatically provisions policies. It’s a network that doesn’t trust any data packets. Everything is untrusted. Hence: Zero Trust. CONFIDENTIAL 3
Devices Infrastructure Apps Traditional Apps Cloud-Native AppsAPP APP APP APP APP APP The World We Must Secure Security: The Last One Invited to the Party APP APP APPAPP APP APP APP APPAPP APP APP APP Managed Clouds Private Clouds Public Clouds APP Final Step: “We Need to Secure All of This” Virtualized Compute, Storage, Networking APP APP APPAPP APP APP APP APPAPP APP APP APP 4
From Monolithic Stack to Distributed Apps STORAGE DB APP UI WEB DB DB DB APP APP STORAGE STORAGE STORAGE STORAGE
<img class="background-image" style="left: -5px; top: -22px; width: 590px; height: 387px; transition-property: transform, opacity; transition-duration: 0.6s, 0.3s;" src="http://www.trbimg.com/img- 55d7ca0e/turbine/la-et-ct- spotify-ceo-privacy-policy- sorry-2015-001" data- reactid=".0.4.$/@thenewsdesk/tec hnology- shjum1jiz?intent=0invite.0.1.$1. 1.0.0.$image.0.0.$=10:0.0.0"> data- reactid=".0.4.$/@thenewsdesk/tec hnology- shjum1jiz?intent=0invite.0.1.$1. 1.0.1.1.$title- text.5.0.1.0.1.0.1.$show-more- menu-item-0.0">Report as inappropriate</div></li></ul></d iv></span></span></div></div></d iv></div><span data- reactid=".0.4.$/@thenewsdesk /technology- shjum1jiz?intent=0invite.0.1 .$1.1.0.1.$1"></div></div><d iv class="gridline-y" style="left: 600px; top: 0px; width: 1px; height: 580px; position: absolute;" data- reactid=".0.4.$/@thenewsdesk /technology- shjum1jiz?intent=0invite.0.1 .$1.1.0.$1"></div></div></di v>
The New Security Control Point CONFIDENTIAL 7 Physical Network Infrastructure Hypervisor Modern Apps - Cloud Native Apps, IaaS, DevOps - Focus is on agility Traditional Apps - Databases, Core Banking Apps, Exchange, Legacy Apps - Focus is on stability and efficiency. - Minimal changes Data Center Security Security • Implementing security controls in the physical network infrastructure is only relevant to the traditional applications that are directly connected to the network. • For the modern applications, security controls have to be implemented in the Hypervisor
Current Networking & Security Scenario and Challenges
Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible Little or no lateral controls inside perimeter Internet Internet Insufficient Operationally Infeasible
The “Goldilocks Zone” Too Hot Too Cold
Trading Off Context and Isolation 18 Software Defined Data Center (SDDC) Any Application SDDC Platform Any x86 Any Storage Any IP network Data Center Virtualization SDDC Platform High Context Low Isolation High Isolation Low Context No Ubiquitous Enforcement Traditional Approach
Why SDDC Virtualization Layer is the Security “Goldilocks Zone” 19 Software Defined Data Center (SDDC) Any Application SDDC Platform Any x86 Any Storage Any IP network Data Center Virtualization SDDC Platform L2 Switching L3 Routing Firewalling/ACLs Load Balancing Network & Security Services Now in the Hypervisor
SDDC Virtualization Layer – Delivers Both Context and Isolation 20 Software Defined Data Center (SDDC) Any Application SDDC Platform Any x86 Any Storage Any IP network Data Center Virtualization SDDC Platform High Context High Isolation Ubiquitous Enforcement SDDC Approach Secure Host Introspection
SDDC – A Platform for Industry Innovation 21 Software Defined Data Center (SDDC) Any Application SDDC Platform Any x86 Any Storage Any IP network Data Center Virtualization SDDC Platform
NSX Security Partners CONFIDENTIAL 22
Visibility NSX is uniquely positioned to see everything CONFIDENTIAL 23
NSX Distributed Firewalls vs Physical & Virtual Firewalls • Traditional Rule Mgt & Operations • Chokepoint Enforcement • Virtual Firewalls (~1Gbps) Virtual Firewalls Physical Firewalls • Traditional Rule Mgt & Operations • Chokepoint Enforcement • Physical Firewalls (~100 Gbps) NSX Distributed Firewalling • Automated Policy Mgt & Operations • Distributed Enforcement • vSphere Kernel-based Performance • Distributed Scale-out Capacity (20 Gbps/host)
The Data Center NSX Distributed Firewall enable customers to deploy high- performance Firewalls Everywhere – but managed centrally CONFIDENTIAL 26
NSX Distributed Firewalling Performance 27 20Gbps Per Host of Firewall Performance with Negligible CPU Impact
NSX Distributed Firewalling Performance CONFIDENTIAL 28 80K CPS with 100+ Rules per Host A Typical Virtual Appliance does ~6K CPS per VM A Physical Appliance performs 300K – 400K CPS per appliance
What if you could… Define this level of security repeatedly and predictably 29 DB Web App Granular threat containment Logical policy grouping Simplified security policy
CONFIDENTIAL 30 NSX Distributed Firewall Characteristics Runs in kernel space Full vCenter integration (VC containers, vMotion) Zero-trust security micro-segmentation Line rateDistributed Enable traffic redirection to third- party services Spoofguard Identity firewall Operations kit Fully programmable (REST API) Centralized Management
31 Intelligent Grouping Groups defined by customized criteria CONFIDENTIAL Operating system Machine name Services Application tier Regulatory requirements Security posture
NSX Intra Site Feature: Distributed Firewall vswitch Hairpin Traditional Appliance Direct VM-VM Path Distributed Virtual Firewall NSX vswitch With NSX Third Party Services NSX vswitch Shortest Network Path 32 About Citrix Citrix (NASDAQ:CTXS) is the cloud company th accessing apps and data on any of the latest d build clouds, leveraging virtualization and netw market-leading cloud solutions for mobility, des organizations of all sizes achieve the speed and than 260,000 organizations and by over 100 m citrix.com0813/PDF CONFIDENTIAL
Micro-segmentation simplifies and improves network security App DMZ Shared Services DB Perimeter firewall AD NTP DHCP DNS CERT Inside firewall Finance EngineeringHR 33
Micro-segmentation simplifies network security  Each VM can now be its own perimeter  Policies align with logical groups  Prevents threats from spreading App DMZ Shared Services DB Perimeter firewall Inside router Finance EngineeringHR 34 CERTDNSDHCPNTPAD
VMware AppDefense
The Real Problem is Security Strategies Today 36 Existing data center endpoint security approaches are not effective enough SIGNATURE-BASED BEHAVIORAL Anti-Virus IPS Vulnerability Management Machine Learning AI Security Analytics SIEM Narrow focus No zero day threats Broad focus High false positive rate CONFIDENTIAL
37 • Highly complex and noisy • Limited context – requires a lot of inputs • Manual effort to confirm valid threat Problem with the current model Focused on chasing malicious behavior CONFIDENTIAL
38 • Highly complex and noisy • Limited context – requires a lot of inputs • Manual effort to confirm valid threat Problem with the current model Focused on chasing malicious behavior It’s time for a new model Focus on understanding the application intended state and monitoring for deviations • Simpler and smaller problem set • Better signal-to-noise ratio • Actionable and behavior-based alerts and responses CONFIDENTIAL
Introducing VMware AppDefense Protecting applications running on virtualized and cloud environments APPDEFENSE MONITOR CAPTURE DETECT RESPOND VM MANIFESTVM MANIFEST AUTOMATED AND ORCHESTRATED RESPONSE SECURE INFRASTRUCTURE INTEGRATED ECOSYSTEM Snapshot | Suspend | Block/Alarm | Quarantine | Network Blocking | Service Insertion | … OS Processes Processes Processes
Key Differentiators CONFIDENTIAL 40 Automated threat response “The right response at the right time” Authoritative knowledge of application intended state “Know what’s good, so you can detect what’s bad” Isolation from the attack surface “Protect the protector” AppDefense embeds threat detection and response into the virtualization layer
Using Automation to Enforce Security 41 • Unified Service Design and Delivery • App-Centric Networking and Security • Incorporate External Services • Achieve greater control and visibility • Reduce wait times for siloed IT services • Manage Infrastructure as Code • Lifecycle Manage Everything • Standardised and repeatable process Converged Blueprint Cloud Consumers Cloud Admin Applications Extensibility Security Networking Unified Service Catalog AVAILABILITY SECURITYCONNECTIVITY Benefits
Security Use-Cases
Use Case 1 – Network Segmentation 43 Controlling Traffic Within a Network Perimeter firewall DMZ/Web App DB HR Group App DMZ/Web DB Finance Group Services Mgmt Services/Management Group NSX for vSphere Data Center • Control traffic between groups within a network • Secure traffic based on logical grouping – rather than physical topology • Create network segments flexibly – even between systems on the same VLAN (extremely difficult to do with traditional networking) Security
Use Case 2 – Pass your PCI audit in record time Address PCI compliance requirements with NSX 44 Before NSX 1. Providing granular segmentation to address PCI requirements requires re-architecture, re- addressing and significant capital expenditure 2. PCI audit scope is across the entire DC, lengthening the whole audit hell Security Data center Perimeter Data center Perimeter Production PCI Non-production Shared services With NSX 1. Each zone is now segmented, without the need to re-address or re-architect. 2. Scope of the PCI audit reduced to the PCI zone only, cutting down the audit from weeks to minutes.
Use Case 3: Microsegmentation for Securing VDI Infrastructure Prevent communications between virtual desktop • Desktop to Desktop control • Desktop to Enterprise App control Internal Developer Pool External Developer Pool Protecting Desktop Pools Prevent communications between Virtual Desktops • Without NSX, virtual desktops communications is uncontrolled. • Virtual Desktops do not need to communicate with each other. • In a recent breach, a hacker was able, once he had compromised a virtual desktop, to move to adjacent VDI desktops and exfiltrate critical medical data out. • NSX and its distributed firewall addresses this risk. Security
Use Case 4: Consolidate VDI pools for TCO reduction AD Group Based Identity Firewall (IDFW). User-based access control. APP1 Web 1 App 1 APP2 Web 2 App 2 Engineering External Contractor 1 External Contractor 2 Eng  Eng net 4 “External 1*”  Web 1 4 “External 2*”  Web 2 4 Consolidate VDI pools • Without NSX, customers tend to use one single pool per business unit (HR, Contractors, 3rd Party, Sales, R&D, etc…). • This traditional architecture is used to provide each pool with its own security access. • With NSX, and our ability to control traffic based on Active Directory groups, we can instead simplify the architecture and: • Consolidate multiple pools into one, reducing TCO • Create a granular and dynamic security model based on AD groups Reduce Expenses
47 ESXi SAN Use Case 5: Optimize Performance for VDI environments Agentless Anti-virus enhances user experience and enables greater consolidation ratio Up to 20X Faster Full Scans Up to 5X Faster Real-time Scans Up to 2X Faster VDI Login Up to 30% More VM density Reduce Expenses
Situation OS no longer supported on several systems These systems need policy which restricts access to only email servers Unsupported OS Group Use Case 6: Intelligent Grouping for Unsupported Operating Systems CONFIDENTIAL 48 Security
Use Case 7: Automated Security in a Software Defined Data Center Quarantine Vulnerable Systems until Remediated Security Group = Quarantine Zone Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network} Security Group = Web TierPolicy Definition Standard Desktop VM Policy  Anti-Virus – Scan Quarantined VM Policy  Firewall – Block all except security tools  Anti-Virus – Scan and remediate Security
50 Specific mobile applications can access specific data center applications, without opening up access from ALL mobile apps to ALL enterprise apps AirWatch NSX Translate {User, Device & App} context to Source IP/Port Create NSX Security Group/Service Group Provides micro-segmentation to support access to specific data center applications Patient App Email App Scheduling App VMVM VMVMVM VMVM VMVM VMVM VMVMVM AirWatch Tunnel Server EndUser John (Doctor) Internet DataCenter iPhone Security Use Case 8: Micro-segmentation applied to Mobile Devices NSX & Airwatch integration
Use Case 9: Advanced Security (IDS/IPS) Insertion Example: Palo Alto Networks NGFW Internet Security Policy Security Admin Traffic Steering Security
Use NSX to collapse DMZ back into the DC and benefit from: • Increased East-West security • Lower cost (fewer hardware devices) • Easier automation Use Case 10 : ‘Collapsed’ DMZ 52CONFIDENTIAL Current DMZ architectures are: - Hardware dependent - Complex and inflexible - Slow to provision Security
Isolation Test - 192.168.1.0/24 Production – 192.168.1.0/24 No Communication Path Use Case 11: Integrate Dev, Test and Prod environment into single infrastructure • No communication path between different tenants • Separate dev, test and production environments over single physical network • Independent of hardware • Overlapping IP addressing can be used Security
In summary
Security: a better way 1 2 A new architectural approach to security is needed Secure what matters: apps, users and data Virtualization of networking, security and compute provides a unique way forward 3
SDDC Platform – Native Security Capabilities 61 Hypervisor-based, in kernel distributed firewalling • High throughput rates on a per hypervisor basis • Every hypervisor adds additional east-west firewalling capacity • Native feature of the VMware NSX platform Platform-based automation • Automated provisioning and workload adds/moves/changes • Accurate firewall policies follow workloads as they move Audit Compliance 20 Gbps Firewalling throughput per host Data center micro-segmentation becomes operationally feasible
Q&A 62
63

Recomendados

VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 

Recomendados

VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DivePooja Patel
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
NSX Reference Design version 3.0
NSX Reference Design version 3.0NSX Reference Design version 3.0
NSX Reference Design version 3.0Doddi Priyambodo
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationBayu Wibowo
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming SecurityPCM
 

Mais conteúdo relacionado

Mais procurados

VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DivePooja Patel
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
NSX Reference Design version 3.0
NSX Reference Design version 3.0NSX Reference Design version 3.0
NSX Reference Design version 3.0Doddi Priyambodo
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationBayu Wibowo
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 

Mais procurados (20)

VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep Dive
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
NSX Reference Design version 3.0
NSX Reference Design version 3.0NSX Reference Design version 3.0
NSX Reference Design version 3.0
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined Networking
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSX
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 

Semelhante a nsx overview with use cases 1.0

New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming SecurityPCM
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...Jürgen Ambrosi
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityMarketingArrowECS_CZ
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportDell EMC World
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudAlert Logic
 
Network Security: A Four Point Analysis of Appliances vs. the Cloud
Network Security: A Four Point Analysis of Appliances vs. the CloudNetwork Security: A Four Point Analysis of Appliances vs. the Cloud
Network Security: A Four Point Analysis of Appliances vs. the CloudOpenDNS
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alAlert Logic
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Russia
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemKaspersky Lab
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate BrochureQualys
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingAnita D'Amico
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxAbasse KPEGOUNI
 

Semelhante a nsx overview with use cases 1.0 (20)

New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
VMworld 2013: VMware NSX with Next-Generation Security by Palo Alto Networks
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
 
Network Security: A Four Point Analysis of Appliances vs. the Cloud
Network Security: A Four Point Analysis of Appliances vs. the CloudNetwork Security: A Four Point Analysis of Appliances vs. the Cloud
Network Security: A Four Point Analysis of Appliances vs. the Cloud
 
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_alCss sf azure_8-9-17-intro to security in the cloud_mark brooks_al
Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPs
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
 
Qualys Corporate Brochure
Qualys Corporate BrochureQualys Corporate Brochure
Qualys Corporate Brochure
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptx
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 

Mais de Ploynatcha Akkaraputtipat

Mais de Ploynatcha Akkaraputtipat (6)

Platform administration guide-nos_v3_5
Platform administration guide-nos_v3_5Platform administration guide-nos_v3_5
Platform administration guide-nos_v3_5
 
Setup guide nos-v3_5
Setup guide nos-v3_5Setup guide nos-v3_5
Setup guide nos-v3_5
 
Command reference nos-v3_5
Command reference nos-v3_5Command reference nos-v3_5
Command reference nos-v3_5
 
Sangfor ngfw 修订版
Sangfor ngfw 修订版Sangfor ngfw 修订版
Sangfor ngfw 修订版
 
NETWORK SERVICEOPENSSH + NTP + SQUID
NETWORK SERVICEOPENSSH + NTP + SQUIDNETWORK SERVICEOPENSSH + NTP + SQUID
NETWORK SERVICEOPENSSH + NTP + SQUID
 
Book software-ex-series-system-monitoring
Book software-ex-series-system-monitoringBook software-ex-series-system-monitoring
Book software-ex-series-system-monitoring
 

Último

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

nsx overview with use cases 1.0

  • 1. Threat Protection with a Zero Trust Model Ng Tock Hiong, CISSP Senior Manager, Systems Engineering Networking and Security Southeast Asia and Korea tng@vmware.com
  • 2. Agenda 1 Securing the New Digital Landscape 2 Current Networking and Security Challenges 3 The Solution – Network and Security Virtualization 4 Security Use Cases 5 Summary 6 Q & A 2
  • 3. What is a Zero Trust Model Forrester Research coined the term “Zero Trust” to describe a model that prevents common and advanced persistent threats from traversing laterally inside a network. This can be done through a strict, micro-granular security model that ties security to individual workloads and automatically provisions policies. It’s a network that doesn’t trust any data packets. Everything is untrusted. Hence: Zero Trust. CONFIDENTIAL 3
  • 4. Devices Infrastructure Apps Traditional Apps Cloud-Native AppsAPP APP APP APP APP APP The World We Must Secure Security: The Last One Invited to the Party APP APP APPAPP APP APP APP APPAPP APP APP APP Managed Clouds Private Clouds Public Clouds APP Final Step: “We Need to Secure All of This” Virtualized Compute, Storage, Networking APP APP APPAPP APP APP APP APPAPP APP APP APP 4
  • 5. From Monolithic Stack to Distributed Apps STORAGE DB APP UI WEB DB DB DB APP APP STORAGE STORAGE STORAGE STORAGE
  • 6. <img class="background-image" style="left: -5px; top: -22px; width: 590px; height: 387px; transition-property: transform, opacity; transition-duration: 0.6s, 0.3s;" src="http://www.trbimg.com/img- 55d7ca0e/turbine/la-et-ct- spotify-ceo-privacy-policy- sorry-2015-001" data- reactid=".0.4.$/@thenewsdesk/tec hnology- shjum1jiz?intent=0invite.0.1.$1. 1.0.0.$image.0.0.$=10:0.0.0"> data- reactid=".0.4.$/@thenewsdesk/tec hnology- shjum1jiz?intent=0invite.0.1.$1. 1.0.1.1.$title- text.5.0.1.0.1.0.1.$show-more- menu-item-0.0">Report as inappropriate</div></li></ul></d iv></span></span></div></div></d iv></div><span data- reactid=".0.4.$/@thenewsdesk /technology- shjum1jiz?intent=0invite.0.1 .$1.1.0.1.$1"></div></div><d iv class="gridline-y" style="left: 600px; top: 0px; width: 1px; height: 580px; position: absolute;" data- reactid=".0.4.$/@thenewsdesk /technology- shjum1jiz?intent=0invite.0.1 .$1.1.0.$1"></div></div></di v>
  • 7. The New Security Control Point CONFIDENTIAL 7 Physical Network Infrastructure Hypervisor Modern Apps - Cloud Native Apps, IaaS, DevOps - Focus is on agility Traditional Apps - Databases, Core Banking Apps, Exchange, Legacy Apps - Focus is on stability and efficiency. - Minimal changes Data Center Security Security • Implementing security controls in the physical network infrastructure is only relevant to the traditional applications that are directly connected to the network. • For the modern applications, security controls have to be implemented in the Hypervisor
  • 8. Current Networking & Security Scenario and Challenges
  • 9. Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible Little or no lateral controls inside perimeter Internet Internet Insufficient Operationally Infeasible
  • 11. Trading Off Context and Isolation 18 Software Defined Data Center (SDDC) Any Application SDDC Platform Any x86 Any Storage Any IP network Data Center Virtualization SDDC Platform High Context Low Isolation High Isolation Low Context No Ubiquitous Enforcement Traditional Approach
  • 12. Why SDDC Virtualization Layer is the Security “Goldilocks Zone” 19 Software Defined Data Center (SDDC) Any Application SDDC Platform Any x86 Any Storage Any IP network Data Center Virtualization SDDC Platform L2 Switching L3 Routing Firewalling/ACLs Load Balancing Network & Security Services Now in the Hypervisor
  • 13. SDDC Virtualization Layer – Delivers Both Context and Isolation 20 Software Defined Data Center (SDDC) Any Application SDDC Platform Any x86 Any Storage Any IP network Data Center Virtualization SDDC Platform High Context High Isolation Ubiquitous Enforcement SDDC Approach Secure Host Introspection
  • 14. SDDC – A Platform for Industry Innovation 21 Software Defined Data Center (SDDC) Any Application SDDC Platform Any x86 Any Storage Any IP network Data Center Virtualization SDDC Platform
  • 16. Visibility NSX is uniquely positioned to see everything CONFIDENTIAL 23
  • 17. NSX Distributed Firewalls vs Physical & Virtual Firewalls • Traditional Rule Mgt & Operations • Chokepoint Enforcement • Virtual Firewalls (~1Gbps) Virtual Firewalls Physical Firewalls • Traditional Rule Mgt & Operations • Chokepoint Enforcement • Physical Firewalls (~100 Gbps) NSX Distributed Firewalling • Automated Policy Mgt & Operations • Distributed Enforcement • vSphere Kernel-based Performance • Distributed Scale-out Capacity (20 Gbps/host)
  • 18. The Data Center NSX Distributed Firewall enable customers to deploy high- performance Firewalls Everywhere – but managed centrally CONFIDENTIAL 26
  • 19. NSX Distributed Firewalling Performance 27 20Gbps Per Host of Firewall Performance with Negligible CPU Impact
  • 20. NSX Distributed Firewalling Performance CONFIDENTIAL 28 80K CPS with 100+ Rules per Host A Typical Virtual Appliance does ~6K CPS per VM A Physical Appliance performs 300K – 400K CPS per appliance
  • 21. What if you could… Define this level of security repeatedly and predictably 29 DB Web App Granular threat containment Logical policy grouping Simplified security policy
  • 22. CONFIDENTIAL 30 NSX Distributed Firewall Characteristics Runs in kernel space Full vCenter integration (VC containers, vMotion) Zero-trust security micro-segmentation Line rateDistributed Enable traffic redirection to third- party services Spoofguard Identity firewall Operations kit Fully programmable (REST API) Centralized Management
  • 23. 31 Intelligent Grouping Groups defined by customized criteria CONFIDENTIAL Operating system Machine name Services Application tier Regulatory requirements Security posture
  • 24. NSX Intra Site Feature: Distributed Firewall vswitch Hairpin Traditional Appliance Direct VM-VM Path Distributed Virtual Firewall NSX vswitch With NSX Third Party Services NSX vswitch Shortest Network Path 32 About Citrix Citrix (NASDAQ:CTXS) is the cloud company th accessing apps and data on any of the latest d build clouds, leveraging virtualization and netw market-leading cloud solutions for mobility, des organizations of all sizes achieve the speed and than 260,000 organizations and by over 100 m citrix.com0813/PDF CONFIDENTIAL
  • 25. Micro-segmentation simplifies and improves network security App DMZ Shared Services DB Perimeter firewall AD NTP DHCP DNS CERT Inside firewall Finance EngineeringHR 33
  • 26. Micro-segmentation simplifies network security  Each VM can now be its own perimeter  Policies align with logical groups  Prevents threats from spreading App DMZ Shared Services DB Perimeter firewall Inside router Finance EngineeringHR 34 CERTDNSDHCPNTPAD
  • 28. The Real Problem is Security Strategies Today 36 Existing data center endpoint security approaches are not effective enough SIGNATURE-BASED BEHAVIORAL Anti-Virus IPS Vulnerability Management Machine Learning AI Security Analytics SIEM Narrow focus No zero day threats Broad focus High false positive rate CONFIDENTIAL
  • 29. 37 • Highly complex and noisy • Limited context – requires a lot of inputs • Manual effort to confirm valid threat Problem with the current model Focused on chasing malicious behavior CONFIDENTIAL
  • 30. 38 • Highly complex and noisy • Limited context – requires a lot of inputs • Manual effort to confirm valid threat Problem with the current model Focused on chasing malicious behavior It’s time for a new model Focus on understanding the application intended state and monitoring for deviations • Simpler and smaller problem set • Better signal-to-noise ratio • Actionable and behavior-based alerts and responses CONFIDENTIAL
  • 31. Introducing VMware AppDefense Protecting applications running on virtualized and cloud environments APPDEFENSE MONITOR CAPTURE DETECT RESPOND VM MANIFESTVM MANIFEST AUTOMATED AND ORCHESTRATED RESPONSE SECURE INFRASTRUCTURE INTEGRATED ECOSYSTEM Snapshot | Suspend | Block/Alarm | Quarantine | Network Blocking | Service Insertion | … OS Processes Processes Processes
  • 32. Key Differentiators CONFIDENTIAL 40 Automated threat response “The right response at the right time” Authoritative knowledge of application intended state “Know what’s good, so you can detect what’s bad” Isolation from the attack surface “Protect the protector” AppDefense embeds threat detection and response into the virtualization layer
  • 33. Using Automation to Enforce Security 41 • Unified Service Design and Delivery • App-Centric Networking and Security • Incorporate External Services • Achieve greater control and visibility • Reduce wait times for siloed IT services • Manage Infrastructure as Code • Lifecycle Manage Everything • Standardised and repeatable process Converged Blueprint Cloud Consumers Cloud Admin Applications Extensibility Security Networking Unified Service Catalog AVAILABILITY SECURITYCONNECTIVITY Benefits
  • 35. Use Case 1 – Network Segmentation 43 Controlling Traffic Within a Network Perimeter firewall DMZ/Web App DB HR Group App DMZ/Web DB Finance Group Services Mgmt Services/Management Group NSX for vSphere Data Center • Control traffic between groups within a network • Secure traffic based on logical grouping – rather than physical topology • Create network segments flexibly – even between systems on the same VLAN (extremely difficult to do with traditional networking) Security
  • 36. Use Case 2 – Pass your PCI audit in record time Address PCI compliance requirements with NSX 44 Before NSX 1. Providing granular segmentation to address PCI requirements requires re-architecture, re- addressing and significant capital expenditure 2. PCI audit scope is across the entire DC, lengthening the whole audit hell Security Data center Perimeter Data center Perimeter Production PCI Non-production Shared services With NSX 1. Each zone is now segmented, without the need to re-address or re-architect. 2. Scope of the PCI audit reduced to the PCI zone only, cutting down the audit from weeks to minutes.
  • 37. Use Case 3: Microsegmentation for Securing VDI Infrastructure Prevent communications between virtual desktop • Desktop to Desktop control • Desktop to Enterprise App control Internal Developer Pool External Developer Pool Protecting Desktop Pools Prevent communications between Virtual Desktops • Without NSX, virtual desktops communications is uncontrolled. • Virtual Desktops do not need to communicate with each other. • In a recent breach, a hacker was able, once he had compromised a virtual desktop, to move to adjacent VDI desktops and exfiltrate critical medical data out. • NSX and its distributed firewall addresses this risk. Security
  • 38. Use Case 4: Consolidate VDI pools for TCO reduction AD Group Based Identity Firewall (IDFW). User-based access control. APP1 Web 1 App 1 APP2 Web 2 App 2 Engineering External Contractor 1 External Contractor 2 Eng  Eng net 4 “External 1*”  Web 1 4 “External 2*”  Web 2 4 Consolidate VDI pools • Without NSX, customers tend to use one single pool per business unit (HR, Contractors, 3rd Party, Sales, R&D, etc…). • This traditional architecture is used to provide each pool with its own security access. • With NSX, and our ability to control traffic based on Active Directory groups, we can instead simplify the architecture and: • Consolidate multiple pools into one, reducing TCO • Create a granular and dynamic security model based on AD groups Reduce Expenses
  • 39. 47 ESXi SAN Use Case 5: Optimize Performance for VDI environments Agentless Anti-virus enhances user experience and enables greater consolidation ratio Up to 20X Faster Full Scans Up to 5X Faster Real-time Scans Up to 2X Faster VDI Login Up to 30% More VM density Reduce Expenses
  • 40. Situation OS no longer supported on several systems These systems need policy which restricts access to only email servers Unsupported OS Group Use Case 6: Intelligent Grouping for Unsupported Operating Systems CONFIDENTIAL 48 Security
  • 41. Use Case 7: Automated Security in a Software Defined Data Center Quarantine Vulnerable Systems until Remediated Security Group = Quarantine Zone Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network} Security Group = Web TierPolicy Definition Standard Desktop VM Policy  Anti-Virus – Scan Quarantined VM Policy  Firewall – Block all except security tools  Anti-Virus – Scan and remediate Security
  • 42. 50 Specific mobile applications can access specific data center applications, without opening up access from ALL mobile apps to ALL enterprise apps AirWatch NSX Translate {User, Device & App} context to Source IP/Port Create NSX Security Group/Service Group Provides micro-segmentation to support access to specific data center applications Patient App Email App Scheduling App VMVM VMVMVM VMVM VMVM VMVM VMVMVM AirWatch Tunnel Server EndUser John (Doctor) Internet DataCenter iPhone Security Use Case 8: Micro-segmentation applied to Mobile Devices NSX & Airwatch integration
  • 43. Use Case 9: Advanced Security (IDS/IPS) Insertion Example: Palo Alto Networks NGFW Internet Security Policy Security Admin Traffic Steering Security
  • 44. Use NSX to collapse DMZ back into the DC and benefit from: • Increased East-West security • Lower cost (fewer hardware devices) • Easier automation Use Case 10 : ‘Collapsed’ DMZ 52CONFIDENTIAL Current DMZ architectures are: - Hardware dependent - Complex and inflexible - Slow to provision Security
  • 45. Isolation Test - 192.168.1.0/24 Production – 192.168.1.0/24 No Communication Path Use Case 11: Integrate Dev, Test and Prod environment into single infrastructure • No communication path between different tenants • Separate dev, test and production environments over single physical network • Independent of hardware • Overlapping IP addressing can be used Security
  • 47. Security: a better way 1 2 A new architectural approach to security is needed Secure what matters: apps, users and data Virtualization of networking, security and compute provides a unique way forward 3
  • 48. SDDC Platform – Native Security Capabilities 61 Hypervisor-based, in kernel distributed firewalling • High throughput rates on a per hypervisor basis • Every hypervisor adds additional east-west firewalling capacity • Native feature of the VMware NSX platform Platform-based automation • Automated provisioning and workload adds/moves/changes • Accurate firewall policies follow workloads as they move Audit Compliance 20 Gbps Firewalling throughput per host Data center micro-segmentation becomes operationally feasible
  • 50. 63

Notas do Editor

  1. It’s important to understand we are not talking about replacing the North-South Firewall, you will likely leverage hardware based performance and throughput capacity for a very long time at the perimeter of the data center.   However it is important to understand that there is a BIG difference between physical or virtual firewalls and distributed firewalling. Hardware-based firewalls are designed to deliver high performance, high capacity throughput, typically ranging from 2 to 30 Gbps, with some of the most powerful chassis-based solutions exceeding 100 Gbps. I believe Palo Alto’s most recent PA-7050 series chassis solution delivers is in the range of 120 Gbps firewall throughput. Virtual firewalls, are effectively the same from an operational standpoint, but often reduce feature sets and deliver far less throughput capacity, in the range of 1 to 3 Gbps The BIG difference with a distributed firewall solution is the combination of an automated operational model and scale-out throughput performance. Using an SDDC approach, firewalling policies are provisioned with and enforced at each VMs virtual interface. The firewalling function is done in the hypervisor kernel and delivers on the order of 30 Gbps, per hypervisor. So the more hypervisor hosts you have the more East-West firewalling capacity you have.
  2. Darker blue shows performance of forwarding packets without filtering, about 20 Giga bits per second Lighter blue shows performance of forwarding packets while filtering, about 19.7 Giga bits per second Very little impact to the hypervisor’s ability to forward packets, because we are doing the filtering in the kernel.
  3. And, we get about 80 thousand connections per second, compared to a typical virtual appliance firewall getting about 6 thousand connections per second.
  4. You might be asking, why hasn’t this been done before? It’s really hard to understand the intended state of an application. The infosec team is not the team that built the app and tracking down all of the details about which processes should be running and how those processes should be communicating inside the app is tedious and labor intensive. The biggest differentiator that AppDefense has is its position in the hypervisor. AppDefense leverages its position in vSphere to automatically discover the intended state of an application. This process is aided with integrations into automation and provisioning systems, like VRA, so that as applications are built and provisioned, AppDefense sees their intended state from the get go. This authoritative understanding of the application’s intended state is critical and AppDefense makes this process relatively simple. In order to detect what’s bad, we need to know what good looks like. Once we can discern what’s bad, we can automate responses with confidence. AppDefense uses vSphere and if it’s installed, NSX as well, to take action in response to a detected threat. For instance, we can take a snapshot of the compromised VM for forensic analysis later using vSphere, then quarantine the VM using NSX. Or we can suspend the VM or increase logging on the machine – we have a number of options we can take. The key here is that AppDefense allows us to orchestrate all of this ahead of time and automatically trigger the response when it detects a given threat. The third differentiator is one that we talk about with respect to NSX a lot as well – because AppDefense is embedded in vSphere, it is protected in the event that a VM is compromised. Unlike AV agents that live on each individual data center endpoint, AppDefense cannot be simply turned off if an attacker or a piece of malware gains control of a VM. This layer of isolation is a major benefit to AppDefense’s architecture, and is fairly unique in the industry.
  5. Use Case 1: Pure micro-segmentation What do we achieve?  Control traffic between devices within same subnet or within a network without the need for re-addressing or hardware purchase. For what purpose?  Cyber-security (eliminate the threat of lateral attacker movement within DC) and compliance. Without NSX? Operational nightmare to maintain complex solution, such as Private VLAN
  6. Use Case 2: Pass your PCI audit in record time What do we achieve?  Segment zones based on business purposes, without the need for re-architecture, re-addressing or expensive capital expenditure. For what purpose?  Achieve compliance (such as PCI) in very little time. Without NSX? PCI scope encompassing the entire DC, lengthening the whole audit process & a nightmare to pass PCI audit without huge capital and operational investment
  7. Use Case 3: Micro segmentation to secure VDI What do we achieve? Control traffic between virtual desktops for cybersecurity For what purpose? Cyber-security as it would prevent adjacent spread due to a VDI breach Without NSX? Not possible nowadays unless every VDI is protected by a virtual firewall which does not scale.
  8. Use Case 4: Consolidate VDI pools for TCO reduction What do we achieve? NSX and Identity-Based FW enables us to consolidate multiple VDI pools into one For what purpose? Greatly reduced TCO Without NSX? Required multiple VDI pools and high number of firewall rules causing high cost and operational complexity
  9. Use Case 5: Optimize Performance for VDI environments What do we achieve? Move the AV function from inside each virtual desktop to a dedicated service virtual machine, greatly enhancing performance on each virtual desktop For what purpose?  Greater consolidation ratio, reducing the Total Cost of Ownership Without NSX? AV agents on each VM add a 25% performance hit, reducing the maximum number of virtual desktops a host can support.
  10. Use Case 6: Dynamic isolation of out-of-support servers like Windows Server 2003 What do we achieve? Isolate Windows Servers 2003 behind firewalls without the need to re-address them For what purpose? Reduce security risk associated with out-of-support Windows Servers 2003  Without NSX? Isolating servers would require server re-addressing (and associated challenges) and manual firewall rules changes. Let’s take a quick look at what that intelligent grouping enables: One of our customers had a significant concern. Microsoft announced it would no longer be supporting Windows XP. Our customer had hundreds of VDI desktops that were actually running XP in different locations spread across the globe. They needed to be able to identify which machines were running the unsupported OS, and define a policy that would restrict access for those systems to internal resources only. The problem in a traditional networking construct, is that this policy would be incredibly complex, taking into account all of the various physical networking constructs needed to implement consistent security. This would have taken weeks to months. With NSX, we are actually able to identify a group based on OS in minutes. This enables us to move into our policy definitions immediately.
  11. Use Case 7: Dynamic isolation of virtual machines based on their security posture What does this solution do? Automatically scans VMs and place affected machines in quarantine until they are remediated For what purpose? Quickly and dynamically isolates security risk.  Without NSX? Requires manual scan, server re-addressing, manual firewall rule change before and after quarantine. Automated security allows you to quarantine vulnerable systems until the threat can be remediated CLICK – Create your policy definition policies CLICK – Apply those policies to specific security groups i.e. web servers, windows server etc CLICK – Once a threat is found the system is isolated from the network in it’s own L2 network with access to remediation services i.e. patch updates CLICK – Once the threat has been remediated it’s allowed onto the network
  12. Use Case 8: Micro-Segmentation applied to Mobile Devices What does this solution do? Restricting mobile applications access to specific enterprise applications For what purpose? Provides enhanced security for mobile devices enrolled with AirWatch Without NSX? Mobile Applications would typically be able to access most enterprise applications
  13. Use Case 9: Advanced IDS/IPS security – Palo Alto Firewalls example . What do we achieve? L4-L7 security services as close to the source of the traffic (Virtual Machine). For what purpose? Reduce security risk associated with east-west traffic. Without NSX? Traffic is hair pinned to expensive physical firewall. When you integrated Palo Alto Networks NGFW with NSX you now have the ability to performance advanced application layer filtering CLICK – The Palo Alto Networks firewall manager called Panorama will talk to the NSX controller CLICK – The NSX controller will provision Palo Alto firewalls on all hosts CLICK – You then create a security policy within Panorama with your firewall rules, IDS and IPS policies CLICK – This will then get pushed out to your perimeter Palo Alto firewalls as well as the host firewalls CLICK – Traffic steering is then used to re-direct traffic form the distributed firewall to the Palo Alto firewall running on the host CLICK – Traffic is blocked, allowed or inspected depending on the rule set configured
  14. Use Case 10: Collapsed DMZ What do we achieve? Deploy new services and applications onto a flat network, removing the need for multiple physical connections to a firewall For what purpose? Facilitates provisioning of services and reducing time to market.  Without NSX? Current DMZ architectures prevent fast services deployments, have complex firewall rule sets and require costly physical firewalls
  15. Use Case 11: Integrate Dev, Test and Prod environment into single infrastructure What do we achieve? Consolidate multiple environments on single one while maintaining security isolation For what purpose? Infrastructure rationalisation Without NSX? Complex and highly dependent on whether network infrastructure can support features such as VRF Isolation – No communication path, separate tenants, separate Dev, test and production environments
  16. It’s this combination of hypervisor-based in kernel distributed firewalling and platform-based automation that is making data center micro-segmentation Nirvana a reality for security teams today.
  17. Thank you!