Dan Illson
Author Archives: Dan Illson
- Home → Author's archive:
Dan Illson
Micro-segmentation with Service Insertion – NSX Securing “Anywhere” Part IV
Welcome to part 4 in the Micro-Segmentation Defined– NSX Securing “Anywhere” blog series. Today we will cover the role of NSX as a foundational security platform through NSX Micro-segmentation with Service Insertion. Previous topics covered in this series includes
- Part I – Micro-segmentation Defined
- Part II – Securing Physical environments
- Part III –Operationalizing Micro-segmentation
This blog covers the following topics:
- Defining Service Insertion
- The Role of Service Insertion in Micro-segmentation
- Network and Guest Introspection
- NSX Service Insertion
Defining Service Insertion
In modern datacenters, network and compute services either have been or are being decoupled from the physical appliances on which they have traditionally run. In the past, a datacenter service required traffic to be steered through a series of such appliances in order to be serviced appropriately, through services such as firewalls, intrusion detection and prevention, and load balancing services. As infrastructure services transition from physical appliances to software functions, it becomes possible to deploy these services with greater granularity by inserting them into a specific forwarding path. Combining multiple functions in this manner is generally referred to as a service chain or service graph.
Figure 1: Two distinct service chains utilizing different functions
Once infrastructure Continue reading