Announcing VMware NSX+ Advanced Load Balancer Cloud Controller

Continuing the operational simplicity journey with VMware NSX+ Advanced Load Balancer Cloud Services that now include Cloud Controller

Applications are the lifeline of today’s businesses. By 2025, 750 million different applications will exist. Load balancing a variety of applications is no easy task, and cloud admins will have their work cut out for them. To meet the needs of modern applications, load balancers need to be agile, and have the ability to scale with modern applications while maintaining operational simplicity. Therefore, legacy load balancing solutions may not be a good fit for modern applications. Software defined load balancing solutions such as the NSX Advanced Load Balancer (ALB) are purpose built for such emerging scenarios.

Today we are happy to announce yet another important milestone in the pursuit of making the NSX advanced load balancing solution simpler and more flexible. Starting today, NSX ALB will be natively available as a service on VMware Cloud on AWS. NSX+ ALB Cloud Controller is completely managed by VMWare, and aims to simplify Day 0, Day 1, and Day 2 operations. This capability is available today on VMware Cloud on AWS and will be made available on public clouds in subsequent releases.

Adding application awareness Continue reading

Announcing VMware NSX+: A Simpler Path to Consistent Multi-Cloud Networking

Deploying applications on multi-cloud infrastructure is challenging. VMware has long been committed to making multi-cloud networking and security simpler and more consistent through initiatives like Project Northstar which we announced at VMware Explore last year.

Today, we’re excited to continue our mission of simplifying the multi-cloud by introducing VMware NSX+, a new multi-cloud service offering for VMware NSX that makes it easier than ever to achieve a consistent and secure multi-cloud infrastructure for your applications.

Multi-cloud presents unique networking and security challenges

Securely deploying applications and infrastructure on-premises and across multiple clouds is complex

• Complex network design and operations: Each cloud can have its own set of tools and controls, slowing down network deployment and operations. ​
• Limited visibility: Network operators often cannot achieve the end-to-end visibility and monitoring across clouds.
• Secure Controls for Threat Detection: Lack of visibility into cross-cloud traffic increases the risk of lateral movement of undetected threats. Also, correlating threats across multiple clouds can be challenging because of the diversity of cloud environments.
• Skills and resource gap: Public cloud providers have their own unique networking constructs and architectures, making it challenging to bridge the skills gap, and hire and train a team equipped to manage the complexity of Continue reading

Introducing New Networking and Advanced Security Capabilities in NSX 4.1

We’re delighted to announce the general availability of VMware NSX 4.1, a release that delivers new functionalities for virtualized networking and advanced security for private, hybrid, and multi-clouds.  This release’s new features and capabilities will enable VMware NSX customers to take advantage of enhanced networking and advanced security, increased operational efficiency and flexibility, and simplified troubleshooting.

Read on to discover the key features in the latest NSX release.

Stay Ahead of Threats and Safeguard our Network

Uncover Every Threat

NSX 4.1 introduces a new feature that allows the sending of IDS/IPS logs from the NSX Gateway firewall (GFW) to our Network Detection and Response (NDR), which is part of VMware NSX Advanced Threat Prevention (ATP). This new functionality is complementary to our existing NSX Distributed Firewall (DFW), which has had IDS/IPS logs sent to the NDR for quite some time now. With this new feature, NSX 4.1 customers can gain a more comprehensive view of network activity, allowing faster and more effective responses to threats. By analyzing IDS/IPS logs from GFW and DFW in combination with our Network Traffic Analysis (NTA) and Sandboxing, our NDR system can correlate events and identify attack patterns, providing a complete picture Continue reading

Network Modernization Unlocks the Power of Modern Cloud Applications  

This is a guest post from IDC Analyst Brad Casemore.

Modern applications are more distributed than ever before, deployed variously across on-premises data centers, public clouds (IaaS), private clouds, and edge locations, and sometimes delivered as SaaS. While the primacy of these data-centric applications is undeniable and will only grow with the rise of artificial intelligence (AI), a failure to ensure the modernization of underlying network infrastructure can compromise and constrain an organization’s application-driven digital strategies. 

Needs of today 

Network modernization, especially within the context of cloud-native architectures and multi-cloud strategies, cannot be an afterthought for rapidly digitizing enterprises. As applications become the powerhouse behind digital success and competitive differentiation, organizations should consider investing in software-defined network infrastructure.  

A software-defined network infrastructure provides consistent network and security policies, operational simplicity, elastic scale, and ubiquitous visibility, with support for traditional and cloud-native applications spanning on-premises environments and clouds. 

Preparing for tomorrow 

Special consideration also must be given to the future networking needs of the organization, particularly in relation to how modern network infrastructure will provide inherent portable application layer networking for cloud-native applications through functionality such as ingress controllers, service meshes, and visibility into workloads Continue reading

Networking and Security in VMware Cloud on AWS: New Video Series

VMware Cloud on AWS provides a range of powerful security and networking capabilities. From enforcing granular security rules for traffic using NSX Advanced Firewall, to managing complex routes between your AWS environment and external resources via Transit Connect, there’s no shortage of tools available for supporting your business’s unique requirements when you leverage AWS as part of a VMware-based SDDC strategy. 

To showcase some of the most powerful security and networking features of VMware Cloud on AWS, we’ve prepared a set of short videos where Ron Fuller, Senior Technical Product Manager at VMware, explains how the features work and how to get started using them. If you’re looking for a quick introduction to key security and networking concepts that impact VMware Cloud on AWS workloads, these videos are for you. 

Keep reading for links to the videos, along with summaries of what you’ll learn from each one. We recommend watching the videos in order because Ron explains core Software-Defined Data Center (SDDC) concepts as he progresses through the videos, although viewers who are already familiar with SDDC may prefer to skip ahead. 

Video 1: Introduction to Security Tools in VMware Cloud on AWS 

Continue reading

10 Reasons Why Customers Choose VMware NSX to Automate Networking and Security

By now, you’ve probably heard about why you should automate network management. Not only does automation save time and effort, but it also reduces risk. As Gartner notes, for instance, organizations that automate about 70 percent of their network change management operations will see a 50 percent reduction in outages. They’ll also cut in half the time it takes to roll out new services.

The bigger question many teams face surrounding network automation, however, is how to automate. With so many tools on the market that promise to help automate networking and security, which solution is the best fit for your needs? What should you look for from an automation lens when considering a networking platform?

To provide clarity on those questions, we’ve put together a list of the reasons why customers choose VMware NSX in order to deploy applications at scale with greater speed, efficiency, and security. VMware NSX, the platform for network virtualization, provides instant and programmatic provisioning for fast, highly available, and secure infrastructure. The automation capabilities of NSX listed below maximize time savings and minimize risk when managing distributed, multi-cloud environments.                            Continue reading

Tips for Putting Zero Trust into Practice in Kubernetes-Based Environments

If you work in IT, you’ve probably heard lots of talk in recent years about “zero trust,” a security strategy that requires all resources to be authenticated and authorized before they interact with other resources, rather than being trusted by default.

The theory behind zero trust is easy enough to understand. Where matters tend to get tough, however, is actually implementing zero-trust security and compliance, especially in complex, cloud-native environments.

Which tools are available to help you enforce zero-trust security configurations? What does zero trust look like at different layers of your stack – nodes, networks, APIs and so on? What does it mean to enforce zero trust for human users, as compared to machine users?

To answer questions like these, we’ve organized a webinar, titled “Zero Trust Security and Compliance for Modern Apps on Multi-Cloud,” that will offer practical guidance on configuring a zero-trust security posture in the real world.

The one-hour session will focus in particular on enforcing zero-trust in Kubernetes-based environments, with deep dives into the following:

• How to protect human and machine users in Kubernetes using a zero-trust model.
• Meeting Kubernetes data privacy and compliance requirements through zero trust.
• Securing user-to-app communications with zero-trust networking policies Continue reading

VMware named a Leader in Cloud Networking in GigaOm Radar Report

We’re delighted to report that GigaOm, a global provider of technology industry insights and analysis, has placed VMware in the leader ring in the GigaOm Radar Report for Cloud Networking 2022. In the leader ring, VMware is placed in the Platform Play and Maturity quadrant. This is a testament to the robustness of VMware’s cloud networking solution and its leading position in the cloud networking space. Click here to download the complete report.

Noting VMware’s broad portfolio of networking solutions, which covers the entire network stack and includes native network features for observability, micro-segmentation, and beyond, GigaOm says that VMware is in a leading position to help enterprises with complex networking requirements “modernize and optimize their infrastructure.”

Cloud Network Evaluation Criteria

The report evaluates 11 vendors that provide tools or platforms to help build and operate cloud networks. They include major enterprises like VMware, as well as several smaller companies.

GigaOm assessed the vendors on a variety of criteria, including:

• Network traffic security and micro-segmentation.
• Observability.
• Troubleshooting and diagnostics.
• Optimization and autoscaling.
• APIs and IaC integration.
• Application-aware infrastructure.
• Solution management.

VMware received a triple-plus score – the highest evaluation possible – for most of the categories given above.

Continue reading

Introducing New NSX Upgrade Capabilities for NSX-T 3.2

We’re introducing new capabilities to help our customers prepare for upgrading to the latest releases — now available with NSX-T Data Center 3.2.0.1.

To ensure that existing NSX deployments can be successfully upgraded to NSX-T Data Center 3.2.x, we have provided an NSX Upgrade Evaluation Tool that operates non-intrusively as a separate downloadable tool to check the health and readiness of your NSX Managers prior to upgrade. Using NSX Upgrade Evaluation Tool can help avoid potential upgrade failures and save time by avoiding a rollback from a failed upgrade.

Customers upgrading to NSX-T 3.2.x are strongly encouraged to review the Upgrade Checklist and run the NSX Upgrade Evaluation Tool before starting the upgrade process.

In what follows, we’ll go over the details of the NSX Upgrade Evaluation Tool:

• How the tool works
• When to use the tool
• What the tool can and cannot do
• How to use the tool

How the NSX Upgrade Evaluation Tool Works

The main component of the NSX Upgrade Evaluation Tool is the database where a copy of NSX objects will be stored. The tool starts by making a secure copy of the database from an existing NSX Manager Continue reading

What’s the Most Secure Network of Them All?

You’re standing in front of three doors. Door number one is big, tall, and sturdy. Nothing fancy, but seemingly safe. Door number two has more bells and whistles, fancy engravings, and twice the number of locks. Elevated security for sure, but you suspect more form over function, so you’re not entirely sold. Door number three features a winning combination of practicality and advanced locks. This one has to be the best choice, right?

You can’t see behind any door, so your choice is limited to inference. That’s frustrating. Today, choosing the right security solution for your business is no different. Bells and whistles can distract us from our core objective of ultimate, unwavering security. And old reliable doesn’t seem capable of repelling an onslaught of modern threats and distributed exposures.

Organizations need to make the right network security choice to successfully secure their networks in a highly dynamic, distributed world where it’s not a matter of if intruders will get in, but when. Turns out, the right approach is as much about philosophy as it is about technology: trust no one. But, before we get into the relationship between trust and better security, let’s begin with a review of how Continue reading

Introducing VMware NSX Advanced Firewall for VMware Cloud on AWS

We are pleased to announce the introduction of VMware NSX Advanced Firewall for VMware Cloud on AWS, which takes the network security capabilities of VMware Cloud on AWS SDDC to a new level. Adding NSX Advanced Firewall features allows organizations to define security policies at Layer 7 while enabling deep packet inspection across all vNICS within the software-defined data center (SDDC). 

NSX Advanced Firewall capabilities help you secure your applications against a never-expanding set of threats on the internet. Specifically, it includes a robust set of networking and security capabilities that enable customers to run production applications in the cloud. 

This capability allows you to: 

• Detect attempts at exploiting vulnerabilities in your workloads. 
• Gain protection against vulnerabilities inside your SDDC with granular application-level security policies. 
• Reduce the attack surface of your workloads by allowing only the intended application traffic to run in your SDDC. 
• Seamlessly provide inspection for all traffic without a single inspection bottleneck. 
• Achieve your compliance goals. 
• Customers can purchase the NSX Advanced Firewall as an add-on in VMware Cloud on AWS. 

Get the full summary on the VMware Cloud Blog or directly access the product page. 

The post Introducing VMware NSX Advanced Firewall for VMware Cloud on AWS appeared first on Network and Security Virtualization.

Network, It’s Time to Modernize!

The network is a critical component of any IT environment. When it works, it’s “normal” and few notice it. But the smallest glitch can have devastating business impacts.  For over a decade, networking has been adapting to become more programmable, closer to applications, and easier to use. At the same, the number of devices increased drastically while and applications exponentially. More than ever, there is a need to adapt the network to the new paradigm of multi-cloud environments, and to make it on-demand, easy to use, and simple. The network should be transparent to applications and users, yet allow the most complex environments to communicate reliably.

Let’s dig into the three pillars of a Modern Network framework.

Modern App Connectivity Services

User experience is paramount in today’s world. Applications and data are increasingly distributed across multiple on-premises data centers and public, private, and multi-cloud environments. At the same time, users and devices (including IoT) are spreading out from a centralized corporate headquarters to branch offices, remote worksites, and, increasingly, home offices. This new reality means that, more and more, machines are talking to machines and applications are talking to applications, creating network complexity that can only be mitigated by Continue reading

How to Simplify and Accelerate Network Segmentation 

Network segmentation—splitting a network into subnetworks or segments—is widely accepted to be a powerful and effective method for improving cybersecurity within the data center. Yet even though it’s acknowledged to be an essential component of network security hygiene, organizations have frequently avoided putting segmentation into practice.  

Why? Because historically network segmentation has been complex, disruptive, and time-consuming to implement, requiring extensive changes to the physical network and/or network addresses. The potential impact of taking applications offline for network changes means that many organizations decide to forego this industry-wide best practice. Teams that do forge ahead often face months- or years-long effort to create security zones by re–architecting the network, relocating equipment, and re-assigning IP addresses.  

It doesn’t have to be that way. Today there’s an elegant solution that greatly simplifies and accelerates network segmentation: VMware NSX Service-defined Firewall. Purpose–built to protect east-west traffic, VMware Service-defined Firewall enables segmentation without any disruptive physical network or address changes. 

Attackers Love Flat Networks  

To back up a step, let’s examine why network segmentation  Continue reading

Solve Container Networking Challenges with NSX Container Plugin

By Susan Wu, Senior Product Marketing Manager and Yasen Simeonov, Senior Technical Product Manager, Networking and Security Business Unit

Kubernetes has become mainstream in the enterprise. In the latest Cloud Native Computing Foundation (CNCF) survey [1], 78% of the companies surveyed use Kubernetes in production. Containers are not only the norm but are running at scale with 34% of the organizations using 1,000 containers or more.

Given the rise in deployment, challenges remain as organizations attempt to operationalize Kubernetes.

Address Top Challenges in Containers Networking

With the latest release of VMware NSX-T and the NSX Container Plugin (NCP) we continue to address our customers’ top challenges such as security, complexity, and networking.

NSX provides the full stack networking and security across container orchestration platforms including VMware vSphere 7 with Kubernetes, Tanzu, OpenShift and upstream Kubernetes. NSX-T automates network services (distributed switching, routing, firewalling, load balancing/ingress, IPAM), and applies associated firewall policies directly at the pod level as soon as the cluster is spun up using standard Kubernetes commands. This level of simplicity and automation helps manage Kubernetes and the underlying software-defined data center (SDDC) infrastructure providing a common framework for virtualization admins and developers.

Feature Highlights Continue reading

3 Ways to Learn More About Intrinsic Security at RSAC 2020

Last year, we introduced powerful new innovations that make networking more secure and intrinsic to your infrastructure. These innovations included our Service-defined Firewall and introduction of optional distributed intrusion detection and prevention (IDS/IPS).

At RSAC 2020, VMware is making it easy to learn how intrinsic security can benefit your business with opportunities to engage us in 1:1 conversations, view demos and more.

Here are 3 ways that you can learn more about intrinsic security at RSAC 2020.

1.) Join Tom Gillis’ Breakout session:  Unshackle Legacy Security Restrictions for 2020 and Beyond

Tom Gillis, SVP/GM of Networking and Security at VMware, will be speaking at the RSA Conference in a breakout session. His session covers data center and branch security approaches and will feature demos across the VMware security portfolio including NSX Data Center, VMware NSX Advanced Load Balancer, and VMware SD-WAN.

Be sure to reserve a seat for his session!

2.) Meet with VMware Security Executives

Schedule an exclusive conversation with a security executive to discuss how intrinsic security for your network and workloads can enable proactive security that’s easy to operationalize.

Meeting time slots are limited so request a meeting now.

3.) Visit the Continue reading

VMworld US 2019: Networking and Security Recap

VMworld US 2019 has come to a close. If you didn’t attend, don’t worry as we still have VMworld Europe right around the corner. Join us November 4-7, 2019 to hear experts discuss cloud, networking and security, digital workspace, digital trends and more!  Register for VMworld Europe now.

Below is a quick recap and resources to check out from VMworld US 2019.

Stats from VMworld US 2019

• For networking and security we delivered 91 Breakout Sessions + 2 Showcase Keynotes
  • VMware NSX-T – Getting Started was the second most played video post-VMworld!
• VMware NSX was the #1 attended Hands-On-Lab (HOL), and there was a total of 1,922 labs taken on NSX
  • 17,277 NSX networks were created at HOL
• VMware NSX Intelligence won TechTarget’s Best of Show award – Judge’s Choice for Disruptive Technology

Congratulations to our NSX Intelligence team: Anirban Sengupta, Umesh Mahajan, Farzad Ghannadian, Kausum Kumar, Catherine Fan and Ray Budavari.

Surprise guest Michael Dell stopped by the Solutions Exchange to check out demos of what’s new from the networking and security business unit demoed by Chris McCain.

Technical Networking and Security Sessions from VMworld US 2019

Below is a list of sessions that jump into the NSX Continue reading

Attend Future:NET 2019 – a Premier Networking Event

What is Future:NET?

Is it a thinktank? A forum? An incubator?

4 years ago VMware launched Future:NET with a simple idea of bringing together some of the brightest minds in networking together for an open and honest conversation about the future direction of networking.

While other networking conferences have been reduced to vendor showcases, Future:NET has banned product pitches in exchange for open debates that foster intellectual conversation among professionals across the industry.

Why Attend Future:NET 2019?

Come join us at Future:NET 2019, a premier networking technology event, where we are bringing together everyone from enterprises, startups, and academics to debate and challenge the status quo. Wizards may predict the future, but you should plan to come and play a key role with interactive sessions and network with your peers.

This year we are continuing the tradition of open conversation on technology shifts, the organizational challenges they bring and asking the question “are we really making things simple?”. Topics range from the emergence of XaaS, integrated operation models (SOCs vs NOCs), and the effect of 5G, LISP, and v6 on networking. Join experts from Microsoft, AWS, Stanford, and more as they drive deep technical discussions on the future of the Continue reading

Re-Introducing VMware AppDefense, Part I – Application Security in Virtualized and Cloud Environments

This blog will be part of a series where we start off with a basic re-introduction of VMware AppDefense and then progressively get into integrations, best practices, mitigating attacks and anomaly detection with vSphere Platinum, vRealize Log Insight, AppDefense and NSX Data Center. Before we get into the meat of things, let’s level-set on a few core principles of what VMware believes to be appropriate cyber hygiene. The full white paper can be viewed here.

1. Follow a least privileged model
   • The principle of least privilege is the idea that at any user, program, or process should have only the bare minimum privileges necessary to perform its function. For example, a user account created for pulling records from a database doesn’t need admin rights, while a programmer whose main function is updating lines of legacy code doesn’t need access to financial records. The principle of least privilege can also be referred to as the principle of minimal privilege (POMP) or the principle of least authority (POLA). Following the principle of least privilege is considered a best practice in information security.
   • The least privilege model works by allowing only enough access to perform the required job. In an IT environment, adhering to Continue reading

Securing your SWIFT environment with VMware

The SWIFT Controls Framework was created to help customers figure out which controls are needed to better secure their SWIFT environment.  The SWIFT security controls framework is broken down into objectives, principles, and controls.   The three objectives are “Secure your environment, Know and Limit Access, and Detect and Respond”.

Customers interested in exploring VMware product alignment with the SWIFT framework should evaluate the end-to-end solution. This includes VMware products, as well as other technology that support a customer’s SWIFT platform. The following is a high-level alignment of some of the SWIFT framework controls and VMware products.

VMware Product Alignment with SWIFT Objectives

Restrict internet access & Protect Critical Systems from General IT Environment

As part of a SWIFT deployment, a secured and zoned off environment must be created. This zone contains the SWIFT infrastructure that is used for all SWIFT transaction.  Two SWIFT Principles that we will discuss are

• Protect Critical Systems from General IT Environment
• Detect Anomalous Activity to Systems or Transaction Records

These controls are required to be enforced on the SWIFT infrastructure.  SWIFT requires that all traffic from the general IT infrastructure to the SWIFT zone be as restricted as possible.   They also Continue reading

Introducing the Virtual Cloud Network Readiness Assessment

Is your network ready for applications, automation, multi-cloud, containers and more? Here’s a truth bomb for you: the network that got us here today is not sufficient for tomorrow. Sorry to be sardonic, but here are the facts: today, new business models, cloud adoption, and the explosion of connected devices are now must-haves for organizations that are prioritizing digital transformation initiatives. But legacy network approaches rooted in hardware just don’t cut it anymore; technology is rapidly shifting and improving at a rate that is undeniably fast. To keep up, modern networks must be able to support operations across data centers, multiple clouds, branch locations, and edge devices while prioritizing security for the ever-growing amount of application data that flows from every point within a network.

Despite these shifts and needs, many organizations do not have a unified approach to management, automation, and security. Do you know if your network does? Find out how software-first networking can transform your business.

Virtual Cloud Network Readiness Assessment

The Virtual Cloud Network Readiness Assessment can help you assess the current state of your network and security – for free.  By answering a few questions in this 10-minute survey, you’ll get a personalized report that Continue reading