Solve Container Networking Challenges with NSX Container Plugin

By Susan Wu, Senior Product Marketing Manager and Yasen Simeonov, Senior Technical Product Manager, Networking and Security Business Unit

Kubernetes has become mainstream in the enterprise. In the latest Cloud Native Computing Foundation (CNCF) survey [1], 78% of the companies surveyed use Kubernetes in production. Containers are not only the norm but are running at scale with 34% of the organizations using 1,000 containers or more.

Given the rise in deployment, challenges remain as organizations attempt to operationalize Kubernetes.

Address Top Challenges in Containers Networking

With the latest release of VMware NSX-T and the NSX Container Plugin (NCP) we continue to address our customers’ top challenges such as security, complexity, and networking.

NSX provides the full stack networking and security across container orchestration platforms including VMware vSphere 7 with Kubernetes, Tanzu, OpenShift and upstream Kubernetes. NSX-T automates network services (distributed switching, routing, firewalling, load balancing/ingress, IPAM), and applies associated firewall policies directly at the pod level as soon as the cluster is spun up using standard Kubernetes commands. This level of simplicity and automation helps manage Kubernetes and the underlying software-defined data center (SDDC) infrastructure providing a common framework for virtualization admins and developers.

Feature Highlights Continue reading

NSX Distributed IDS/IPS is Generally Available

Most readers are already familiar with VMware NSX as a natural platform for intrinsic security in the data center. They understand that NSX’s service-defined firewall is enabling network and security operators to use a distributed software-based solution to replace centralized hardware-based deployments.

The intrusion detection and prevention system (IDS/IPS) functionality released with NSX-T 3.0 enhances the security capabilities of the service-defined firewall, enabling operators to address several additional use cases.

Top Use Cases for NSX Distributed IDS/IPS

Quickly Achieve Regulatory Compliance: Many data centers host sensitive applications that are required to meet HIPAA[1], PCI-DSS[2], or SOX[3] . Using NSX, network and security operators can now achieve compliance by enabling IDS/IPS, in addition to the firewall for any workload that needs to meet compliance.
Replace Discrete IDS/IPS Appliances: Operators virtualizing their data center networks can now replace discrete, centralized IDS/IPS appliances with NSX’s distributed implementation. In the process, with NSX they also consolidate firewall and IDS/IPS management. Since NSX’s security capabilities are in the hypervisor isolated from the workloads, attackers can’t tamper with them.
Implement Virtual Security zones: Some organizations need to establish direct network connections with partners or treat business units and subsidiaries as Continue reading

VMware Delivers NSX-T 3.0 with Innovations in Cloud, Security, Containers, and Operations

We are excited to announce the general availability of VMware NSX-T 3.0, a major release of our full stack Layer 2 to Layer 7 networking platform that offers virtual networking, security, load balancing, visibility, and analytics in a single platform. NSX-T 3.0 includes key innovations across cloud-scale networking, security, containers, and operations that help enterprises achieve one-click public cloud experience wherever their workloads are deployed. As enterprises adopt cloud, containers, and new applications, IT teams are managing more heterogenous and distributed environments that need to be secured, automated, and monitored. The need to run and manage workloads on all types of infrastructure, VMs, containers, bare metal across both private and public clouds, is greater than ever. Enterprises need end-to-end software-defined solutions to fully automate, connect, and protect all their workloads.

As a key component of VMware Virtual Cloud Network, VMware NSX-T 3.0 includes groundbreaking innovations that make it easier to replace legacy appliances that congest data center traffic, achieve stronger security posture, and run virtual Continue reading

How to Easily Secure Virtual Desktops for your Remote Employees

The COVID-19 pandemic has forced many organizations to shift their business online and their employees to work from home. As a result, business had to quickly adjust and scale up their infrastructure, sometimes with security as an afterthought.

Malicious actors are already taking advantage of this new reality by targeting the vulnerabilities commonly associated with employees connecting to corporate resources from their home environment. This includes social engineering and phishing campaigns, denial of service attacks, and exploiting vulnerabilities in home routers.

Secure VDI Environments with NSX

Providing employees working from home with secure and reliable access to their corporate resources and applications by the use of Virtual Desktop Infrastructure (VDI) helps our customers to reduce the impact on productivity and continuity as well as the risk associated with remote access to internal data.

In this blog post, I will cover a couple of use cases on how NSX can provide security for End User Compute and share some resources to help customers who are scaling up their VDI / remote desktop session host (RDSH) infrastructure to adapt to this new world in which vast numbers of employees are now working from home.

Protect Your Desktop Pools

The initial target of Continue reading

VMware Tanzu Service Mesh, built on VMware NSX is Now Available!

VMware marked its entry into the service mesh space with the announcement of VMware NSX Service Mesh. Today, we have some exciting developments to share. First, VMware NSX Service Mesh is now VMware Tanzu Service Mesh. This new brand aligns with the VMware Tanzu Portfolio for modern applications that we launched today. Second, and more importantly, we are announcing that Tanzu Service Mesh, built on VMware NSX is now available for purchase.

Tanzu Service Mesh provides consistent connectivity and security for microservices – across all your Kubernetes clusters and clouds – in the most demanding multi-cluster and multi-cloud environments. Tanzu Service Mesh can be installed in Tanzu Kubernetes Grid (TKG) clusters and third-party Kubernetes-conformant clusters, and used with clusters managed by Tanzu Mission Control (i.e., Tanzu-managed clusters) or clusters managed by other Kubernetes platforms and managed services.

Beyond its multi-cloud focus, one of the other differentiating characteristics of Tanzu Service Mesh is its ability to support cross-cluster and cross-cloud use cases via Global Namespaces (GNS). A GNS abstracts an application from the underlying Kubernetes cluster namespaces and networking, allowing you to transcend infrastructure limitations and boundaries, and securely stretch applications across clusters and clouds. Global Namespaces allow Continue reading

Tech Field Day #TFD21

We are expecting another action packed day and of course it will be streamed live from this blog. Don’t worry if the timings for the live event don’t work for you. We’ll record each session and embed here for easy Ondemand viewing.

The theme for the day is Modernize, Connect and Manage your Network. With representatives from across VMware including Cloud Foundation, vSAN, NSX and vRealize Network Insight (vRNI) we have all our bases covered.

Here is the latest agenda:

‘

The post Tech Field Day #TFD21 appeared first on Network Virtualization.

Forging A Path to Continuous, Risk-based Security with VMware NSX Service Mesh

The shift to multi-cloud, microservices-based architectures is well underway across enterprises. VMware NSX has long provided secure connectivity between private and public clouds while offering consistent policy management within hybrid cloud environment with our Service-defined Firewall. More than a year ago, VMware NSX-T expanded beyond just supporting ESX-based VMs to cover workloads running on bare metal servers, multiple hypervisors, and containers.

However, as the adage goes, the only constant is change. So, it goes with application architectures. As enterprises embrace cloud-native architectures, applications are becoming even more distributed and heterogenous. We see this particularly in some of our forward leaning customers – payment providers, financial institutions, retailers, technology vendors, etc. – are they’re driving us to further evolve our security thinking.

Customers are containerizing their new applications with Kubernetes, and exploring solutions such as VMware Tanzu, Project Pacific, Pivotal Cloud Foundry, and other platforms and managed services. They leverage a mix of open source and multiple SaaS services for various functions such as observability, analytics, and cost optimization. Yet, they also need to communicate with their existing VM-based applications. These customers want a common framework for identity, policy, and compliance, one that can deal with assets that are Continue reading

Postcard From San Francisco (RSAC 2020)

There was plenty to see and hear at this years RSA conference, not the least of which was the VMware announcement of a modern data center security solution for today’s private and public clouds

I can report there was brisk business at the the booth with plenty of questions on our solution. Booth duty is not everyone’s favorite but I always look forward to the opportunity to hear directly from customers. There are often questions we don’t have the answers to, but it helps us keep our focus in the areas that matter the most.

My colleague Vivek has already done a fantastic job blogging on our intrinsic security story and our announcements at this year’s event. I wanted to share some great explainer videos from our executive team.

Unshackle Legacy Security Restrictions for 2020 and Beyond

In this 20 minute video, Part#1, Tom Gillis, VMware SVP/GM of Networking and Security, covers how new data center and branch security approaches can prevent attacks in the enterprise.

Part#2 is a live demonstration of how to protect lateral traffic in the DC

In this second of two 20 minute videos, Tom is joined onstage by Continue reading

Announcing the VMware NSX vExpert Program

The VMware NSX team is excited to announce the new NSX vExperts program. If you’re not familiar with vExperts, the program is designed to recognize individuals who are passionate about sharing their knowledge on VMware technologies with the broader community. While the vExpert program has been around for over 10 years, this is the first year we’re introducing the NSX vExpert subprogram and badge.

What is an NSX vExpert?

Individuals awarded NSX vExpert status are the crème of the crop when it comes to their knowledge in NSX use cases like micro-segmentation, network automation, multi-cloud networking, service mesh and modern apps. They’re advocates of VMware NSX and love “giving back” to the community by sharing their knowledge with their peers— whether it be through blogging or public speaking at events like VMworld and VMUG.

Benefits of the NSX vExpert Program

Becoming an NSX vExpert is not without its perks. In addition to bragging rights and the cool badge, VMware will provide great opportunities to give you the recognition you deserve.

Here’s what vExperts gain:

Amplification of any articles you write
Exposure at VMware physical and virtual events
Opportunities to interface and provide feedback to the NSX product team
Invite Continue reading

Security that’s Designed for the Modern Data Center

The last 12 months have been incredibly exciting for the security business at VMware. Last year at RSA Conference 2019, VMware CEO Pat Gelsinger outlined our Intrinsic Security strategy in his keynote presentation, “3 Things the Security Industry Isn’t Talking About”. We also announced the VMware Service-defined Firewall, a stateful Layer 7 data center firewall. As pioneers of micro-segmentation, the Service-defined Firewall extended our leadership in protecting east-west traffic in the data center.

Later in the year, we announced two major acquisitions –Avi Networks and Carbon Black. The acquisition of Carbon Black brought to VMware an industry-leading endpoint security platform, and made the entire industry take notice of VMware’s intentions to transform security. With Avi Networks, we acquired a software-defined, elastic, and high-performance load balancer that comes equipped with a full-featured web application firewall (WAF). Maintaining the momentum in building out our security portfolio for the digital enterprise, we announced the VMware NSX Distributed Intrusion Detection and Prevention System which will bring advanced threat controls to the Service-defined Firewall.

At RSA Conference 2020, we are introducing VMware Advanced Security for Cloud Foundation, a modern data center security solution for today’s private and public clouds. This solution will include VMware Carbon Continue reading

3 Ways to Learn More About Intrinsic Security at RSAC 2020

Last year, we introduced powerful new innovations that make networking more secure and intrinsic to your infrastructure. These innovations included our Service-defined Firewall and introduction of optional distributed intrusion detection and prevention (IDS/IPS).

At RSAC 2020, VMware is making it easy to learn how intrinsic security can benefit your business with opportunities to engage us in 1:1 conversations, view demos and more.

Here are 3 ways that you can learn more about intrinsic security at RSAC 2020.

1.) Join Tom Gillis’ Breakout session: Unshackle Legacy Security Restrictions for 2020 and Beyond

Tom Gillis, SVP/GM of Networking and Security at VMware, will be speaking at the RSA Conference in a breakout session. His session covers data center and branch security approaches and will feature demos across the VMware security portfolio including NSX Data Center, VMware NSX Advanced Load Balancer, and VMware SD-WAN.

Be sure to reserve a seat for his session!

2.) Meet with VMware Security Executives

Schedule an exclusive conversation with a security executive to discuss how intrinsic security for your network and workloads can enable proactive security that’s easy to operationalize.

Meeting time slots are limited so request a meeting now.

3.) Visit the Continue reading

Network Field Day #NFD22

NSX: Networking and Security

Join us for #NFD22. The agenda is locked down and our in-house VMware experts are ready to go! They will be sharing their NSX know-how on the following:

Full-Stack Kubernetes Networking Services
Seamlessly automate micro-segmentation at scale with NSX Intelligence
Load balancing and Web Application Firewalling across any private or public cloud with NSX Advanced Load Balancer

Here is a snapshot of the agenda and demo times:

The post Network Field Day #NFD22 appeared first on Network Virtualization.

New ESG Study on Hybrid Cloud Adoption and Security

What Does the ESG Study Entail?

The Enterprise Strategy Group (ESG) study is based on primary research and aims to effectively derive IT insights in the areas of hybrid cloud, data center as a service, and data center security.

ESG conducted a research survey of 200 IT decision-makers directly knowledgeable about their organizations’ cloud priorities and perceptions. They analyzed the results and have compiled key results in this paper.

You can use the findings provided in this paper to understand the latest trends and challenges in cloud adoption and inform your own hybrid/multi-cloud projects and data center security strategy.

What Areas of Research Are Covered in This Paper?

Through the IT-targeted survey, the ESG analysts look into the prevalence of hybrid applications and related challenges. The survey also seeks to determine the market demand for Data Center-as-a-Service (DCaaS) now and over the next 3 years. In addition, the paper investigates how important E-W security is considered and contrasts it with the current actual levels of East-West (E-W) security policy enforcement, discussing the potential reasons behind the gap.

Here is a sample chart showing respondents’ opinions on E-W security on a 5-point Likert scale.

Where Can I Access the Paper?

Migration from VMware NSX for vSphere to NSX-T

Migration to VMware NSX-T Data Center (NSX-T) is top of mind for customers who are on NSX for vSphere (NSX-V). Broadly speaking, there are two main methods to migrate from NSX for vSphere to NSX-T Data Center: In Parallel Migration and In Place Migration. This blog post is a high-level overview of the above two approaches to migration.

2 Methods for VMware NSX Migration

Customers could take one of two approaches for migration.

In Parallel Migration:

In this method, NSX-T infrastructure is deployed in parallel along with the existing NSX-V based infrastructure. While some components of NSX-V and NSX-T, such as management, could coexist, compute clusters running the workloads would be running on its own hardware. This could be net new hardware or reclaimed unused hardware from NSX-V.

Migration of the workload in this approach could take couple of different approaches.

Cattle: New workloads are deployed on NSX-T and the older workloads are allowed to die over time.
Pets: Lift and shift workloads over to the new NSX-T infrastructure.

In Place Migration

There is simpler method though! A method that doesn’t require dedicated hardware. It’s an in place migration approach. Curious? This method uses Continue reading

Get Up To Speed on NSX Cloud with 5 Easy Resources

Over the last few years, as public and hybrid cloud adoption proliferated, organizations began looking for seamless and consistent manageability of their public cloud and private cloud workloads. This is one of the reasons why VMware brought NSX Cloud to the market.

Overview of NSX Cloud

In a nutshell, NSX Cloud provides consistent networking and security across hybrid and multi-cloud workloads. The key benefits and features of NSX Cloud include:

Single-pane-of-glass visibility
Essential networking capabilities
Consistent security policy
Granular micro-segmentation across on-premises and native public cloud environments such as AWS and Azure

NSX Cloud plays a key role in VMware’s Virtual Cloud Network vision of connecting and protecting workloads of all types (VMs, containers, bare metal) from data center to cloud to edge.

“With NSX Cloud, we got a very compact firewall policy—easy to review and easy to manage. The power, administratively, is that we go to one place to update our policy and when we publish it, it automatically deploys it to every cloud server instance. This was a big win for us.”

Brian Jemes, Network Manager, University of Idaho
VMworld US 2018, NET1516BU

Top 5 Resources on NSX Cloud

Here is a compilation of the Continue reading

VMware at Gartner IOCS

The speed and agility delivered by fast-moving cloud technologies and modern application architectures have become central to digital business transformation efforts. There is an emerging realization that IT infrastructure and operations (I&O) teams cannot continue to rely on proprietary, bespoke, and expensive hardware to perform data center functions like networking, security, and load balancing. These functions can be performed more efficiently at scale with distributed software running on x86 hardware while also achieving reduced complexity and cost.

VMware is excited to present this public cloud approach to infrastructure and operations at the Gartner IT Infrastructure, Operations & Cloud Strategies Conference next week, 9–12 December in Las Vegas.

Attend our Speaking Session

Tom Gillis, GM and SVP of VMware Networking and Security Business Unit, will deliver a session on Wednesday titled “A Public Cloud Experience Requires a Different Datacenter and WAN Design”.

Tom will talk about how you can bring the public cloud experience to your Data Center and WAN using a software-based, scale out architecture running on general purpose hardware. Purpose-built hardware designed for homogeneous environments simply cannot handle the fast-moving realities of today’s business priorities. Businesses shouldn’t have to carry the burden of exorbitant CapEx Continue reading

NSX Service Mesh on VMware Tanzu: CONNECT & PROTECT Applications Across Your Kubernetes Clusters and Clouds

Authors: Mark Schweighardt, Tom Spoonemore

Modern enterprises are sprawling and complicated. They are transitioning from private to public clouds to address, for example, performance, availability, and data residency requirements, and to gain access to advanced services such as analytics and ML. They are also transforming their application architectures from monoliths to distributed microservices.

In August 2019, VMware introduced VMware Tanzu, a new portfolio of products and services to transform the way enterprises BUILD modern applications on Kubernetes, consistently RUN Kubernetes across clouds, and MANAGE Kubernetes fleets from a single control point. This is a huge win for our customers: Using Tanzu Mission Control to consistently create and manage the lifecycle of Kubernetes clusters across any cloud.

But how do we consistently connect and secure traffic between the services distributed across all of these clusters and clouds, while delivering on application SLAs? Today we further develop this picture by introducing NSX Service Mesh on VMware Tanzu. NSX Service Mesh provides an application connectivity and security fabric that can span across all of your Kubernetes clusters and cloud environments. NSX Service Mesh allows you to:

CONNECT – Intelligently control and observe traffic and Continue reading

Announcing VMware NSX Distributed IDS/IPS

Six years ago, VMware pioneered the concept of micro-segmentation to stop the internal, lateral spread of malware. We then launched the NSX Service-defined Firewall, an internal firewall that’s built into the hypervisor, distributed, and application aware. Shortly thereafter we introduced NSX Intelligence to automate security rule recommendations, streamlining the deployment of micro-segmentation.

Now we are announcing that we will be taking internal security to the next level by introducing optional Intrusion Detection and Prevention (IDS/IPS) for our Service-defined Firewall. Built on the same philosophy, the new NSX Distributed IDS/IPS will allow enterprises to fortify applications across private and public clouds.

VMware’s Security Is Intrinsic. Here’s What That Means.

Intrinsic Security is security that’s built in, not bolted on. And that makes it better.

Intrinsic Security Built in not Bolted On

When security is bolted on, it’s never as good as built-in security. Imagine an apartment building where you add the alarm system, the security cameras, and the fire escape after the fact. It looks awkward and doesn’t work that well, either.

Security Built in Differently

But when you design those things in upfront, the effect is completely different. Everything just works better, as parts of a whole system. The same thing is true for security.

More importantly, when you build in Continue reading

NSX Cloud – Choice of Agented or Agentless Modes of Operation

VMware NSX through its NSX Cloud offering enables customers to implement a consistent networking and security framework for workloads hosted across on-premises data center (DC) and public clouds such as AWS and Azure.

Every cloud orchestration and management tool, immaterial of what use case it has set out to solve has one question to answer: If it is an agent-based solution or an agentless solution. More often than not, the answer to this question has direct implications for the ability of the cloud admin team to deploy and manage the solution.

But, do we really have to choose?! What if we can have both agented and agentless modes of operation?! That’s the question we asked ourselves with VMware NSX and here we are with NSX-T 2.5.

Meet the New NSX Cloud Modes of Operation

What is NSX Enforced Mode?

NSX Enforced Mode provides a “consistent” security and networking policy framework between your on-premises DC and public cloud environment. You can have a unified–corporate-wide-firewall-policy which will be enforced as an NSX Policy, by having an nsx footprint inside each virtual machine running in the cloud.

Why is it Required?

Well, NSX architecture has 3 layers:

Management-plane
Control-plane
Data-plane

Visit the VMware Team at ONUG 2019 in NYC!

Come see VMware and the Networking and Security team at ONUG Fall 2019 in NYC, NY from October 16-17.

Why Attend ONUG 2019?

Join us in New York at ONUG Fall 2019 for an opportunity to meet the industry’s leading trailblazers and thought leaders, as they share their insights and ideas on Digital Transformation.

ONUG Fall 2019 is your chance to get access to the industry’s leading luminaries. We’ve assembled an amazing group of notable speakers from the Global 2000 and developed a jam-packed agenda, that includes:

Working Groups
Showcases
Proof Of Concept Sessions
Roundtable discussions

Topics Covered at ONUG 2019

The focus of ONUG Fall 2019 will be Building, Managing and Securing the Digital Enterprise, but we’ll be covering a range of topics that include:

Hybrid multi-cloud
A secure internet
Machine learning
Artificial intelligence
Automated and software-driven infrastructure
Software-Defined Wide Area Networking (SD-WAN) 2.0 and more

VMware Participation At ONUG Fall 2019

VMware is participating in multiple ways this week at the event. Many of the solutions from the networking and security team are represented, additionally our SVP + GM of Networking and Security Business Unit, Tom Gillis, hosted a security focused dinner last evening, and we Continue reading

« Previous 1 … 9 10 11 12 13 … 28 Next »

Archive