Along with the advancements in context-aware micro-segmentation and network virtualization, we are also continually raising the bar on making VMware NSX simple to deploy, manage, and operationalize at scale – and that, of course, involves a responsive and easy-to-use HTML-based UI to access VMware NSX functionality.
With VMware NSX for vSphere 6.4.1, you can now access all NSX installation and security functionality through a responsive HTML-based vSphere Client, including Distributed Firewall, Service Composer, Application Rule Manager, and more. This modern interface does not have any dependencies on browser plugins (e.g. Adobe Flash), has a more minimalistic look-and-feel, and loads so much faster! Beyond the immediate aesthetic improvements, here’s a quick look at some of the key enhancements to how we’re simplifying the NSX user experience.
Given how feature-rich the NSX Firewall page is, our usability designers focused extra attention on streamlining the day-to-day tasks of creating, managing and troubleshooting firewall rules.
For starters, at the top of the Firewall page, we’ve introduced a new Status Bar and elevated table-level actions (like Publish and Save) to their own dedicated Toolbar. Now, at a glance, you can immediately Continue reading
Authors – Sridhar Subramanian and Geoff Wilmington
VMware NSX Data Center was built with the goal of consistent networking and security services independent of changing application frameworks or physical infrastructure. In the last couple of years, NSX Data Center has focused on delivering network and security abstractions for applications on any compute platform. In our journey, we have handled VM’s, containers, cloud, and now we are also looking to help our customers with scenarios where they need a unified experience for bare-metal workloads. The goal being to maintain a consistent security experience regardless of location or platform the workload is running on.
This experience means being able to take any workload, add it to an NSX Data Center Security Group and through the NSX Data Center Distributed Firewall have a consistent policy applied regardless of location and workload type. This consistent approach leverages the NSX DFW capabilities with stateful firewalling for the workloads. This is accomplished outside of using native OS capabilities like IP Tables or Windows Firewall so security admins only need to understand how to apply security through NSX DFW, and not have to understand the myriad of native OS approaches and complexity. By centralizing Continue reading
Welcome to Summer 2018! It’s been nearly one month now since our CEO Pat Gelsinger announced the Virtual Cloud Network vision at Dell Technologies world in Las Vegas. Essentially the reveal (in my personal opinion) was focused on raising awareness that VMware has now delivered to the market what many of you have heard for quite some time now as “the vision” for networking and security, whereas NSX has become an integral part of many various parts of your business:
Enter stage left, the Virtual Cloud Network. VCN builds upon the fundamentals you’re already familiar with from NSX—these include (but are not limited to) integrated security, consistent connectivity, and inherit automation, but really focuses on tying together an end-to-end architecture that allows our customers to deliver applications and services everywhere. Our customers have asked and we have listened… the demand for any infrastructure, any cloud, any transport, any device, and any application has drastically changed the landscape and technologies associated with building/architecting and having a modern enterprise network.
We’ve been quite busy over the past month with lots of interest coming from partners and customers wondering what this really means. Well today the wait Continue reading
What: Attend a half-day lecture and lab designed to get you started with Micro-segmentation and Multi-Site Cloud Networking (Disaster Recovery).
Why: Not only will you get a business and technical overview of NSX Data Center, you’ll also receive hands-on experience with the products. We’ll make sure you leave knowing how NSX can help secure and extend your network across multiple sites, and into the cloud.
VMworld is almost upon us! As the world’s premier digital infrastructure event, VMworld attracts the most talented professionals around the world who care deeply about virtualization and cloud computing.
If you’re new to VMware products and want to get a deep dive, take any of our newly released Hands-on Labs (including the extremely popular “NSX -Getting Started”) to get one-on-one guidance from VMware experts that you can bring back to your organization to hit the ground running. Hands-on Labs (HOL) are the fastest, easiest way to test-drive the full technical capabilities of VMware products for free and without needing to install anything.
As an added bonus, if you sign up for a qualifying Hands-on Lab, you’ll be entered to win an all-expenses-paid trip to VMworld US or Europe (up to $5,000 USD). The winner will not only rub elbows with the team that delivers HOL, they’ll also get VIP access to the “behind the scenes” command centers.
As a VMworld attendee and Hands-on Labs student, you’ll gain special access to the latest VMware technologies without being required to purchase equipment, Continue reading
As you may have read earlier this month, NSX Data Center and NSX SD-WAN by VeloCloud are part of the expanded VMware NSX portfolio to enable virtual cloud networking. A Virtual Cloud Network provides end-to-end connectivity for applications and data, whether they reside in the data center, cloud or at the edge. I wanted to follow up, and walk through an example using NSX Data Center and NSX SD-WAN of how one could build an end to end segmentation model from the data center to the branch.
Beyond lowering cost and increasing agility and simplicity of branch connectivity, one of the key values provided by NSX SD-WAN by VeloCloud is enterprise segmentation, which provides isolated network segments across the entire enterprise, enabling data isolation or separation by user or line of business, support for overlapping IP addresses between VLANs and support for multiple tenants. NSX SD-WAN provides this segmentation using a VRF-like concept with simplified, per-segment topology insertion. This is accomplished by inserting a “Segment ID” into the SD-WAN Overlay header as traffic is carried from one NSX SD-WAN Edge device to another Edge. Networks on the LAN-side of an NSX SD-WAN Edge with different Continue reading
It’s official: when it comes to security threats, the question IT teams should be asking is not if but when. VMware recently commissioned Forrester Consulting to evaluate how organizations are improving the security of their infrastructure through network virtualization and micro-segmentation. Analysis found that 92% of respondents reported having faced minor security incidents in the last 12 months alone, while 65% of respondents endured a major incident in the same time span. These figures seal the deal; the naïve days of preparing for potential issues are long gone. Cyber threats are real, imminent, and happen often.
Companies today attribute more of their security issues to improper network segmentation than to the volume of threats overall. In response, leaders across industries are turning to network virtualization – specifically the Zero Trust security model – as a key strategy in combating threats. This strategy posits that whether a network is labeled secure or insecure, both should be treated as equally vulnerable. Further, the Zero Trust model supports the argument that ”traditional, perimeter-based security configurations are no longer a sufficient measure for protecting the network, and highlights steps companies can take to better secure their network, starting with network virtualization Continue reading
This week at Dell Technologies World, Pat Gelsinger, VMware CEO, announced the new VMware NSX portfolio as part of the Virtual Cloud Network unveiling. The NSX networking and security portfolio provides consistent connectivity, integrated security, and the inherent automation to operate an end-to-end architecture that delivers applications and services everywhere. This innovative approach changes the way customers design and deliver services across their enterprises, and the NSX portfolio is the foundation upon which to build the Virtual Cloud Network. Leveraging the benefits of the cloud for the enterprise network is a fundamental shift from the past, where networking and security has relied on hardware-based appliances and features with limited automation abilities.
To support virtual cloud networking, organizations require a robust portfolio. Supporting our customers’ needs around any infrastructure, any cloud, any transport, any application, any platform, any device, we have been thinking about how we architect network elements that sit on top of those foundations. NSX has become a family brand to do just that from data center to cloud to branch Continue reading
Back at Interop Las Vegas in 2013, less than one year after VMware acquired Nicira, then VMware’s chief architect of networking Martin Casado stated what was probably the understatement of the decade: “it’s a very exciting time to be in networking.”
With the birth of software-defined networking, pioneered by folks like Casado, the industry entered into a transformation unlike anything we’ve seen since the invention of Ethernet. The entire industry — from fascinating start-ups to the big players — rushed to challenge networking’s historical operational model, leveraging the power of software to help move networking into the future. Customers have embraced this model, where they can not only provision networking components in minutes without the need to modify the application, but they can also deliver micro-segmentation and granular security to each individual workload. It’s become a huge part of the success story for our customers, our partners and VMware ourselves.
Since then, we have continued to build out the portfolio with Software-Defined WAN, multi-cloud networking, hybrid cloud connectivity and network operations management and visibility solutions. And this week at Dell Technologies World, our CEO Pat Gelsinger laid out the Virtual Cloud Network, our vision for a software-defined network architecture Continue reading
Boston City Hospital and Boston University Medical Center Hospital merged in 1996 to form Boston Medical Center (BMC). This 497-bed teaching hospital in the South End of Boston provides primary and critical care to a diverse population and houses the largest Level 1 trauma center in New England.
As a 24-hour hub for surgeries and life-sustaining medical care, BMC relies heavily on technology to support all operations, from appointment scheduling to vital health monitoring and imaging systems. Boston Medical Center has standardized on vSphere as a virtualization platform for its data centers. With their server infrastructure almost 90% virtualized, BMC uses VMware vCloud Suite, Site Recovery Manager, vRealize Operations Manager, and has recently added NSX to better secure its Epic Electronic Medical Records platform.
In 2015, BMC implemented the Dell DRIVE system, including VMware, to consolidate and digitize medical records storage and delivery on Epic. While the Epic records must be constantly accessible to health care providers, who require immediate access to essential patient information throughout the hospital system, those same records must also be protected from intrusion or misuse. According to David Bass, SDDC Engineer at Boston Medical Center, “The type of data that Continue reading
Traditional security solutions are designed to protect the perimeter. As applications and data are becoming increasingly distributed, they are often spanning not only multiple sites, but also multiple clouds. This is making it harder to identify where the perimeter actually is in order to secure it. But even if the perimeter can be reliably identified, securing it alone is not enough. The east-west traffic inside of the environment must be secured as well. VMware NSX makes security an intrinsic part of the infrastructure that applications and data live on, rather than a bolted-on afterthought; security is built in Day 0.
VMware created a Micro-segmentation Starter Kit to help you get started with securing your network from Planning to Enforcement to Troubleshooting. Each kit includes 6 CPUs of both NSX ADV and vRealize Network Insight ADV at 25% off the global list price.
In a previous post, I covered how to integrate NSX-T with VMware Identity Manager (vIDM) to achieve remote user authentication and role-based access control (RBAC) for users registered with a corporate Active Directory (AD) http://blogs.vmware.com/networkvirtualization/2017/11/remote-user-auth…-rbac-with-nsx-t.html/
On this post, I’m showing how add two-factor authentication (2FA) for NSX-T administrators/operators on top of that existing integration. Two-factor authentication is a mechanism that checks username and password as usual, but adds an additional security control before users are authenticated. It is a particular deployment of a more generic approach known as Multi-Factor Authentication (MFA).
Throughout this post, I’m providing step-by-step guidance on how to use VMware Verify as that second authentication. I will also highlight what would be different if using third party mechanisms. At the end of the post, you will find a demo showing how to do the configuration and how users authenticate once 2FA is enabled.
What is VMware Verify? Let me quote what my colleague Vikas Jain wrote on this post: “VMware Verify uses modern mobile push tokens, where users get a push notification on their mobile device that they can simply accept or deny. When the user’s device does not have cellular reception, Continue reading
Summary: VMware AppDefense continues to advance with new capabilities, new partnerships, international expansion, and increasing customer adoption
As worldwide spending on IT security continues to climb, the odds of falling victim to a data breach have risen to 1 in 4. Despite a multitude of security products on the market and large budgets to purchase them, businesses are not significantly safer. The commoditization of cyber crime has made it possible for virtually anyone with a computer to launch a sophisticated attack against a company and new attacks are being developed every day. This means the continued focus on chasing threats remains relatively ineffective to stamping out the broader challenges facing IT security.
This is a scary prospect for CISOs who are faced with securing the applications and data living in increasingly dynamic, distributed IT environments. And as more businesses embrace modern, agile application development processes, the problem of implementing security at the speed of the business is exacerbated – security is often seen as an obstacle to progress.
We created VMware AppDefense to address these very issues, with a unique approach that leverages the virtualization layer to protect applications by “ensuring good” rather than “chasing bad”. AppDefense leverages VMware’s Continue reading
Conference season is upon us, and the NSX team will be out in full effect. Join us at any of the following events to get a demo, ask us questions, and hear us wax poetic about all things security and network virtualization!
April 16–20, 2018
Moscone Center
San Francisco, CA
Booth #4101, North Hall
NSX is delighted to attend everyone’s favorite security conference, RSA. This year’s theme is “Now Matters,” aptly named in time with the astounding number of threats to cybersecurity and data breaches we’ve collectively seen in the news this year. That said, don’t miss a great talk on how app architecture “now matters” when it comes to transforming security by Tomrn, Senior Vice President and General Manager, Security Products, VMware. His session will be on April 17 from 1:00pm–1:45pm. The team will also be doing demos at the VMware booth (#4101 in the North Hall) – so be sure to swing by and chat with us about our offerings.
VMware Speaking Sessions at RSA Conference:
NSX Mindset Reception:
Join us for a NSX Mindset reception with VMware Continue reading
Do you want to maintain your network and security infrastructure as a code? Do you want to automate NSX-T? One more option has been just added for you!
Following my previous post about NSX-T: OpenAPI and SDKs you might have figured out how easy it is to generate different language bindings for NSX-T. Thankfully to this, we have generated Go Lang NSX-T SDK that we use as a foundation of the new NSX-T Terraform provider.
Terraform is an open-source infrastructure as a code software by HashiCorp. It allows creation, modification, and deletion of an infrastructure using a high-level configuration files that can be shared between team members, treated as a code, edited, reviewed, and versioned. These configuration files are written in HCL(HashiCorp Configuration Language) which is actually JSON with some fine-tuning. Plain JSON can be also used.
There are several important components in Terraform:
1. Providers are responsible for managing the lifecycle of the resources: create, read, update, delete. The Providers usually require some sort of configuration to provide authentication, endpoint URLs, etc. By default, resources are matched with the provider with the start of the name. For example, a resource nsxt_logical_switch is associated with provider called nsxt.
Example of Continue reading
Check out my prior below blogs here on VMware Network Virtualization blog on how NSX is leveraged in VMware Cloud on AWS to provide all the networking and security features. These prior blogs provide a foundation that this blog post builds on. In this blog post I discuss how AWS Direct Connect can be leveraged with VMware Cloud on AWS to provide high bandwidth, low latency connectivity to a SDDC deployed in VMware Cloud on AWS. This is one of my favorite features as it provides high bandwidth, low latency connectivity from on-prem directly into the customer’s VMware Cloud on AWS VPC enabling better and consistent connectivity/performance while also enabling live migration/vMotion from on-prem to cloud! I want to to thank my colleague, Venky Deshpande, who helped with some of the details in this post. Continue reading
Virtualization can be a tricky concept for some people to wrap their heads around. Trying to explain the functionalities and benefits of technology like VMware NSX can quickly devolve into techno-babble. With that said, we’re trying to take another approach—a more human approach. Below are three customer stories that emphasize a human-interest element behind network virtualization and showcase the power of technologies like NSX to better human lives.
When the technology leaders of Bloomington’s public schools started looking for a way to make advanced, enterprise-level computing and Internet services affordable to students, they went the co-op route and turned to IlliniCloud. IlliniCloud has proven to be a game-changer for a public education system in crisis. The co-op is transforming the technology infrastructures of not just Bloomington’s public school district, but every school district in Illinois with an affordable and efficient model that results in major cost savings for schools, along with upgrades in technology and aging infrastructures.
VMware is the backbone of IlliniCloud and a natural fit, according to Jason Radford, CTO of IlliniCloud: “VMware believed in the IlliniCloud. They gave us the tools that were Continue reading
Enterprise IT needs visibility into the network and security status of their workloads, whether hosted on premises, or within AWS. While many AWS workloads are sandboxes for application development teams (DevOps), it is important to analyze these workloads. Increasingly, public cloud workloads are also fulfilling mission-critical production needs for many organizations. Enterprise IT must be ready to determine the best location, security posture, and bandwidth allocation when deploying workloads. Having traffic pattern details as well as security analysis and recommendations readily available, helps organizations make the ideal hosting decisions to meet their business needs.
vRealize Network Insight (vRNI) Supports Amazon Web Services (AWS) Public Cloud. The vRNI traffic monitoring features provide visibility into native AWS constructs such as Virtual Private Clouds, VMs, Security Groups, firewall rules, and tags. vRNI also analyzes AWS traffic flows to provide security and micro-segmentation views of cloud workloads. This means you’ll be able to plan micro-segmentation and understand traffic patterns using data collected from your AWS instances.
Let’s review a simple Amazon Web Services (AWS) VPC setup to articulate the value vRealize Network Insight can offer from a Day 1 Day 2 perspective.
No other technology in recent history has experienced the growth rate that SD-WAN currently possesses. The buzz is high, the benefits are numerous, and its strategic position in digital transformation is critical. Enterprises are changing their legacy networks and dramatically improving the way they do business, offering next-generation technology today because of SD-WAN.
If you’ve asked these questions and want to understand SD-WAN better and determine if it’s a good fit for your business, sign up for our VeloCloud SD-WAN 101 webinar. Choose the date that works best for you!
This webinar will provide you with the essential information you’ll need to understand SD-WAN. You’ll learn how to leverage SD-WAN to improve and optimize your existing network to meet your business needs. And, you’ll gain a clear understanding of next steps in determining your path forward with SD-WAN.
Register today: http://www.velocloud.com/sd-wan-resources/webinars/sd-wan-101
The post Want to Learn More About SD-WAN? Register for Our SD-WAN 101 Webinar Series appeared first on Network Virtualization.