Learn How to Conquer Lateral Cybersecurity Risks at RSAC 2023
In a world without neatly defined network perimeters, lateral security—means detecting and mitigating threats from malicious actors who are already inside your network—is the new front in cybersecurity. To detect lateral threats, businesses need comprehensive visibility into what’s happening inside their IT estates, not just around them. They need to see every packet and every process at every endpoint.
At the upcoming RSA conference in San Franciso, we’ll be highlighting how VMware technologies like Project Northstar help organizations conquer lateral security threats. Keep reading for a sneak peek of what to expect from the VMware team at the event, and join us at RSA Conference from April 24-27 2023 at Moscone Center, North Expo Booth#5644 in San Francisco to check out the latest innovations in cloud networking and security for yourself.
Lateral Movement is the New Cyber Battleground
VMware security strategy consists of five key pillars, and we’ll be showing off all of them at the RSA Conference:
- Networking Security with NSX
- Carbon Black XDR
- Secure the Hybrid Workforce
- VMware SASE and SD-WAN
- Modern Apps Security
We’ll demonstrate these concepts at our booth by walking visitors through use cases and demos, allowing attendees to explore Lateral Security defense strategies Continue reading
Announcing VMware HCX+ Initial Availability
If you had to sum up multi-cloud management in a single word, “complex” would be a fair choice. Although multi-cloud strategies vary from one organization to the next—i.e., some use a mix of public and private clouds while others might use only public or only private infrastructures—all multi-cloud architectures significantly increase the complexity and challenges that IT organizations must navigate.
Today, we’re excited to announce a new offering, HCX+, designed to help mitigate the challenges of thriving in a multi-cloud world. By helping to streamline and accelerate workload migration and mobility between on-premises, public cloud, and private cloud environments, HCX+ simplifies complex processes like data center modernization, hardware refresh, data center consolidation, data center evacuation, cloud migration, data center extension, cloud bursting, and cloud rebalancing.
Keep reading for an overview of the major benefits and features that HCX+ brings to the table.
Announcing HCX+ Initial Availability
HCX+, which is in initial availability as of today, is a SaaS-based workload migration and mobility service from VMware that provides centralized management, orchestration, and observability for migration, repatriation, and rebalancing initiatives across multi-cloud environments.
HCX+ builds on VMware’s existing HCX solution, enabling easier and faster configuration and operability. With HCX+, migration Continue reading
Protected: NSX Multi-Tenancy Journey
The post Protected: NSX Multi-Tenancy Journey appeared first on Network and Security Virtualization.
Securing the NSX management plane against exploits
Helping organizations protect their assets and infrastructure from evolving attack tactics and techniques is a priority at VMware. API-focused ransomware attacks have become an all-too-common trend, and we recommend that customers take extra care to reduce their attack surface by deploying NSX Manager — and any other manager console — in a hardened manner.
Management infrastructure and common services typically allow broad access to other potentially more valuable resources within an organization, which in turn provides malicious actors with convenient platforms from which they can launch more damaging attacks. To manage that risk, VMware recommends the following steps to protect your management networks and services deployed within those networks:
- Do not expose NSX Manager to the internet: Like any other management console, NSX Manager should be installed within your internal network and accessed remotely only through a secure VPN connection.
- Use strong authentication methods: Ensure that strong authentication methods, such as multi-factor authentication, are used for all NSX Manager logins.
- Use secure communication protocols: Use secure communication protocols, such as SSL/TLS, to protect the communication between NSX Manager and other components in the environment.
- Implement network segmentation: Segment the network to limit the Continue reading
Introducing New Networking and Advanced Security Capabilities in NSX 4.1
We’re delighted to announce the general availability of VMware NSX 4.1, a release that delivers new functionalities for virtualized networking and advanced security for private, hybrid, and multi-clouds. This release’s new features and capabilities will enable VMware NSX customers to take advantage of enhanced networking and advanced security, increased operational efficiency and flexibility, and simplified troubleshooting.
Read on to discover the key features in the latest NSX release.
Stay Ahead of Threats and Safeguard our Network
Uncover Every Threat
NSX 4.1 introduces a new feature that allows the sending of IDS/IPS logs from the NSX Gateway firewall (GFW) to our Network Detection and Response (NDR), which is part of VMware NSX Advanced Threat Prevention (ATP). This new functionality is complementary to our existing NSX Distributed Firewall (DFW), which has had IDS/IPS logs sent to the NDR for quite some time now. With this new feature, NSX 4.1 customers can gain a more comprehensive view of network activity, allowing faster and more effective responses to threats. By analyzing IDS/IPS logs from GFW and DFW in combination with our Network Traffic Analysis (NTA) and Sandboxing, our NDR system can correlate events and identify attack patterns, providing a complete picture Continue reading
Join VMware Networking and Security at Mobile World Congress
VMware NSX Powers Service Acceleration and Energy Efficiency for VMware Telco Cloud Platform
Mobile World Congress 2023 is upon us and that means new features and cool innovations to help telcos manage their increasingly complicated 5G networks. This year, we are focused on building smarter networks and increasing telco efficiency. These networks are expanding the concept of network functions virtualization (NFV), introduced over 10 years ago, to build a virtualized software-defined architecture with virtual network functions (VNF) and cloud-native network functions (CNF).
Modern telco networks depend on flexibility, scalability and security. The network demands constantly change requiring an integrated orchestration and automation strategy across different services and technologies. All of this needs to be done with an eye on efficiency, optimizing the human resources along with the energy and infrastructure requirements. VMware NSX platform is a key technology to enable these benefits.
The VMware Telco Cloud Platform is designed to address these challenges that Communications Service Providers (CSPs) face. The Telco Cloud Platform is a solution that integrates key VMware components (vSphere, vSAN, and NSX) to create a cloud and virtualization architecture for 5G core networks and their VNF/CNF environment. VMware NSX powers the Telco Cloud Platform to provide telco-grade Continue reading
A Closer Look at Our Demos at Mobile World Congress 2023
A Closer Look at VMware Networking and Security Demos at MWC 2023
Efficiency, scalability, and security are critical for modern telco networks. Operating modern 5G network infrastructure requires the ability to manage complex network operations across large-scale multi-cloud and edge environments while also meeting complex security requirements.
The VMware Telco Cloud Platform was built from the ground up to help Communications Service Providers (CSPs) meet these challenges. It combines the capabilities of VMware’s cloud infrastructure and network virtualization software (VMware vSphere, vSAN, and NSX) with a set of networking, security, and management tools built for the telco industry. The platform helps CSPs deploy and manage virtualized network functions and containerized network functions (VNFs and CNFs), reduce costs, and enhance network security while enabling new revenue-generating services.
VMware NSX: Integrated Layer 2 to Layer 7 Platform for Telco Networking and Security Services
At MWC 2023, the VMware team will demonstrate four key use cases for the VMware Telco Cloud Platform.
Demo 1 – Network Acceleration for 5G Workloads using SmartNIC for NSX
Networking and Security performance acceleration powered by Data Processing Units (DPUs) enables a telco-grade virtualized 5G infrastructure. VMware is announcing the General Availability of DPU-based acceleration for NSX Continue reading
Discover Cloud Networking and Security with VMware at Mobile World Congress 2023
They say you should work smarter, not harder. We agree, which is why we’ll be showcasing work at MWC 2023 that brings efficiency and intelligence to modern networking designed to help businesses thrive in the digital era through telco-friendly, smarter networking solutions.
Keep reading for a preview of what to expect from the VMware Networking and Security team at the event – and join us in person in Hall 3, stand 3M11, to check out the latest innovations in cloud networking and security for yourself.
Smarter, More Efficient Networks
The overall vision that we’ll be displaying in Barcelona at Mobile World Congress from February 27 to March 2 focuses on two key concepts – increasing network efficiency and generating value through smart networking solutions.
Specifically, we’ll be displaying:
- Technology that enhances the Telco Efficiency of Communications Service Provider networks by guiding customers in boosting network density and reducing energy usage. Visit our booth to learn how optimizing the technology stack helps cut costs and enhance service flexibility.
- Solutions for building Smarter Networks by leveraging breakthroughs in RAN to Edge to Core Networks and creating programmable settings that Communications Service Providers can leverage to provide advanced next-generation services. These elevated service Continue reading
Tanzu Service Mesh Security Enhancements using Confidential Computing
Performance and Security Optimizations on Intel Xeon Scalable Processors with Intel SGX – Part 3
Contributors
Andrew Babakian — VMware
Saidulu Aldas, Ramesh Masavarapu, Sakari Poussa, Tarun Viswanathan — Intel
Introduction
Intel and VMware have been working together to optimize and accelerate the microservices middleware and infrastructure with software and hardware to ensure developers have the best-in-class performance and low latency experience for building distributed workloads. The focus is on improving the performance of crypto accelerations and making workloads more secure.
The Service Mesh architecture pattern solves many problems, which are well-known and extensively documented, and will not be central to this discussion. However, the focal point of this blog series will include the architectural challenges of Service Mesh in the following top focus areas:
- Performance
- Security
In Part 1 of this series, we looked at how Tanzu Service Mesh uses eBPF to achieve network acceleration. In Part 2, we showcased how Intel and VMware collaborated to accelerate Tanzu Service Mesh crypto use cases and improve the performance of asymmetric crypto operations.
In this Part 3 blog series, we will discuss one security challenge (concerning the service mesh private key protection mechanism) and our solution.
In the current Continue reading
Migration Coordinator with HCX – Simplified Workload Migration
With the NSX 4.0.1.1 release, Migration Coordinator adds two game-changing features that help simplify workload migration in the case of lift and shift migration mode. These features build on top of the User Defined Topology mode of migration and add one more config mode. Folks familiar with the User Defined Topology will find the workflow very similar with the added benefit of simplified workload migration, leveraging HCX.
In this blog post, we will look at this new feature and how to take advantage of it. Please check out the resource links for more information on Migration Coordinator. We will start with a high-level overview before digging into the details.
Migration Coordinator
Migration Coordinator was introduced with NSX-T 2.4 to enable customers to migrate from NSX for vSphere to NSX-T Data Center. It’s a free, fully supported tool that’s built into NSX-T Data Center. Migration Coordinator is flexible with multiple options enabling multiple ways to migrate based on customer requirements. The first release provided a way to migrate everything, including config, workloads, and hosts in place using the same hardware if the deployed topology matched the supported topologies. Starting with the NSX-T 3. Continue reading
Antrea Egress on vSphere 8 with Tanzu
Welcome to this new new blog post series about Container Networking with Antrea. In this blog, we’ll take a look at the Egress feature and show how to implement it on vSphere with Tanzu.
According to the official Antrea documentation Egress is a Kubernetes Custom Resource Definition (CRD) which allows you to specify which Egress (SNAT) IP the traffic from the selected Pods to the external network should use. When a selected Pod accesses the external network, the Egress traffic will be tunneled to the Node that hosts the Egress IP if it’s different from the Node that the Pod runs on and will be SNATed to the Egress IP when leaving that Node. You can see the traffic flow in the following picture.
When the Egress IP is allocated from an externalIPPool, Antrea even provides automatic high availability; i.e. if the Node hosting the Egress IP fails, another node will be elected from the remaining Nodes selected by the nodeSelector of the externalIPPool.
Note: The standby node will not only take over the IP but also send a layer 2 advertisement (e.g. Gratuitous ARP for IPv4) to notify the other hosts and routers on the Continue reading
Network Modernization Unlocks the Power of Modern Cloud Applications
This is a guest post from IDC Analyst Brad Casemore.
Modern applications are more distributed than ever before, deployed variously across on-premises data centers, public clouds (IaaS), private clouds, and edge locations, and sometimes delivered as SaaS. While the primacy of these data-centric applications is undeniable and will only grow with the rise of artificial intelligence (AI), a failure to ensure the modernization of underlying network infrastructure can compromise and constrain an organization’s application-driven digital strategies.
Needs of today
Network modernization, especially within the context of cloud-native architectures and multi-cloud strategies, cannot be an afterthought for rapidly digitizing enterprises. As applications become the powerhouse behind digital success and competitive differentiation, organizations should consider investing in software-defined network infrastructure.
A software-defined network infrastructure provides consistent network and security policies, operational simplicity, elastic scale, and ubiquitous visibility, with support for traditional and cloud-native applications spanning on-premises environments and clouds.
Preparing for tomorrow
Special consideration also must be given to the future networking needs of the organization, particularly in relation to how modern network infrastructure will provide inherent portable application layer networking for cloud-native applications through functionality such as ingress controllers, service meshes, and visibility into workloads Continue reading
Reference Architecture and Easy Deployment Design Guides – NSX 3.2 Update
We are excited to announce an updated version of the NSX Reference Design and the NSX Easy Adoption Design guide based on the generally available NSX-T release 3.2. NSX-T 3.2 is part of the recently released VCF 4.5 software bundle, making it a very popular release among our customers.
To support you in your network and security virtualization journey, we introduced the NSX-T reference architecture design guide on the NSX-T 2.0 release, showing how you should design your data centers with NSX-T. Over time we introduced additional design guides such as the NSX-T Multi-Location Design Guide (Federation + Multisite), the Easy Adoption Design guide, and the NSX-T Data Center and EUC Design Guide for more specific use cases.
These latest updates cover the new features included in the 3.2 versions and the design and implementation guidelines we developed working tightly with our customers on their NSX projects.
The NSX Reference Design guide version 3.2
This document is the most essential document for any NSX practitioner. Whether you are just starting with NSX or have already successfully implemented NSX in your environment, the NSX Reference Design guide provides a clear and detailed description Continue reading
Networking and Security in VMware Cloud on AWS: New Video Series
VMware Cloud on AWS provides a range of powerful security and networking capabilities. From enforcing granular security rules for traffic using NSX Advanced Firewall, to managing complex routes between your AWS environment and external resources via Transit Connect, there’s no shortage of tools available for supporting your business’s unique requirements when you leverage AWS as part of a VMware-based SDDC strategy.
To showcase some of the most powerful security and networking features of VMware Cloud on AWS, we’ve prepared a set of short videos where Ron Fuller, Senior Technical Product Manager at VMware, explains how the features work and how to get started using them. If you’re looking for a quick introduction to key security and networking concepts that impact VMware Cloud on AWS workloads, these videos are for you.
Keep reading for links to the videos, along with summaries of what you’ll learn from each one. We recommend watching the videos in order because Ron explains core Software-Defined Data Center (SDDC) concepts as he progresses through the videos, although viewers who are already familiar with SDDC may prefer to skip ahead.
Video 1: Introduction to Security Tools in VMware Cloud on AWS
Announcing Networking and Advanced Security Enhancement in NSX 4.0.1.1
We’re thrilled to announce the general availability of VMware NSX 4.0.1.1, another exciting release with updates in networking, security, and operations for private, public, and multi-clouds.
With this release, VMware NSX customers will be able to leverage accelerated NSX networking and security performance, enhanced network observability, and new network monitoring and troubleshooting features for increased flexibility.
NSX 4.0.1.1 will also deliver enhanced threat detection and prevention capabilities, helping customers bolster network defenses to block advanced threats from moving laterally across multi-cloud environments.
Read on to get the details on our latest NSX release.
Distributed Malware Prevention
The NSX Distributed Firewall has added malware detection and prevention support for Linux guest endpoints (VMs). Linux has become the most common operating system across multi-cloud environments, powering more than 78% of the most popular websites. With the recent emergence of more Linux-specific threats, and current malware countermeasures being mostly focused on addressing Windows-based threats, there is an imperative to address the specific security needs of Linux machines. Adding Linux to our prevention solution enables the NSX Distributed Firewall to provide more effective prevention coverage and fewer false positives across multi-cloud environments.
In addition, we expanded the Continue reading
Enhanced NSX Edge and Networking Services in NSX 4.0.1.1
VMware NSX 4.0.1.1 introduces exciting new capabilities and enhancements for virtualized networking and security for private, public, and multi-clouds. Check out the release blog for an overview of the new features.
Among these new features is NSX Gateway Stateful Active/Active Services. This feature delivers a key security enhancement, giving you the full power of the NSX Edge cluster for your services without worrying about bandwidth and CPU limitations. In this blog post, we’ll cover all the terminology you need to know for this new feature, as well as configuration and architecture, and design considerations.
Stateful Active/Active Services
Prior to VMware NSX 4.0.1.0, configuring NSX using any of the variety of NSX services offered by VMware required you to set up NSX Edge Gateways in Active/Standby High Availability mode. Under this configuration, traffic is forwarded through a single (Active) NSX Edge Node. So, when designing the architecture, you needed to be aware of the limits imposed by the Active/Standby mode on the bandwidth and CPU (Central Processing Unit) utilization of the node.
With the NSX 4.0.1.0 release of NSX Stateful Active/Active Services, this consideration no longer applies. This new feature makes it Continue reading
TLS Handshake Acceleration with Tanzu Service Mesh
Performance and Security Optimizations on Intel Xeon Scalable Processors – Part 2
Contributors
Manish Chugtu — VMware
Ramesh Masavarapu, Saidulu Aldas, Sakari Poussa, Tarun Viswanathan — Intel
Introduction
Intel and VMware have been working together to optimize and accelerate the microservices middleware and infrastructure with software and hardware to ensure developers have the best-in-class performance and low latency experience when building distributed workloads with a focus on improving the performance, crypto accelerations, and making it more secure.
In Part 1 of this blog series, we looked at how Tanzu Service Mesh uses eBPF (in a non-disruptive manner) to achieve network acceleration by bypassing the TCP/IP networking stack in the Linux kernel and we loved the interest shown and feedback we got for that. In this Part 2, we will deep dive and showcase how Intel and VMware have been working together to accelerate Tanzu Service Mesh (/Istio) crypto use-cases (mutual TLS use-case) and improve the performance of asymmetric crypto operations by using Intel AVX-512 Crypto instruction set that is available on 3rd Generation Intel Xeon Scalable processors.
Security is one of the key areas that service mesh addresses. In Tanzu Service Mesh, there are multiple security features that are Continue reading
Announcing Project Northstar: SaaS delivered Multi-Cloud Networking and Security
Multi-cloud architectures are becoming an increasingly central part of enterprise strategies delivering applications reliably. In a VMware Digital Momentum Study of enterprise technology decision-makers, nearly 73% report they are standardizing on multi-cloud foundations to operate applications and infrastructure1.
Multi-cloud infrastructure offers many benefits – such as the ability to scale quickly and increase reliability. By extension, multi-cloud deployments can help businesses:
- Innovate and transform the customer experience
- Scale and grow the business
- Empower employee engagement and productivity
Yet, from an operational and technology perspective the multi-cloud presents a major challenge: Complexity. Rapid innovation and growth require the ability to deploy and manage workloads in any public cloud while providing the required service availability and scale. However, managing workloads and infrastructure on multiple clouds at once significantly increases the complexity of the network architecture connecting these applications and clouds. It also requires businesses to deploy complex security rules to protect lateral network traffic while having to rely on limited workload mobility and visibility and threat detection capabilities that do not scale.
Successfully adopting a multi-cloud infrastructure requires a means of taming the complexity that is inherent to multi-cloud.
Introducing Project Northstar
We are introducing Project Northstar, a new technology preview, Continue reading
Announcing DPU-based Acceleration for NSX
We’re delighted to announce that VMware NSX can now leverage DPU-based acceleration using SmartNICs. This new implementation allows VMware customers to run NSX networking and security services on DPUs, providing accelerated NSX networking and security performance for applications that need high throughput, low latency connectivity and security. The DPU-based implementation also enhances network observability across different workload types while simultaneously increasing the host resources available to applications.
DPU-based Acceleration for NSX is a result of Project Monterey, an initiative that VMware began two years ago. VMware is delivering on Project Monterey with VMware vSphere 8, announced this week at VMware Explore. Combined with other future innovations introduced by Project Monterey, such as the ability to support VMware Cloud Foundation (VCF) networking and storage for bare-metal workloads, DPU-based NSX acceleration will free up networking and security teams and developers more than ever from depending on generic host computing resources to power operations.
Figure 1: Solution Overview
While we’ll continue to offer full support for hypervisor-based NSX architectures, the option of running NSX on a DPU offers several major advantages for industries such as financial services, healthcare, government, and telecom providers that require accelerated network performance.
What is a DPU or Continue reading
VMware NSX Achieves Common Criteria Certification for Network Devices (NDcPP 2.2e)
We are excited to share that as of July 2022, VMware NSX-T version 3.1 has passed Common Criteria certification for Network Devices under Collaborative Protection Profile 2.2e, also known as NDcPP 2.2e. This is one of many testaments to our commitment to providing industry-leading certified solutions for customers from federal departments and agencies, international governments and agencies, and other highly regulated industries and sectors. Along with FIPS, DISA-STIG, ICSA Labs firewall certification, and several other independent evaluations, the NDcPP 2.2e certification validates NSX as a reliable network virtualization platform that satisfies rigorous government security standards.
VMware NSX 3.1 is now listed:
- National Information Assurance Partnership, NIAP, Product Compliant List https://www.niap-ccevs.org/Product/Compliant.cfm?PID=11217
- Common Criteria Recognition Agreement, CCRA, https://www.commoncriteriaportal.org/products/
- VMware NSX NDcPP 2.2e Certificate – https://www.commoncriteriaportal.org/files/epfiles/st_vid11217-ci.pdf
From the NIAP Security Evaluation Summary:
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the VMware NSX-T Data Center 3.1 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team Continue reading