Our Experience Day is a deep dive into operationalizing NSX. This half-day working session includes breakouts, workbook assignments (summaries, checklists, and Q&A), and deep discussions with peers. To realize the benefits of network virtualization, organizations will want to assess and execute an operational plan that spans across people, process, and technology. You and your organization can review the key assets below and make use of the best practices that make the most sense for your particular situation.
If you are interested in joining one of our sessions, please contact your NSX Sales Specialist or account System Engineer.
COMMUNITY
NSX Community at VMUG. Dedicated to network and security virtualization, a robust resource for individuals who are motivated to learn more.
For a limited time, join VMUG Advantage to get over $4000 worth of NSX training for only $2,800 (Until Aug 28). Includes NSX Install, Configure Manage On-Demand, VCP-Network Virtualization test prep and voucher, and much more.
TRAINING & CERTIFICATION COURSES
VMware NSX Training and Certification. Explore the expert NSX training & certifications from VMware.
SERVICES
Professional Services for Transforming Security. Get your team operational by Day 2 and ensure that you achieve measurable results.
Modern IT professionals face significant security challenges. As digital transformation continues to connect applications, users, and data in the cloud, perimeter security models that once offered businesses protection are no longer sufficient. Critical visibility into users and endpoints is missing, enforcing policies is difficult, and, in the meantime, cyberattacks are more sophisticated and costly than ever.
What do IT teams need to defend today’s applications, users, and data from potentially brand-damaging attacks?
That’s the question VMware experts will be tackling during our VMware EVOLVE Transform Security events, coming to a city near you. During these half-day, in-person events, you will learn how a ubiquitous software layer can help support the security challenges of the modern business.
VMware experts will guide you through how to:
Reserve your spot at an upcoming Transform Security-focused VMware EVOLVE event in your city:
The post VMware Evolve Transform Security is Coming to A City Near You! appeared first on Network Virtualization.
VMware NSX 6.3 for vSphere has achieved Common Criteria certification at the Evaluation Assurance Level (EAL) 2+ (view the certification report)(view the press release). This marks yet another milestone of our commitment to providing industry leading certified solutions for customers from federal departments and agencies, international governments and agencies, and other highly regulated industries and sectors. Along with FIPS, DISA-STIG, ICSA Labs firewall certification, and several other independent evaluations, the Common Criteria compliance accreditation validates NSX as a reliable network virtualization platform that satisfies stringent government security standards.
Common Criteria is an international set of guidelines (ISO-15408) that provides a methodology framework for evaluating security features and capabilities of Information Technology (IT) security products. It is mutually recognized by 26 member nations.
Regulatory compliance is one of the challenges faced by government IT departments in their efforts to modernize legacy systems, and Common Criteria is often required for procurement sales. The Common Criteria accreditation affirms that NSX for vSphere complies with the security requirements specified within the designated level and simplifies the introduction of NSX into government and highly regulated environments. NSX enables customers in the public sector to implement network Continue reading
One of the current challenges of data center security is the East-West traffic that has become so pervasive as modern applications communicate a great deal between their different components. Conventional perimeter security is poorly placed to secure these lateral flows, to promote a zero-trust model in order to prevent threats moving within each application layer. VMware NSX addresses this, providing virtual firewall at the virtual NIC of each VM with a management framework where micro-segmentation is achievable with a sensible level of overhead. Check Point vSEC can be deployed in conjunction to provide threat and malware protection.
The VMware NSX Distributed Firewall (DFW) protects East-West L2-L4 traffic within the virtual data center. The DFW operates in the vSphere kernel and provides a firewall at the NIC of every VM. This enables micro-segmented, zero-trust networking with dynamic security policy leveraging the vCenter knowledge of VMs and applications to build policy rather than using IP or MAC addresses that may change. Tools for automation and orchestration as well as a rich set of APIs for partner and customer extensibility complete the toolset for security without impossible management overhead. While this is a dramatic improvement in the security Continue reading
You’ve likely heard it before: “All businesses are now digital businesses.” But since the business has expanded into digital space, shouldn’t something as critical as business security digitally expand too? That’s where the VMware ubiquitous software layer comes into play — sitting across the application infrastructure and endpoints, no matter where they are.
Now more than ever, it’s clear that security expertise is a must-have for IT. To further enhance your own security knowledge, make sure to join us at vForum Online on June 28th — right from your own desk. As our largest virtual conference, vForum Online is a must-attend event for IT professionals, and especially for those looking to improve their approach to security.
For returning attendees, you may notice we’ve made some alterations to the structure of vForum Online: Now, the conference is divided into several goal-oriented tracks, to ensure we’re aligned to your IT aims.
With this free, half-day event just a few weeks away, we’re counting down the days — and counting up all the reasons you should attend. Get a preview of these five security spotlights you can expect at the conference:
In our “Transform Security — Reduce Continue reading
In the previous blog, we investigated the basic feature set of NSX Load Balancing, some of the business reasons to use it, and deployed an ESG (Edge Services Gateway), the NSX load balancing platform. Today, we are going to setup our first virtual server. When we look at load balancing, it operates at the Transport layer or above of the OSI model and is inclusive of the network layer. In the most basic of terms, Load Balancing looks at a “session” from the transport layer and applies a load balancing algorithm and a NAT policy to the traffic. I put “session” in quotes because we can load balance both TCP and UDP based applications, but UDP does not have a stateful session, but we can still load balance UDP services.
Whenever someone has stated that and given application cannot be load balanced, I first ask them if the traffic can be processed by a NAT at either the client or server end. If the answer is yes, odds are that it can be load balanced with sufficient understanding of the application and the required ports, protocols and persistence to make the application function correctly. This is Continue reading
I’ve written several prior blogs on multi-site solutions with NSX-V discussing topics such as fundamentals, design options, multi-site security, and disaster recovery; see below links to review some of the prior material. In this post, I’ll discuss how VMware NSX-V and F5 BIG-IP DNS (prior known as F5 GTM) can be used together for Active/Active solutions where an application is spanning multiple sites and site-local ingress/egress for the application is desired. F5 offers both virtual and physical appliances; in this post I demonstrate using only the virtual (VE) F5 appliances. Big thanks to my friend Kent Munson at F5 Networks for helping with the F5 deployment in my lab and for providing some of the details to help with this blog post. This is the first of several blog posts to come on this topic. Continue reading
Summary: Municipality of Zoetermeer implements Zero-Trust model with VMware NSX-enabled micro-segmentation for advanced security inside data centers. Zoetermeer follows the Dutch BIG (Baseline Information Security Dutch Municipalities) regulations
Zoetermeer is a modern, fast-growing municipality in the province of South Holland. It provides local services such as water supply, sewage and garbage disposal to around 125,000 residents. As a forward-thinking organization, the municipality of Zoetermeer recognizes that the increasing volume of cyber attacks against organizations today has shown that traditional, perimeter-centric security models are no longer effective.
The municipality responded by working with VMware partner ON2IT IT Services on a solution that wouldn’t treat everything inside the network as trusted. Zoetermeer deployed VMware NSX® network virtualization to facilitate a Zero Trust security model. This Zero Trust model is enabled by the unique micro-segmentation capabilities of VMware NSX. Zoetermeer is now compartmentalizing different segments of its network and applying automated, fine-grained security policies to individual applications.
“The municipality of Zoetermeer is committed to delivering digital services to our citizens, and also digital tools to enable the best experience for our employees,” said Mr. Van Gaalen, IT Manager, Municipality of Zoetermeer. “But security must remain paramount. Thanks to VMware, we can Continue reading
With Memorial Day weekend coming up, for me, it’s all about hot dogs, hamburgers, and fast car racing. I am huge Formula 1 fanatic, but Memorial Day is a bonanza of racing from the F1 Monaco Grand Prix, to NASCAR’s Coke 600, and of course the Indianapolis 500 all on the same day! The raw speed and performance of these races remind me of a 2016 VMworld presentation (NET8030) on NSX performance.
The argument still comes up now and again that “hardware is faster than software.” Network guys like me just assume that’s true. So, it came as a surprise to me when I watched the session which turned that assumption on its head. In this session, the presenter demonstrated that software is faster than hardware, way faster. Of course, I was dubious at first but quickly learned that physical networking and virtual networking is like the difference between the pace car and the race car. I always assumed the physical switch was the race car, but in the throughput presentation, Samuel showed two VM’s running on the same host with NSX routing, switching, and firewalling between them could get up to 106G! This information surprised me. Sort of like the same experience I had Continue reading
Micro-segmentation with VMware NSX compartmentalizes the data center to contain the lateral spread of ransomware attacks such as WannaCry
On May 12 2017, reports began to appear of the WannaCry malware attacking organizations worldwide in one of the largest ransomware cyber incidents to date. The European Union Agency for Law Enforcement Cooperation (Europol) has reported more than 200,000 attacks in over 150 countries and in 27, with the full scope of the attack yet to be determined. Victims include organizations from all verticals.
WannaCry targets Microsoft Windows machines, seizing control of computer systems through a critical vulnerability in Windows SMB. It also utilizes RDP as an attack vector for propagation. It encrypts seized systems and demands a ransom be paid before decrypting the system and giving back control. The threat propagates laterally to other systems on the network via SMB or RDP and then repeats the process. An initial analysis of WannaCry by the US Computer Emergency Readiness Team (US-CERT) can be found here, with a detailed analysis from Malware Bytes here.
One foundational aspect of increasing cybersecurity hygiene in an organization to help mitigate such attacks from proliferating is enabling a least privilege (zero trust) model by embedding security directly into the data center network. The Continue reading
While the importance of the cloud is obvious to anyone, the increasing importance of the edge is often overlooked. As digitization and the Internet of Things are leading to an exponential growth in the number of devices, the amount of data that is being generated by sensors in devices such as self-driving-cars, mobile endpoints and people tracking systems for retail is astronomical. Analyzing and turning that data into immediate actions is key to success in the era of digitization. The cloud enables massive data storage and processing, but it does not always lend itself to real time processing and immediate actions. Latency and the sheer amount of data to be transmitted are much less of a factor for the edge compared to the data center. In order to make instant decisions, some of the data processing needs to happen at the edge. At the same time, a large number of employees no longer work form the corporate HQ, but have ever increasing expectations with regards to application access regardless of their physical location. Distributed computing across the edge, along with high performance cloud access and distributed security enforcement give organizations “the edge”. Centralizing management and operations with distributed control and Continue reading
No one looks forward to data center outages. Not the business leaders who fear revenue loss from applications being down, nor the heroic IT admin whose pager is going off at 3:00 AM. Therefore many critical data centers have a sister location and some form of a disaster recovery plan, should something go awry. At the same time, infrastructure teams are under pressure to be more agile and more responsive to the business, across the board, while still lowering costs and making the most out of what they already have. So what exactly happens in the case of a disaster?
The Ponemon Institute reports the average cost of a data center outage to be $740,357, but with massive variance – some known examples going up to $150 million. As businesses move to accelerate to keep up with changes in their industry, each minute lost to downtime can have an impact not only on company resources but also on brand reputation. This is why enabling business continuity or application continuity in a manner that doesn’t require new infrastructure is vital. VMware NSX can offer companies a competitive edge through networking and security Continue reading
The NSX Mindset: one’s mental capability to be a determined leader and catalyst for change in the way a company designs, implements, manages, and operates networking and security.
Change isn’t easy. Especially when it involves something personal. Unfortunately, though, it happens whether we like it or not. In the world of information technology change is upon us. IT Automation, micro-segmentation, application availability, and cross cloud services are no longer buzz words in marketing materials and executive meetings. These are realities designed and deployed in some of the world’s largest IT environments. The common thread among these concepts is the new capabilities in networking and security brought to life by VMware NSX.
VMware NSX is a platform for the next generation data center architecture. The capabilities are transforming the way enterprises approach traditional business problems and it is solving new business problems brought about by a company’s digital transformation.
As an IT professional your long term success hinges on your ability to adapt to new technologies and solutions. While VMware NSX is disruptive to the status quo, it is at the same time an opportunity for admins, engineers, and architects to become leaders Continue reading
Data Center cyber security is a fast-moving target where the IT teams need to constantly stay ahead of those that wish to do evil things. As security attacks can come from all directions, externally, and internally as well, the IT teams must fortify all the data, with a zero-trust security approach. Perimeter security augmented with intrusion detection and protection at the application level are the tools of choice for most data centers. This protects outsiders from getting in, as well as ensuring that the applications do not get impacted by a virus or other forms of malicious activities.
What has not been addressed is the intercommunications of applications amongst themselves, especially within the hypervisor layer, where virtual machines are communicating in an East-West traffic pattern. Traffic never hits the perimeter, and the conversations are happening several layers below the application layers where IDS sits. East-west traffic, from within the data center, has been an area overlooked as there is a gap organizationally. Simply put no one is paying attention to this area of vulnerability. The network infrastructure security teams are fortifying the perimeter, while the server teams are deploying IDS/IPS solutions. What has gone unnoticed is the East-West Continue reading
With the release of NSX for vSphere® 6.3, VMware has not only introduced several key security features such as Application Rule Manager and Endpoint Monitoring, which provide deep visibility into the application, and enable a rapid zero-trust deployment, but has also achieved Corporate Firewall Certification in independent testing performed by ICSA labs, a leading third-party testing and certification body and independent division of Verizon.
VMware NSX for vSphere 6.3 has been tested against an industry-accepted standard to which a consortium of firewall vendors, end users and ICSA labs contributed, and met all the requirements in the Baseline and Corporate module of the ICSA Module Firewall Certification Criteria version 4.2.
NSX is the only true micro-segmentation platform to achieve ICSA Firewall certification — with the NSX Distributed Firewall providing kernel-based, distributed stateful firewalling, and the Edge Services Gateway providing services such as North-South firewalling, NAT, DHCP, VPN, load balancing and high availability. VMware NSX provides security controls aligned to the application and enables a Zero-Trust model, independent of network topology.
The ICSA Firewall Certification criteria focus on several key firewall aspects, including stateful services, logging and persistence. ICSA also validates Continue reading
Today is “tax day” here in the United States where the deadline to file your personal income taxes is due and many of us are looking at our tax burden, investments, and how to deal with the 4 million words in the U.S. tax code. So why not take this day to compare the complexity of taxes with the complexity of traditional data center networking and security. If legacy networking is the 1040-long form then NSX is the 1040-EZ form. Akin to the questions I have for my tax advisor, I sometimes get questions from customers about NSX asking: “We don’t need micro-segmentation, we have VLANs and Firewalls”, or “We don’t need network virtualization, we can do that today with routers and switches…If have to have network hardware anyways, why do I need network software as well?”
So, in the spirit of Tax Day here in the US, let’s compare hardware and software to what they really are…investments. And yes, different investments are taxed differently. Let’s think of traditional networking as a 401K and NSX as a ROTH IRA. Both are investments, and both get taxed.
Being a product of the 90’s, one of my favorite past times was MTV’s “Unplugged” series. Whether it was Pearl Jam, or 10,000 Maniacs, or Eric Clapton, there was something about the acoustic, raw, uncut nature of the show that drew me in and made me look at my favorite bands in a new way.
This is much the same experience we had recently here at VMware, as the folks from Gestalt IT brought Networking Field Day’s traveling band of IT enthusiasts to our Palo Alto campus. What ensued was 4+ hours of insight, illumination, witty banter, and from time to time, downright theoretical disagreements about things as simple as semantics and nomenclature.
But out of it all came a great show – which just like with MTV Unplugged – was ultimately all that mattered. So grab your favorite beverage and snack, put on your stereophonic headgear, and listen to the VMware Team as they walk through VMware’s networking strategy, demos and product direction.
VMware NSX Vision and Product Overview with Milin Desai
VMware NSX Technology Overview with Ray Budavari
VMware NSX Automation with Ray Budavari
VMware Security with NSX Micro-Segmentation with Wade Holmes
VMware Day 2 Operations with vRealize Network Insight Continue reading
In my conversations with customers and peers, load balancing is becoming an increasingly popular discussion. Why you may ask? Simple, load balancing is a critical component for most enterprise applications to provide both availability and scalability to the system. Over the last decade we have moved from bare metal servers to virtual servers and from manual deployment of operating systems to using tools like Chef, Puppet, vRA or other custom workflows. In addition to the movement towards virtualization and the API being the new CLI, we are also seeing a movement to Network Functions Virtualization (NFV) where Virtualized Network Functions (VNF) such as routing, VPN, firewalls, and load balancing are moving to software. The value of automation, SDN, and NFV has been proven in the largest networks today and this migration to software has proven to have tremendous ROI. Many companies also want to leverage the same cost effective models. To get us started, here are the most common questions:
The University of Pittsburgh is one of the oldest institutions in the country, dating to 1787 when it was founded as the Pittsburgh Academy. The University has produced the pioneers of the MRI and the television, winners of Nobel and Pulitzer prizes, Super Bowl and NBA champions, and best-selling authors.
As with many businesses today, the University continues to digitize its organization to keep up with the demands of over 35,000 students, 5,000 faculty, and 7,000 staff across four campuses. While the first thing that comes to mind may be core facilities such as classrooms, this also includes keeping up with the evolving technology on the business side of things, such as point-of-sale (POS) systems. When a student buys a coffee before studying or a branded sweatshirt for mom using their student ID, those transactions must be facilitated and secured by the University.
What does it mean to secure financial transactions? For one, just as with a retail store operation, the University must achieve PCI compliance to facilitate financial transactions for its customers. What does this mean? Among other tasks, PCI demands that the data used by these systems is completely isolated from other IT operations. However, locking everything down Continue reading
Organizations across industries are embarking on their journey of Digital Transformation. Time-to-market has become very crucial to the bottom-line and companies need to accelerate their application/services delivery and go from concept to production in record time.
Organizations are embracing containers, micro-service based architectures, Continuous Delivery and Integration tools as they are completely trying to change how they develop, deploy and deliver applications.
However, moving from monolith application architectures to microservices-based ones is no ordinary feat.
Many of these organizations leverage Pivotal’s expertise to deliver a modern application development environment. Pivotal’s flagship cloud-native platform Pivotal Cloud Foundry provides a modern app-centric environment that lets developers focus on delivering applications with speed and frequency of delivery. To find out more about Pivotal Cloud Foundry, and the now generally available Pivotal Cloud Foundry 1.10.
Pivotal Cloud Foundry abstracts the underlying IaaS layer so that developers get a modern self-service application development environment, without worrying about the infrastructure. BOSH vSphere CPI plugin does a good job of consuming pre-created networks.
However, the truth is – “someone” always needs to do some provisioning – networks need to be carved out, load-balancers need to be configured, NAT rules need to be defined, reachability needs to Continue reading