Virtualization Security Just Got Easier

Chris Drake

Troubleshooting is never easy, but having to work through firewall issues also makes the process much more involved. That’s especially true if you have to bring in multiple people from multiple disciplines—and let’s not get started on having to request a configuration change.

The VMware NSX distributed firewall (DFW) makes this entire process much more manageable, thanks to tight integration with your existing or new vSphere installation. DFW also includes tools built to assist with mapping traffic paths and pinpointing any roadblocks preventing correct operation.

DFW technology has been specifically built for east-west traffic in a virtualized environment, enabling you to restrict or allow communication between resources before it even leaves the vSphere environment—thereby handling this security without the use of an external firewall. Additionally, this technology gives you the ability to visualize this traffic using tools such as trace flow, which shows the path taken by packets and any DFW rules blocking them. The best part? This information is presented to you in an easy-to-read format that is accessible via the NSX Manager GUI, which eliminates the need to sort through multiple log files to pinpoint potential failures.

Using NSX Intelligence in conjunction with the DFW provides even more monitoring and protection. This product not only monitors an NSX environment, but also visualizes the layout of in-place policies, groups, and services. The software also detects suspicious activity, giving you an at-a-glance view of your environments. Active monitoring of these items is just the beginning: NSX Intelligence then uses that collected information to recommend and even implement DFW rules based on your configuration and data, making sure all security changes pertain to your specific environment (and not just arbitrary metrics set by vendors).

With NSX, you can now truly manage the security of the vSphere ecosystem in an effective and straightforward manner, all while staying inside the bounds of the virtual environment. To get started, engage one of Connection’s many experts in the field to assist with implementation and fine-tuning customizations to your data center.

Chris Drake is a Lead Systems Engineer at Connection with more than 20 years of experience in storage, disaster recovery, virtualization, and cloud technologies. He holds several professional certifications, including dual VMware Certified Advanced Professional certificates in NSX, multiple VMware data center specializations, the Cisco CCNP Data Center, and AWS SA Certification.