One of the current challenges of data center security is the East-West traffic that has become so pervasive as modern applications communicate a great deal between their different components. Conventional perimeter security is poorly placed to secure these lateral flows, to promote a zero-trust model in order to prevent threats moving within each application layer. #VMware #NSX addresses this, providing virtual firewall at the virtual NIC of each VM with a management framework where micro-segmentation is achievable with a sensible level of overhead. Check Point #vSEC can be deployed in conjunction to provide threat and malware protection. The #VMware #NSX Distributed Firewall ( #DFW ) protects East-West L2-L4 traffic within the virtual data center. The DFW operates in the #vSphere kernel and provides a firewall at the NIC of every VM. This enables #microsegmented, #zerotrust networking with dynamic security policy leveraging the #vCenter knowledge of VMs and applications to build policy rather than using IP or MAC addresses that may change. Tools for automation and orchestration as well as a rich set of APIs for partner and customer extensibility complete the toolset for security without impossible management overhead. While this is a dramatic improvement in the security posture of most data centers, layer 4 policies may not prevent malware or other threats that propagate via standard, likely permitted, protocols. The NSX NetX API allows the insertion of 3rd party security services into the VMs network traffic flow, including streamlining the deployment of the partner solution and permitting sharing of security tags in order that dynamic security policy can still be used. Check Point vSEC integration with NSX automatically deploys a Check Point vSEC appliance to every host in a cluster then steers traffic to it within the host for inspection according to policy. The Check Point management server also connects to the vCenter API to retrieve vCenter constructs, for example, virtual machine folders.
https://blogs.vmware.com/networkvirtualization/2017/06/vmware-nsx-check-point-vsec.html/
No comments:
Post a Comment