Skip to main content
  1. Posts/

Microsegmentation with VMware NSX

·286 words·2 mins
Nsx-T Vmware Nsx Informational
Andreas Marqvardsen
Author
Andreas Marqvardsen
Always curious, always learning
Table of Contents

This post will go through one way of securing your workloads with VMware NSX. It will cover the different tools and features built into NSX to achieve a robust and automated way of securing your workload. It will go through the use of Security Groups, how they can be utilized, and how to create security policies in the distributed firewall section of NSX-T with the use of the security groups.

Introduction to NSX Distributed Firewall
#

If we take a look inside a modern datacenter we will discover very soon that there is not so much bare metal anymore (physical server with one operating system and often many services to utilize the resources), most workload today is virtualized. From a network perspective the traffic pattern has shifted from being very much north/south to very much east/west. A typical traffic distribution today between north/south and east/west is a 10% (+/-) north/south and 90%(+/-) east/west. When the traffic pattern consisted of a high amount north/south it made sense to have our perimeter firewall regulate and enforce firewall rules in and out of the DC and between server workload. Due to server virtualization a major part of the DC the workload consist of many virtual machine instances with very specific services and “intra” communication (east/west) is a large part. It is operationally a tough task to manage a perimeter firewall to be the “policy enforcer” between workload in the east/west “zone”. It is also very hard for a discrete appliance to be part of the context (it is outside of the dataplane/context of the workload it is trying to protect).. Will delve into this in more detail later in the article. Will also illustrate east/west and north/south traffic pattern.

Related

NSX Intelligence - quick overview
·90 words·1 min
NSX Vmware Nsx Vmare Nsx Intelligence Informational
When starting out a microsegmentation journey with VMware NSX it will be very important to have a tool that gives you all the visibility and insight you need.
My LAB
·174 words·1 min
This page will explain my lab environment, which is used in all the examples, tutorials in this blog.
VMware NSX IDS & IPS
·2186 words·11 mins
Netowkring Security Nsx Ids Ips Security
This post will go through the IDS/IPS built-in feature of the NSX distributed firewall.