There are tremendous amounts of articles, case studies and news events about cyber security incidents in 2018. From retailers to healthcare to manufacturing, all industries have been affected by this phenomena. The bad news, it is only going to get worse. I am an optimist, however, looking at trends and threat landscapes, there is no peace of mind unless you have an ultra-secure environment and in-depth training curriculum for your employees. Not a lot of people will tell you this, and by no means am I degrading anyone’s intellectual ability. When it comes to cyber security, the weakest link is human interaction. What does this mean? It simply means, it takes a human to execute an application or navigate to a malicious website -minus scripting for those saying nuh uh. There is hope though!
A product that has been around for a while, has stood the test of many case studies and continues to improve. That product is VMware’s NSX. NSX simplifies an environment from infrastructure to routing and switching. All components are included to make an environment secure, stable, elastic, did I mention secure. NSX is simple to configure, but you may want a professional to get you started. Anything that is simple to run and is automated takes some expertise to get started. Once the basics are installed, the possibilities are endless of what you can do with NSX.
Multiple roles are shipped with NSX: micro-segmentation, VPN-SSL, L2/L3 switching, zero-trust DMZ and load-balancing. All the roles above can help consolidate and secure your virtual environment. Micro-segmentation is a way of implementing ACL’s on your virtual workloads, for instance, preventing unauthorized access to a database server via a web server. You can segment traffic based on roles or importance of workload. Micro-segmentation plays very well with VDI workloads. vRealize Network Insight will help you determine to what extent your virtual machines are communicating with each other, across the network and on the Internet. VPN-SSL, another security mechanism allows your remote users to access company resources. L2/L3 (layer 2 [switching] and layer 3 [routing]) allows you to expand the capabilities of your physical environment and create virtual interfaces and virtual networks (not to be confused with VLAN). Essentially, you can decrease your TCO and increase your ROI by implementing a single router at the edge then utilizing VXLAN capabilities in to the VMware environment, thus removing your physical switches. Zero-trust DMZ, again, a security feature, forces all traffic to be inspected whether trusted or not. A good case-study for this is an acquisition of a company, you have the company trust, but their environment may be configured in a way you are not comfortable with. While I am on the topic of an acquisition, lets say the company you just acquired uses the same IP scheme you do, this will invariably cause IP conflicts, but using the routing and switching mechanisms in NSX, on both sides, will allow you to have end to end connectivity without issues! Load balancing can also be classified as an additional security mechanism, but some think it is just for performance. Yes and no, the “reverse proxy” feature in load balancing prevents a malicious attacker from accessing the contents of the web server. And yes, load balancing will also increase your website or application up-time to increase performance and productivity, thus increasing your bottom line! As I stated above, NSX can reduce your TCO and increase your ROI and also help to minimize the likelihood of your company or assets being infiltrated or attacked by a malicious party. One final feature, not mentioned above is the ability for NSX to tie in with VMware on AWS, coupled with RecoverPoint 4 VM or SRM will give your business the high availability it needs in the event of a data center blackout.
If you, as a CIO, CSO, IT Director, IT Manager or Network Engineer would like to hear more about the wonders of NSX (there are plenty more), please contact me via LinkedIn.
Jonathan Ingram was a Solutions Architect now he and his family own Premier Broadband & Consulting, LLC. a managed services company specializing in servers, storage, networking, cybersecurity, and services. He has designed and deployed NSX numerous times and is a 2xVCP (Network Virtualization and Datacenter Virtualization).
Comments are closed