Get In Touch

Our Blog

An ongoing series of informational entries

Distributed Firewall ???  Micro-segmentation with VMware NSX, Perimeter Firewall is no longer perimeter-centric.

April 10, 2016 at 5:25 PM

With VMware NSX Distributed Firewall the Perimeter Firewall is no longer perimeter-centric; the firewall exists in the entire DC (Data Center) or in Modern IT speaks – in the entire SDDC (Software Defined Data Center).

According to VMware, SDDC is the foundation for micro-segmentation with NSX. NSX is a network virtualization platform that provides network virtualization services that traditionally exist in physical network. In turn, network virtualization an abstraction of the physical traditional Data Center is the functional equivalent of the VM (Virtual Machine) an abstraction of the X86 physical servers. It is all abstraction. Modern IT is all about abstraction.

The use cases and outcomes achieved by organizations using NSX include: Distributed Firewall – Micro-segmentation with NSX, IT Automation and Orchestration, Optimization and Refresh and, Disaster Recovery (DR). However, the use case and outcome that totally resonated with me is Distributed Firewall –Micro-segmentation with NSX.

If you are like me, in a silo IT and a traditional IT distributed computing environment, you probably deployed an internal firewall in the server farm to minimize exposure of systems vulnerabilities to internal threat from shadow IT, the likes of rouge wireless access point, rouge web server , etc. etc.

Now, with NSX distributed firewall, this duplication of effort from provisioning a traditional IT internal firewall is eliminated by this transformational, innovative and zero trust model of security, translating to a significant Capex savings - no need to purchase another firewall router hardware and Opex savings – NSX firewalling is centrally managed. Because the firewall now lives in the hypervisor and firewalls rules are applied at the vNIC level of each VM; the firewall is everywhere and has moved inside the server farm to control the security for the East-West traffic.

Not to mention, the efficiency of a centralized management and distributed control of NSX distributed firewall. I am concerned to mention also that silo IT staff in traditional IT distributed computing environment will have to work together to realize the value-add from the efficiency of centralized management of NSX distributed firewall. Wait, API-level integration is available for advanced security (IPS, IDS, Anti-Virus, and Malware) offerings by VMware NSX partners. Go to www.vmware.com/go/NSX to learn more.