VMware NSX introduces micro segmentation into the network, giving organizations the ability to secure data against internal attacks.
In today’s environment, the network is hardened on the exterior to keep hackers, viruses, and malicious attacks at bay. While this is a very critical part in keeping a company’s infrastructure secure and operational, the flaw resides in the event that a breach occurs. Once on the inside of the perimeter firewall, most networks are not secure enough to keep intruders from exploiting resources. Currently, the only way to secure data inside the network is to send that data to the perimeter edge and utilize firewalls. By undoing this, burden is placed on the external firewalls and the network paths connecting them.
VMware NSX Micro SegmentationVMware NSX has introduced micro segmentation to help in the battle for securing the data center. Micro segmentation is the firewall strategy for the virtualized network that is deployed at the kernel level and applied to individual machines, securing data before it leaves the guest. This capability can ensure that web servers can communicate to application servers, application servers can communicate to database servers, but web servers cannot communicate to the database server. Also, traffic between VMs on the same host never have to leave the virtual switch. An organization is now able to harden and secure the network internally as well as from external attacks.
In the management console for NSX, firewall and security profiles are developed and deployed. These profiles can specify the ports, machines, applications, and networks that are approved or denied for data to traverse. Once a policy is deployed, every data packet that is transmitted from that machine has the rules policy checked and the destination is determined. That data is then routed to the approved destination and the destination checks that it has the appropriate policy to receive the data. If internal or external data is received at a machine that has a policy applied that does not pass the validation, those data packets are dropped.
We are one of a select few partners to hold VMware Network Virtualization status, which enables us to not only sell VMware NSX to enterprise customers, but also qualify for exclusive rebates and subsidy funds. To learn more about our VMware capabilities and accreditations, visit our
VMware solutions page or
contact a specialist today.
原文:
http://www.enpointe.com/blog/network-security-with-micro-segmentation-from-vmware
[
本帖最后由 linda 于 2015-12-31 17:50 编辑 ]
