VMworld 2015 kicks off this weekend in San Francisco and one of the big things attendees are anxious to hear more about is how organizations have started relying on VMware NSX as the centerpieces of their software-defined data centers.
In a recent interview with Virtualization Review, VMware CEO Pat Gelsinger shared that, “According to IDC, over 70 percent of midsize to large organizations will initiate major network redesigns over the next three years. We’re seeing that momentum today. Customers are increasingly seeking to transform their network and security operations due to the current limitations of the network architectures in their datacenters.”
NSX Network Virtualization as the foundation of a Software-defined Data Center (SDDC) is gaining rapid momentum. Trying to “lift and shift” existing legacy physical security to the software-defined data center has proven to be a big mistake. Virtualized environments require security that was built specifically to support them. NSX includes native security capabilities and platform level automation for security operations.
Yesterday’s Security Won’t Cut It
Traditional perimeter-based security models severely lack the capability to extend unit level protection to data center workloads and keep up with the dynamic nature of the cloud. This results in insufficient visibility into east-west traffic, and when malware makes its way into the data center, there is little control to block and isolate the attack inside the data center. Additionally, manual security configuration and patching remains one of the biggest areas of exposure for corporations as hackers are quick to exploit any holes they can find. And the dynamic nature of today’s data centers makes keeping up with basic security even more difficult as workloads are spun up and down and security policies have to be moved or reconfigured with the workloads.
Automating comprehensive security inside the data center
The VMware NSX networking and security platform combined with Trend Micro’s Deep Security enables customers to have the same high level of security that they have for perimeter defense inside the data center – in effect, moving the perimeter to the workload and making it possible to have security that not only works, but is also be flexible, scalable, efficient, and fast.
The joint solution extends micro-segmentation—isolation of virtual clusters of workloads, even to the individual VM level—via distributed firewalling made possible by NSX. Deep Security extends micro-segmentation via multiple security controls including IDS/IPS, anti-malware, virtual patching, URL filtering, file integrity monitoring, and log inspection. This approach reduces the attack surface within the data center vs. perimeter security.
Deep Security has long offered network and endpoint introspection through vSphere with the ability to easily provision existing and new virtual machines (VMs). New integration capabilities delivered through NSX automation and Service Composer will further streamline the provisioning and deployment processes, making insertion, orchestration, and scaling of Deep Security significantly faster and easier across your data center.
More efficient security
Through the use of a new common NSX tagging and orchestration framework, Deep Security services can be inserted as part of an automated, defined workflow for each security group, which is configured in NSX. The user can choose to automate real-time remediation and incident response during attacks. This reduces risk of human error in the configuration process and also prevents proliferation of threats that do appear in the data center by isolating them and removing them once detected.
The Automated Security Advantage
The Trend Micro Deep Security solution builds on the VMware NSX distributed service platform for automated insertion, deployment, and orchestration of security services in the Software-Defined Data Center. The NSX service composer allows Deep Security protections to be applied when and where they are needed for virtual machines and applications. NSX workflow automation allows Deep Security to scale on demand and manages dynamic responses to emerging threats. Integration with the NSX Service Composer simplifies security operations while improving visibility and coordinating activity with data center operations teams and application owners.
Integrate: Trend Micro Deep Security integrates with VMware vCenter and VMware NSX manager with a “wizard application” to collect connection information and authentication credentials. As an extension of NSX advanced security services, Deep Security is now a service, available to all ESX hosts, applicable to every virtual machine and virtual network segment. Now Deep Security can provide both NSX Guest Introspection and Network Introspection Services from the same security virtual appliance (SVA).
Deploy: Deployment of Deep Security is automated by NSX for each ESXi host of the cluster. As new hosts are added, NSX will automatically load the Deep Security Virtual Appliance on each new host—ready to provide protection to the virtual system and enforce defined security policy.
Automate: Deep Security services use VMware’s NSX (Service Composer) security groups for automatic workflow capabilities using Event-Based Tasks and service chaining.
Visit us at VMworld (Booth #1505)
We are excited to continue the conversation with lots of VMware customers starting this weekend in San Francisco. We hope to see you at our booth. Trend Micro is the experienced leader in server security and delivers a comprehensive security platform optimized for the VMware environment. Please join us in our booth (#1505) at VMworld for a personal demonstration showing how we can help secure your VMware deployments.
While at attending VMWorld, you are invited to attend the following speaker sessions:
Tuesday 5:00 – 6:00: SEC6319-SPO
Thursday 10:30 – 11:30: SEC5427
- From Architecture to Operations, Weaving Security into the Datacenter Fabric (Speaker: Trend Micro & Vmware)
For more details on Deep Security and NSX, get the solution brief here.