Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How secure is VMware NSX?

Using a network virtualization product such as VMware NSX can help administrators who want to be sure data won't leak from VMs.

What security capabilities are available in VMware NSX? Can third-party security features work with it?

Security is a crucial concern for any company that cannot tolerate data from one VM being accessed by another VM. When virtualization is extended to the network, allowing VMs and networks to be created, changed, scaled and reused across the entire data center, the possibility of opening up the data center to a security risk can be a source of concern for many virtualization administrators.

Products like VMware NSX provide a variety of security features designed to help protect the integrity of VMs and virtual network data. First, NSX provides isolation by default to prevent traffic from comingling among virtual networks; the same kind of isolation exists with VMs that share the same computing hardware.

VMware NSX can also segment virtual networks, using virtual firewalls or routers to allow or deny certain data movement between parts of the network. The advantage here is that segmentation rules are created when the virtual network is established, so the rule sets tend to be stronger and more appropriate than manually configuring traditional equivalent devices.

It's also worth noting that NSX is designed to support workload mobility, so if a VM moves, all of the rules for segmentation, firewalls or other services are updated accordingly and automatically, so IT administrators don't need to adjust rules each time a VM is migrated. Traditional physical networks don't do this, which is part of the reason physical network configurations become old and ignored and account for so many enterprise security breaches.

NSX also accommodates third-party security products, which can be inserted into security activities. This allows organizations to add or combine security features -- perhaps not native to NSX -- which meet the unique needs of each specific business or industry segment.

Ultimately, network virtualization is coming, and for larger organizations it promises to change the way that networks are designed and provisioned in much the same way that server virtualization has changed computing. But network virtualization, and the broader "software-defined networking" discussion, are still in their infancy. This means support for enterprise hardware, services and applications should not be assumed. Network virtualization needs comprehensive evaluation and a proof-of-principle cycle to determine its suitability for the environment.

This was last published in August 2014

Essential Guide

Stay connected with tips and trends in vSphere networking

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Would you be comfortable using a network virtualization product like VMware NSX?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVirtualDesktop

SearchDataCenter

SearchCloudComputing

Close