BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
What security capabilities are available in VMware NSX? Can third-party security features work with it?
Security is a crucial concern for any company that cannot tolerate data from one VM being accessed by another VM. When virtualization is extended to the network, allowing VMs and networks to be created, changed, scaled and reused across the entire data center, the possibility of opening up the data center to a security risk can be a source of concern for many virtualization administrators.
Products like VMware NSX provide a variety of security features designed to help protect the integrity of VMs and virtual network data. First, NSX provides isolation by default to prevent traffic from comingling among virtual networks; the same kind of isolation exists with VMs that share the same computing hardware.
VMware NSX can also segment virtual networks, using virtual firewalls or routers to allow or deny certain data movement between parts of the network. The advantage here is that segmentation rules are created when the virtual network is established, so the rule sets tend to be stronger and more appropriate than manually configuring traditional equivalent devices.
It's also worth noting that NSX is designed to support workload mobility, so if a VM moves, all of the rules for segmentation, firewalls or other services are updated accordingly and automatically, so IT administrators don't need to adjust rules each time a VM is migrated. Traditional physical networks don't do this, which is part of the reason physical network configurations become old and ignored and account for so many enterprise security breaches.
NSX also accommodates third-party security products, which can be inserted into security activities. This allows organizations to add or combine security features -- perhaps not native to NSX -- which meet the unique needs of each specific business or industry segment.
Ultimately, network virtualization is coming, and for larger organizations it promises to change the way that networks are designed and provisioned in much the same way that server virtualization has changed computing. But network virtualization, and the broader "software-defined networking" discussion, are still in their infancy. This means support for enterprise hardware, services and applications should not be assumed. Network virtualization needs comprehensive evaluation and a proof-of-principle cycle to determine its suitability for the environment.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.