In basic networking, segmentation splits a physical network into logical sub-networks -- or subnets. Segmentation...
improves performance by minimizing the number of host systems on each subnet to reduce traffic congestion. It also improves security by limiting the reach of broadcast traffic and hiding the internal network structure, as well as mitigating network failures by containing effects within the subnet.
VMware's NSX offering carries these basic capabilities into network virtualization, citing benefits like isolation, segmentation and security. Isolation serves the same purpose in virtual networks that it does in virtual machines (VMs) -- it prevents communication across unrelated entities, yet requires no changes to the existing network architecture.
Segmentation works to direct and control communication within the virtual network right down to the individual physical NIC. Administrators can use NSX to establish a security perimeter around particular workloads or network segments to add east-west firewall functionality in the data center. This granular control has spawned the term "micro-segmentation." NSX micro-segmentation only works in environments that run on vSphere.
Security provides a distributed firewall and policies that follow VMs as they are deployed and moved. Third-party security products such as malware scanners and intrusion prevention tools also integrate with NSX to supply more comprehensive services.
Policies play a large role in network virtualization segmentation and security because policies follow business workflows allowing substantial automation for the enterprise. It's more than using IP addresses. Policies make use of VM names, virtual network identifiers, operating system information and other details to make better provisioning decisions and mitigate errors.
Network virtualization platforms such as NSX also support containers running on VMs. This approach combines the dynamic scalability of containers -- such as Docker and others -- with the isolation and mobility benefits of common VMs. For enterprises that need to isolate particular resources but retain some flexibility for various business goals, the NSX micro-segmentation feature is worth exploring.
Network micro-segmentation brings security to VMware NSX
Why server admins should consider micro-segmentation
What VMware's Arkin acquisition means for NSX
Dig Deeper on VMware and networking
Related Q&A from Stephen J. Bigelow
While the Windows Admin Center is one way to manage the Azure Stack HCI platform, you can also use traditional, battle-tested tools. Continue Reading
There are many tools available on the AWS Marketplace for QA testing, making it difficult to determine where to begin. What should an enterprise look... Continue Reading
Hyper-converged infrastructure that runs on Windows Server is not a new concept, but Microsoft's Azure Stack HCI program has one big difference from ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.