Security Market Segment LS
Sunday, 21 January 2018 19:46

VMware NSX for vSphere 6.4 brings greater micro-segmentation and security


Cloud computing and platform virtualisation vendor VMware has announced VMware NSX for vSphere 6.4 is now generally available, bringing with it easier operations and context-sensitive application security.

Cyber security is a constant battle, but VMware is delivering on promises it made during VMworld 2017 to simplify the security burdens on enterprise.

iTWire attended VMware chief executive Pat Gelsinger’s keynote at the company’s annual event last year, where Gelsinger stated the tech industry had failed business, with too many security products across too many segments, with too much complexity to bridge it all together. “We need to restructure security. It has to be built-in and those many components have to go away and be native components with the infrastructure itself. It has to be intrinsically built-in,” Gelsinger said.

Gelsinger committed that VMware would transform cyber security, from “chasing bad” to “ensuring good” and this philosophy is being realised in VMware NSX for vSphere 6.4, among other products.

Specifically, VMware NSX 6.4 builds on micro-segmentation to now deliver context-aware micro-segmentation.

For clarity, micro-segmentation brings security policies traditionally only enforced at the perimeter down to the application. It has proven successful but also creates challenges – where does one begin? How do you manage it as applications change? How will security evolve as breaches are evolving?

VMware saw the virtualisation layer as the ideal place to implement this critical defence capability because NSX is close enough to the application to gain valuable context and enforce granular security, while at the same time being separate enough from the application to protect NSX from the attack surface in the event of malicious exploitation.

Beyond the architectural advantages of NSX, the product has been using attributes in the context of the application — like VM name, OS version, regulatory scope and more — to create policy. This approach enhances security, is more manageable, and can be automated, rather than basing policy on constructs like IP addresses which may change often. VMware NSX for vSphere 6.4 takes this to a higher level adding context-aware micro-segmentation, better securing applications using the full context of the application.

Highlights include:

  1. Network flex app detection and enforcement at layer 7 – while NSX tools like Endpoint Monitoring look within the application, NSX now performs deep packet inspection to identify the application within the network flow. This means micro-segmentation policies from the network view don’t have to infer the application, and NSX will start with a core set of over fifty common application signatures such as HTTP, SSH and DNS, and will grow over time.
  2. Virtual desktop and remote session security per user – securing virtual desktops is a popular starting point for micro-segmentation where no traffic should flow between virtual desktops. However, in many environments, multiple users run desktop sessions on a single host. NSX for vSphere 6.4 can implement security in these environments based on the user and what they should be able to access. This increases security for those environments and also opens the use case to a wider variety of environments such as Citrix and Microsoft’s remote desktop.
  3. Application Rule Manager – VMware is seeking to model the people and processes involved in NSX deployments and micro-segmentation, in addition to making policies more intuitive and application-driven. NSX for vSphere 6.4 brings with it tools to help users be successful in their deployment. Previously Application Rule Manager pushed policies directly into distributed firewalls, and now it includes smarts to suggest rules and suggest application security groups to help build a more cohesive and manageable micro-segmentation security across the data centre. VMware reports one customer found it took 1/3rd of the time to micro-segment their applications with this release of Application Rule Manager over the previous version.

In addition, VMware NSX for vSphere 6.4 delivers many ease of use enhancements, simplifying the GUI, bring dashboard and logging enhancements, and many other operational improvements.

Other functionality includes new routing features, JSON support for custom automation, multi-site enhancements, scale improvements, greater resiliency, health check monitors, and many other improvements.

Security threats continue to evolve, but increasing sophistication of security controls is only half the battle – the solutions must also be simple to deploy and manage in order to operate at scale. VMware says these two goals were major design factors in NSX for vSphere 6.4, and it is generally available now.

Full release notes are available online.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News