There is no doubt that IT organizations have gained significant benefits as a direct result of server virtualization. Tangible advantages of server consolidation include reduced physical complexity, increased operational efficiency, and simplified dynamic pooling of compute and storage resources. These technology solutions have delivered on their promise of helping IT to quickly and optimally meet the needs of increasingly dynamic business applications.
VMware’s Software-Defined Data Center (SDDC) architecture moves beyond the server, extending virtualization technologies across the entire physical data center infrastructure. VMware NSX, the network virtualization platform, is a key product in the SDDC architecture. With VMware NSX, virtualization now delivers for networking what it has already delivered for compute. Layer 2 to layer 7 networking services (e.g., switching, routing, firewalling, and load balancing) can be quickly, flexibly and securely reproduced in software to make today’s IT organization more agile, secure and resilient.
Why would I want to virtualize network services? What’s a use case?
Security & Distributed Firewalling. Existing network security solutions are optimized for perimeter-based defense, but server-to-server traffic (East-West), which represents 80 percent of overall data center traffic, is not inspected by security controls. An attacker who gains access to one server may be able to move freely within the data center after penetrating the perimeter.
A traditional solution to this scenario is to perform all routing on a firewall device to steer VM traffic to the edge of the datacenter. But, hardware firewalls are expensive and impose throughput limits on traffic. This usage of hardware firewalls undermines the performance and low latency of modern, line-rate, Layer 3 switches and routers while increasing latency. VMware NSX is a disruptive approach to data center security:
- Micro-segmentation. Firewall rules can be imposed granularly, at the VM Port level allowing for intra-host access controls.
- Scales with every ESXi host added to the data center. A single hypervisor can outperform some of the industry’s most expensive firewalls with firewall and routing functions performed in kernel.
- NSX can be deployed without changing the underlying physical network.
In addition to NSX’s native features, the platform also allows for rich partner integrations from vendors like Palo Alto Networks.
We’ll be covering this further at a series of events between May 5 – 11th! Head over to our events calendar to find an event near you: www.candoris.com/events/
Written by Nick Pier, Network & Virtualization Engineer, CCNP RS, VCIX6-DCV, VCP6-NV, CCNA Wireless