VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, and Monitoring for...
-
Upload
vmworld -
Category
Technology
-
view
177 -
download
7
description
Transcript of VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, and Monitoring for...
NSX Security Solutions In Action - Deploying,
Troubleshooting, and Monitoring for VMware NSX
Service Composer
Azeem Feroz, VMware
Sachin Vaidya, VMware
SEC5318
#SEC5318
2 2
Agenda
Recap of NSX Service Composer
Deployment – NSX Service Composer & Third-Party
Solutions
• DEMO
Troubleshooting and Monitoring - Health Status, Failures,
Recovery
• DEMO
3 3
3
Security Challenges: “Multiple Dashboards of Wonder”
Vulnerability
Mgmt System
Antivirus
System
Firewall
vCenter
IDS System
DLP System
4 4
Security Challenges: Multi-console Deployment
Multiple consoles to initiate
deployment from.
Each solution has multiple moving
parts – virtual appliances, ESXi
modules, in-guest drivers.
Manual admin intervention on each
host in a cluster.
5 5
Security Challenges: Troubleshooting across multiple dashboards
If a service goes down, where do you start
with troubleshooting steps? Security solution
or Virtualization solution?
What if there was a configuration change in
the infrastructure that caused an outage? How
could this change be determined?
6 6
Security Challenges: No orchestration between solutions
Datacenter
Internet
AV
IPS
Firewall
Data Sec
Vuln. Mgmt
Content Filtering
7 7
The NSX Service Composer
8 8
NSX Service Composer
Security services can now be consumed more efficiently in the
software-defined data center.
Apply.
Apply and visualize
security policies for
workloads, in one place.
Automate.
Automate workflows
across different
services, without
custom integration.
Provision.
Provision and monitor
uptime of different
services, using one
method.
9 9
Provision. NSX Service Composer & Third-Party Solutions
10 10
NSX Manager
NSX Manager Partner consoles
McAfee
Rapid7
vCenter
ESX ESX ESX ESX
Symantec
Trend
NSX UI
Single Pane of Glass (for Deployment and Monitoring)
Reduced C
om
ple
xity
Larg
est
Ecosyste
m
Deployment Fabric
Users V
MW
are
Partn
ers
NSX Service Composer: Deployment and Provisioning
Palo Alto
Networks
Vulnerability
Mgmt
IDS/IPS
Anti-malware,
Anti-virus
IDS/IPS, Anti-
Malware
Firewall
11 11
Demo – NSX Service Composer Deployment
Management
Compute
Partner Mgmt.
Consoles
Registered
Register Services
Log in!
Some services are pre-
registered (Data Security,
Identity, Trend Micro,
Rapid 7, McAfee )
Register Symantec
Antivirus Solution
1
Deploy Services
Some services are pre-
deployed (Data Security)
Deploy Symantec
Antivirus solution
2
13 13
Apply. NSX Service Composer: Security Ready for Consumption
14 14
NSX Service Composer: Security Ready for Consumption
Security Groups
WHAT you want to
protect
Members: VM, vNIC, network
(virtual/Logical Switch, physical),
Distributed Virtual PG, cluster, data
center, Resource Pool, vApp, other
containers, regex patterns etc
Context: User identity, sensitive
data, security posture
HOW you want to
protect it
Security Policies
Services: Firewall, antivirus,
intrusion prevention, vulnerability
management and more.
Profiles: Security policies from
VMware and third-party solutions
that are defined by the security
architect but implemented by the
cloud operator.
APPLY
15 15
NSX Service Composer: Apply.
16 16
NSX Service Composer: Apply.
17 17
NSX Service Composer
Apply.
Apply and visualize
security policies for
workloads, in one place.
Automate.
Automate workflows
across different
services, without
custom integration.
Provision.
Provision and monitor
uptime of different
services, using one
method.
18 18
Troubleshooting & Monitoring Health Status, Failures, Recovery
19 19
NSX Manager
NSX Manager Partner Consoles
McAfee
Rapid7
vCenter
ESX ESX ESX ESX
Symantec
Trend
NSX UI
Single Pane of Glass (for Deployment and Monitoring)
Reduced C
om
ple
xity
Str
onger
Ecosyste
m
Deployment Fabric
Users V
MW
are
Partn
ers
NSX Service Composer: Troubleshooting and Monitoring
Palo Alto
Networks
NSX UI
20 20
Demo – NSX Service Composer - Troubleshooting
Management
Compute
Partner Mgmt.
Consoles
Registered
Register Services
Log in!
Some services are pre-
registered (Data Security,
Identity, Trend Micro,
Rapid 7, McAfee )
Register Symantec
Antivirus Solution
1
Deploy Services
Shut down Symantec
appliance
Observe alarms
generated.
Resolve alarms
Confirm resolution is
successful
2
Troubleshoot deployment
failures
Shut down Symantec
appliance
Observe alarms
generated.
Resolve alarms
Confirm resolution is
successful
3
22 22
Demo – NSX Service Composer - Troubleshooting
Management
Compute
Partner Mgmt.
Consoles
Registered
Register Services
Log in!
Some services are pre-
registered (Data Security,
Identity, Trend Micro,
Rapid 7, McAfee )
Register Symantec
Antivirus Solution
1
Deploy Services
Shut down Symantec
appliance
Observe alarms
generated.
Resolve alarms
Confirm resolution is
successful
2
Troubleshoot deployment
failures
Shut down Symantec
appliance
Observe alarms
generated.
Resolve alarms
Confirm resolution is
successful
3
Troubleshoot configuration
compliance failures
Create a policy that uses
Symantec service and
apply it to VMs on cluster
Shut down Symantec
appliance on the cluster
Observe alarms showing
up on the service
composer
4
24 24
Automate. NSX Service Composer: Orchestrate between Third-Party
Solutions
25 25
Service Composer – Automate.
Datacenter
Internet
AV
IPS
Firewall
Data Sec
Vuln. Mgmt
Content Filtering
26 26
Service Composer – Automate.
SEC5750 - Security Automation Workflows with NSX
• Gargi Keeling (VMWare) and Don Wood (McKesson)
• Wednesday, August 28th, 10:00 AM – 11:00 AM – Moscone West, Room 3012
27 27
Recap: NSX Service Composer
Apply.
Apply and visualize
security policies for
workloads, in one place.
Automate.
Automate workflows
across different
services, without
custom integration.
Provision.
Provision and monitor
uptime of different
services, using one
method.
THANK YOU
NSX Security Solutions In Action - Deploying,
Troubleshooting, and Monitoring for VMware NSX
Service Composer
Azeem Feroz, VMware
Sachin Vaidya, VMware
SEC5318
#SEC5318