NSX Security Solutions In Action - Deploying,

Troubleshooting, and Monitoring for VMware NSX

Service Composer

Azeem Feroz, VMware

Sachin Vaidya, VMware

SEC5318

#SEC5318

2 2

Agenda

Recap of NSX Service Composer

Deployment – NSX Service Composer & Third-Party

Solutions

• DEMO

Troubleshooting and Monitoring - Health Status, Failures,

Recovery

• DEMO

3 3

3

Security Challenges: “Multiple Dashboards of Wonder”

Vulnerability

Mgmt System

Antivirus

System

Firewall

vCenter

IDS System

DLP System

4 4

Security Challenges: Multi-console Deployment

Multiple consoles to initiate

deployment from.

Each solution has multiple moving

parts – virtual appliances, ESXi

modules, in-guest drivers.

Manual admin intervention on each

host in a cluster.

5 5

Security Challenges: Troubleshooting across multiple dashboards

If a service goes down, where do you start

with troubleshooting steps? Security solution

or Virtualization solution?

What if there was a configuration change in

the infrastructure that caused an outage? How

could this change be determined?

6 6

Security Challenges: No orchestration between solutions

Datacenter

Internet

AV

IPS

Firewall

Data Sec

Vuln. Mgmt

Content Filtering

7 7

The NSX Service Composer

8 8

NSX Service Composer

Security services can now be consumed more efficiently in the

software-defined data center.

Apply.

Apply and visualize

security policies for

workloads, in one place.

Automate.

Automate workflows

across different

services, without

custom integration.

Provision.

Provision and monitor

uptime of different

services, using one

method.

9 9

Provision. NSX Service Composer & Third-Party Solutions

10 10

NSX Manager

NSX Manager Partner consoles

McAfee

Rapid7

vCenter

ESX ESX ESX ESX

Symantec

Trend

NSX UI

Single Pane of Glass (for Deployment and Monitoring)

Reduced C

om

ple

xity

Larg

est

Ecosyste

m

Deployment Fabric

Users V

MW

are

Partn

ers

NSX Service Composer: Deployment and Provisioning

Palo Alto

Networks

Vulnerability

Mgmt

IDS/IPS

Anti-malware,

Anti-virus

IDS/IPS, Anti-

Malware

Firewall

11 11

Demo – NSX Service Composer Deployment

Management

Compute

Partner Mgmt.

Consoles

Registered

Register Services

Log in!

Some services are pre-

registered (Data Security,

Identity, Trend Micro,

Rapid 7, McAfee )

Register Symantec

Antivirus Solution

1

Deploy Services

Some services are pre-

deployed (Data Security)

Deploy Symantec

Antivirus solution

2

13 13

Apply. NSX Service Composer: Security Ready for Consumption

14 14

NSX Service Composer: Security Ready for Consumption

Security Groups

WHAT you want to

protect

Members: VM, vNIC, network

(virtual/Logical Switch, physical),

Distributed Virtual PG, cluster, data

center, Resource Pool, vApp, other

containers, regex patterns etc

Context: User identity, sensitive

data, security posture

HOW you want to

protect it

Security Policies

Services: Firewall, antivirus,

intrusion prevention, vulnerability

management and more.

Profiles: Security policies from

VMware and third-party solutions

that are defined by the security

architect but implemented by the

cloud operator.

APPLY

15 15

NSX Service Composer: Apply.

16 16

NSX Service Composer: Apply.

17 17

NSX Service Composer

Apply.

Apply and visualize

security policies for

workloads, in one place.

Automate.

Automate workflows

across different

services, without

custom integration.

Provision.

Provision and monitor

uptime of different

services, using one

method.

18 18

Troubleshooting & Monitoring Health Status, Failures, Recovery

19 19

NSX Manager

NSX Manager Partner Consoles

McAfee

Rapid7

vCenter

ESX ESX ESX ESX

Symantec

Trend

NSX UI

Single Pane of Glass (for Deployment and Monitoring)

Reduced C

om

ple

xity

Str

onger

Ecosyste

m

Deployment Fabric

Users V

MW

are

Partn

ers

NSX Service Composer: Troubleshooting and Monitoring

Palo Alto

Networks

NSX UI

20 20

Demo – NSX Service Composer - Troubleshooting

Management

Compute

Partner Mgmt.

Consoles

Registered

Register Services

Log in!

Some services are pre-

registered (Data Security,

Identity, Trend Micro,

Rapid 7, McAfee )

Register Symantec

Antivirus Solution

1

Deploy Services

Shut down Symantec

appliance

Observe alarms

generated.

Resolve alarms

Confirm resolution is

successful

2

Troubleshoot deployment

failures

Shut down Symantec

appliance

Observe alarms

generated.

Resolve alarms

Confirm resolution is

successful

3

22 22

Demo – NSX Service Composer - Troubleshooting

Management

Compute

Partner Mgmt.

Consoles

Registered

Register Services

Log in!

Some services are pre-

registered (Data Security,

Identity, Trend Micro,

Rapid 7, McAfee )

Register Symantec

Antivirus Solution

1

Deploy Services

Shut down Symantec

appliance

Observe alarms

generated.

Resolve alarms

Confirm resolution is

successful

2

Troubleshoot deployment

failures

Shut down Symantec

appliance

Observe alarms

generated.

Resolve alarms

Confirm resolution is

successful

3

Troubleshoot configuration

compliance failures

Create a policy that uses

Symantec service and

apply it to VMs on cluster

Shut down Symantec

appliance on the cluster

Observe alarms showing

up on the service

composer

4

24 24

Automate. NSX Service Composer: Orchestrate between Third-Party

Solutions

25 25

Service Composer – Automate.

Datacenter

Internet

AV

IPS

Firewall

Data Sec

Vuln. Mgmt

Content Filtering

26 26

Service Composer – Automate.

SEC5750 - Security Automation Workflows with NSX

• Gargi Keeling (VMWare) and Don Wood (McKesson)

• Wednesday, August 28th, 10:00 AM – 11:00 AM – Moscone West, Room 3012

27 27

Recap: NSX Service Composer

Apply.

Apply and visualize

security policies for

workloads, in one place.

Automate.

Automate workflows

across different

services, without

custom integration.

Provision.

Provision and monitor

uptime of different

services, using one

method.

THANK YOU

NSX Security Solutions In Action - Deploying,

Troubleshooting, and Monitoring for VMware NSX

Service Composer

Azeem Feroz, VMware

Sachin Vaidya, VMware

SEC5318

#SEC5318