VMWorld 2013 - NSX Security Solutions in Action

8/18/2019 VMWorld 2013 - NSX Security Solutions in Action

1/30

NSX Security Solutions In Action - Deploying,

Troubleshooting, and Monitoring for VMware NSX

Service Composer

Azeem Feroz, VMware

Sachin Vaidya, VMware

SEC53 8

#SEC5318


2/30

22

Agenda

Recap of NSX Service Composer

Deployment – NSX Service Composer & Third-Party

Solutions• DEMO

Troubleshooting and Monitoring - Health Status, Failures,

Recovery

• DEMO


3/30

33

3

Security Challenges: “Multiple Dashboards of Wonder”

Vulnerability

Mgmt System

Antivirus

System

Firewall

vCenterIDS System

DLP System


4/30

44

Security Challenges: Multi-console Deployment

Multiple consoles to initiate

deployment from.

Each solution has multiple moving

parts – virtual appliances, ESXi

modules, in-guest drivers.

Manual admin intervention on each

host in a cluster.


5/30

55

Security Challenges: Troubleshooting across multiple dashboards

If a service goes down, where do you start

with troubleshooting steps? Security solution

or Virtualization solution?

What if there was a configuration change in

the infrastructure that caused an outage? How

could this change be determined?


6/30

66

Security Challenges: No orchestration between solutions

Datacenter

Internet

AV

IPS

Firewall

Data Sec

Vuln. Mgmt

Content Filtering


7/30

77

The NSX Service Composer


8/30

88

NSX Service Composer

Security services can now be consumed more efficiently in the

software-defined data center.

Apply.

Apply and visual ize

secur i ty pol ic ies for

wo rkloads, in one place.

Automate.

Autom ate wo rkf lows

across dif ferent

serv ices, with ou t

custom integrat ion.

Provision.

Prov is ion and moni tor

up t ime of dif ferent

serv ices, usin g on e

method.


9/30

99

Provision.NSX Service Composer & Third-Party Solutions


10/30

1010

NSX Manager

NSX Manager Partner consoles

McAfee

Rapid7

vCenter

ESX ESX ESX ESX

Symantec

Trend

NSX UI

Single Pane of Glass(for Deployment and Monitoring)

R e d u c e d C om pl ex i t y L

a r g e s t E c o s y s t e m

Deployment Fabric

Users

V M W

a r e

P ar

t n er s

NSX Service Composer: Deployment and Provisioning

Palo Alto

Networks

Vulnerability

Mgmt

IDS/IPS

Anti-malware, Anti-virus

IDS/IPS, Anti-

Malware

Firewall


11/30

1111

Demo – NSX Service Composer Deployment

Management

Compute

Partner Mgmt.

Consoles

Registered

Register Services

Log in!

Some services are pre-

registered (Data Security,

Identity, Trend Micro,

Rapid 7, McAfee )

Register Symantec Antivirus Solution

1

Deploy Services


deployed (Data Security)

Deploy Symantec

Antivirus solution

2


12/30


13/30

1313

Apply.NSX Service Composer: Security Ready for Consumption


14/30

1414

NSX Service Composer: Security Ready for Consumption

Secur i ty Groups

WHAT you want to

protect

Members: VM, vNIC, network(virtual/Logical Switch, physical),

Distributed Virtual PG, cluster, data

center, Resource Pool, vApp, othercontainers, regex patterns etc

Context: User identity, sensitivedata, security posture

HOW you want to

protect it

Secur i ty Pol icies

Services: Firewall, antivirus,intrusion prevention, vulnerability

management and more.

Profiles: Security policies fromVMware and third-party solutions

that are defined by the security

architect but implemented by the

cloud operator.

APPLY


15/30

1515

NSX Service Composer: Apply.


16/30

1616

NSX Service Composer: Apply.


17/30

1717

NSX Service Composer

Apply.




Automate.


across dif ferent



Provision.




method.


18/30

1818

Troubleshooting & MonitoringHealth Status, Failures, Recovery


19/30

1919

NSX Manager

NSX Manager Partner Consoles

McAfee

Rapid7

vCenter

ESX ESX ESX ESX

Symantec

Trend

NSX UI

Single Pane of Glass(for Deployment and Monitoring)

R e d u c e d C om pl ex i t y

S t r o n g e r E c

o s y s t e m

Deployment Fabric

Users

V M W

a r e

P ar

t n er s

NSX Service Composer: Troubleshooting and Monitoring

Palo Alto

Networks

NSX UI


20/30

2020

Demo – NSX Service Composer - Troubleshooting

Management

Compute

Partner Mgmt.

Consoles

Registered

Register Services

Log in!




Rapid 7, McAfee )


1

Deploy Services

Shut down Symantec

appliance

Observe alarms

generated.

Resolve alarms

Confirm resolution is

successful

2

Troubleshoot deployment

failures

Shut down Symantec

appliance

Observe alarms

generated.

Resolve alarms


successful

3


21/30


22/30

2222

Demo – NSX Service Composer - Troubleshooting

Management

Compute

Partner Mgmt.

Consoles

Registered

Register Services

Log in!




Rapid 7, McAfee )


1

Deploy Services

Shut down Symantec

appliance

Observe alarms

generated.

Resolve alarms


successful

2

Troubleshoot deployment

failures

Shut down Symantec

appliance

Observe alarms

generated.

Resolve alarms


successful

3

Troubleshoot configuration

compliance failures

Create a policy that uses

Symantec service and

apply it to VMs on cluster

Shut down Symantec

appliance on the cluster

Observe alarms showing

up on the service

composer

4


23/30


24/30

2424

Automate.NSX Service Composer: Orchestrate between Third-Party

Solutions


25/30

2525

Service Composer – Automate.

Datacenter

Internet

AV

IPS

Firewall

Data Sec

Vuln. Mgmt

Content Filtering


26/30

2626

Service Composer – Automate.

SEC5750 - Security Automation Workflows with NSX

• Gargi Keeling (VMWare) and Don Wood (McKesson)

• Wednesday, August 28th, 10:00 AM –

11:00 AM –

Moscone West, Room 3012


27/30

2727

Recap: NSX Service Composer

Apply.




Automate.


across dif ferent



Provision.




method.


28/30

THANK YOU


29/30


30/30

NSX Security Solutions In Action - Deploying,

Troubleshooting, and Monitoring for VMware NSX

Service Composer

Azeem Feroz, VMware

Sachin Vaidya, VMware

SEC53 8

#SEC5318

VMWorld 2013 - NSX Security Solutions in Action

Documents

Transcript of VMWorld 2013 - NSX Security Solutions in Action