A closer look at the Software-Defined Datacentre

by Helen Ridley

VMware’s Software-Defined Datacentre (SDDC) vision has the potential to transform cloud computing. It allows IT teams for the first time to develop, deploy and manage all their applications in a unified manner no matter whether they reside in private, managed or public clouds. It’s no surprise that new research released earlier this month predicts that the global SDDC market will grow at an impressive CAGR of 29% over the next five years to reach a staggering $77 billion by 2020.

But datacentre security in the cloud and virtual world presents its own unique and challenging set of requirements for enterprise IT teams.

Opportunities and threats
SDDC represents the next great leap forward in datacentre design. Network, storage and computing elements are all virtualised so they are controlled by automated software, rather than hardware. This has the potential to massively improve IT agility, efficiency and scalability, reducing time to market for apps and services.

But modern cybercriminals are more than capable of spotting the security gaps that often open up when organisations try to apply traditional security tools to new architectures. For example, inter-VM attacks take advantage of IT admins’ restricted visibility into the virtual environment to move laterally between virtual machines unnoticed until they reach their target.

Enter NSX
This is why VMware introduced its virtualisation and network security platform NSX. It enables for the first time micro-segmentation at the network layer to halt these potentially catastrophic inter-VM attacks. Up until the launch of NSX, micro-segmentation was largely impractical. This is because adding firewalls into a virtual environment created too many bottlenecks – strangling throughput capacity and requiring the impossible task of manually reconfiguring each firewall each time VMs were provisioned or de-provisioned.

NSX changed all that by automating the provision of firewall policies and delivering 20Gbps of firewall throughput per host.

The Deep Security difference
We have been a VMware partner since the very beginning, and became the first security vendor to offer agentless anti-malware for the platform five years ago with our flagship Deep Security products. Continuing that spirit of close co-operation we support the latest micro-segmentation innovation from VMware to maximise security in SDDC and virtual environments.

Deep Security ensures “shrink wrapped” security policies and capabilities follow each VM automatically wherever it goes – extending the value of micro-segmentation. This means that VMs can sit side-by-side each other in mixed environments, maximising security while ensuring organisations can make the most efficient use of resources.

Other benefits of Deep Security include:

  • The most complete suite of capabilities of any VMware partner including: file-integrity monitoring and log inspection; IDS/IPS; bi-directional firewall; web reputation; and anti-malware.
  • All managed from one console for ease-of-use
  • Trend Micro is the only vendor to offer agentless security option across network and file-based security controls for NSX. This provides even more flexibility over deployment options.
  • Trend Micro uses NSX to combine detection capabilities (agentless anti-malware, file integrity monitoring etc) with NSX “tagging”. This means Deep Security will trigger specific remediations when a threat is detected, such as automatically quarantining a compromised VM from the virtual network.

If you’re weighing up the transition to the next generation of datacentre architectures, take a look at how you can help reduce risk and allow teams to focus on maximising IT and business efficiency. To hear more about security in virtualised environments and the latest in enterprise security, come along to CLOUDSEC on the 17th September 2015 in London. Complete agenda and registrations: http://www.cloudsec.com/uk

More on Deep Security and VMware NSX here.





Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.