VMWorld Europe: NSX and Deep Security Defend the Software Defined Datacentre

by Simon Young

Last week was the VMworld Europe show in Barcelona, where the great and good came to see the virtualisation giant share its vision for the next generation of datacentres, known as the software-defined datacentre (SDDC). Its NSX network virtualisation platform will advance the SDDC with another giant leap forward, and improve datacentre security in the process.

NSX demo at Trend Micro stand, VMworld 2014

NSX demo at Trend Micro stand, VMworld 2014

As one of the vendor’s oldest and closest partners, Trend Micro also unveiled its answer to this new advance in IT infrastructure: Deep Security support to build on and extend the security benefits of NSX even further.

What is a SDDC? 
At its simplest, a SDDC is a datacentre in which all the infrastructure elements, including networking and storage, have been virtualised and are controlled not by hardware and devices but by automated software. If done right, it can cut costs and provide huge increases in IT agility and efficiency as well as scalability.

Trend Micro has been VMware’s key security partner for years. In 2009, Deep Security 7 became the first product to support introspection of network traffic through the hypervisor. The following year version 7.5 was unveiled as the world’s first fully “agent-less” virtual anti-malware offering. It was a no-brainer, therefore, to continue this remarkable run of partnership and innovation by offering support for VMware’s latest industry-defining product: NSX.

NSX: Virtualising the Network
NSX is VMware’s new network virtualisation and security platform for the Software Defined Datacentre. Crucially it enables micro-segmentation at the network layer for the first time to help datacentre managers limit malicious lateral movement within virtual environments: in other words, damaging inter-VM attacks.

Previously, micro-segmentation was just not practical from a cost or operational point-of-view as it would require placing traditional firewalls at various points in the virtual datacentre. This created too many “choke points”, strangling throughput and burdening admins with the impossible task of manually reconfiguring each firewall with the provisioning or de-provisioning of each new VM. NSX, however, overcomes these issues – automating the provisioning of firewall policies and delivering 20Gbps of firewall throughput, supporting over 80,000 connections per second, per host.

Deep Security: Maximum Peace of Mind
NSX advances the security of the SDDC in leaps and bounds thanks to enabling the creation of customised policies and modules right down to the individual VM level. However, Deep Security integration can minimise datacentre risk even further. Network teams can implement third party services like Deep Security on top of NSX via VMware’s Advanced Security Service Insertion

Here’s the Deep Security difference:

  • Deep Security support extends micro-segmentation by allowing these “shrink-wrapped” security policies and capabilities follow each VM automatically wherever it goes.
  • This means sensitive workloads can sit next to VMs of little sensitivity with maximum security.
  • Deep Security offers the most complete suite of capabilities of any VMware partner including: file-integrity monitoring and log inspection; IDS/IPS; bi-directional firewall; web reputation; and anti-malware.
  • It’s all managed from one console for ease-of-use
  • Trend Micro is the only vendor to deliver agentless security across network and file-based security controls for NSX. This giving customers even more flexibility over deployment options.
  • Trend Micro is using NSX to combine detection capabilities (agentless anti-malware, file integrity monitoring etc) with NSX “tagging”. This means Deep Security will trigger specific remediations when a threat is detected, such as automatically quarantining a compromised VM from the virtual network.




Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.