Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
6
14
2016
12.18.2020

Network Microsegmentation Could be the Software Defined Answer to Security

Last updated:
9.16.2020
12.18.2020
No items found.

According to a recent study by Emerson, cybercrime is the fastest growing cause of data center outages. To stay ahead of increasingly sophisticated attacks, infrastructure managers must combine software and hardware tools to constantly monitor, recognize, block, and remediate. Keeping an eye on network traffic is essential to accomplish this, and one developing method of network security control uses microsegmentation to do so.

Network microsegmentation is enabled by software-defined data center technology like VMware NSX. It gives network administrators new abilities to shape network traffic based on global policy, increasing security by crafting security policies around specific network segments or virtual machines.

 

Designing Microsegmentation Security Rules

network microsegmentation

Using the NSX firewall features, you can create a security group around any vCenter object: virtual machines, vNICs, or even vApps. These groups can allow traffic between any other allowed objects, or only allow outside traffic to specific object. For example, you can allow traffic between virtual network cards on a production application server and your company’s web server.

In order to take advantage of microsegmentation, you first need to have a solid grasp on your infrastructure’s network traffic, both from within and outside the data center. Using network scanning tools, map out workloads with overlapping network traits like the same subnet.

Design your microsegmentation security rules based on the descriptions you come with while mapping. For every virtual machine and/or virtual data center component like a vNIC, consider:

Workloads can now dynamically inherit specific security rules based on their categorization. These policies are applied when a VM is turned on or migrated and turned off when it is powered down. This saves network administrators time as they don’t need to reconfigure firewall rules with every VM. NSX policies can use the VM name, virtual network assignment, operating system, or many other VM settings in order to assign security rules.

The rules themselves are not necessarily tied to NSX and VMware tools like the built in ESXi firewall. Your existing vendor products can also be integrated with security tags so they can share their own information across an entire ecosystem. If you have Trend Micro cloud security, for example, your security rule can turn on strict anti-malware that isolates a VM from all network traffic when an infection is detected by Trend Micro’s IDS.

 

Network microsegmentation is a great solution for managing secure network traffic within your virtualized datacenter, to isolate multiple networks depending on their data security requirements, and for simplifying complex access policies, such as when dealing with virtual desktop administration.

Recent Blog Posts

lunavi logo alternate white and yellow
7.21.2021
07
.
19
.
2021
How Lunavi Approaches Digital Transformation: HostingAdvice Company Profile

For prospective clients and partners, the history, ethos, and capabilities of a vendor are paramount. HostingAdvice.com recently profiled Lunavi to explore our approach.

Learn more
lunavi logo alternate white and yellow
5.20.2021
04
.
26
.
2021
Test Automation Best Practices: Balancing Confidence with Efficiency

Automation can instill confidence to release software and improve the team’s ability to create high-quality applications in the fastest and most efficient way possible. Essentially, it eliminates the need to compromise or choose one set of priorities over another. Instead, it allows teams to strike a balance between confidence/coverage and speed/efficiency. But automation isn’t a one-size-fits-all solution.

Learn more
lunavi logo alternate white and yellow
4.20.2021
04
.
20
.
2021
Building Your Cloud Foundation Part 1: Core Configuration & Governance

This first area of focus establishes your cloud policy, or the way your organization consumes and manages cloud resources. Learn how to establish proper scope and mitigate tangible risks through corporate policy and standards.

Learn more