SlideShare a Scribd company logo

Security Practitioners guide to Micro Segmentation with VMware NSX and Log Insight

Anthony Burke
Anthony Burke

The term Micro-segmentation has been used by all vendors to death. So what does it mean for you? This session walks through step by step building a security architecture from nothing. Where do you start? How do you learn how an application speaks? What approach can you take that is not disruptive? What objects should I use? Security Groups, IPsets, Clusters, VMs? After deciding what is best for the right situation come and see how to apply micro segmentation with VMware NSX to VMware Log Insight. Walk away with a repeatable approach breaking down, learning, and segmenting any application on your virtualised infrastructure. Designing an applications micro segmentation policy just got a whole lot easier.

1 of 28

Download presentation

Your download has started
Downloaded 98 times
MICRO SEGMENTATION SECURITY INCEPTION: A SECURITY PRACTITIONERS GUIDE TO WITH LOG INSIGHT
AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
SECURITY INCEPTION: SECURITY PRACTITIONERS GUIDE TO MICRO SEGMENTATION WITH LOG INSIGHT GOALS ▸ Where do I start? ▸ Finding the traffic ▸ Building the rules ▸ Visualising the data ▸ Automating ▸ Example Security Architecture PRODUCTS ▸ vSphere ▸ NSX for vSphere ▸ vRealize Log Insight ▸ PowerCLI / PowerNSX
AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
DISTRIBUTED FIREWALL LOGS LOGS SOMEWHERE APP1WEB1 ▸ Firewall rules or Access lists were the point of visibility ▸ Only inter-tier communication was protected and seen ▸ Very tricky to detect and enforce workloads on the same network segment ▸ Private VLANs were used to enforce east-west communication NETWORK DC FIREWALL Logs
DISTRIBUTED FIREWALL LOGS LOGS EVERYWHERE APP1 NETWORK WEB1 ▸ Logs can be found at the DC Firewall, NSX Edge, Distributed Firewall ▸ Logs allow the trace of an application end to end (even if NAT is used!) DC FIREWALL Logs DFWDFWLogs Logs▸ DFW has both ingress and egress of source and destination workloads ▸ Logs on every device are cumbersome to collect and analyse
BOOKSTORE APPLICATION TOPOLOGY FUNCTION IP ADDRESS WEBLB 192.168.100.193 WEB01 10.0.1.11 WEB02 10.0.1.12 APPLB 172.16.1.6 APP01 10.0.2.11 APP02 10.0.2.12 DB01 10.0.3.11 WEB2 DB1 EXTERNAL NETWORK DFWDFW WEB1 DFW APP2 DFW APP1 DFW WEB LS APP LS DB LS TRANSIT LS EDGE
 01 NSX DC FIREWALL APPLICATION A APPLICATION B APPLICATION C
BOOKSTORE APPLICATION MICRO SEGMENTATION ▸ Current security requirements are not enforced ▸ Unsure of inter-tier communication ▸ What ports are required to be opened? ▸ Not sure where to start ▸ Secure applications topologies ▸ Granular logging ▸ Visualisation / Dashboard of application security logs ▸ Repeatable process for other applications CURRENT STATE DESIRED OUTCOME NSX
AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
IOCHAINS WHAT CAN I SEE? DISTRIBUTED FIREWALL ▸ vNIC level firewall on every VM ▸ Rules that are created via vCenter UI are pushed to NSX Manager to be stored. API is directly against NSX Manager. ▸ Rules are pushed down to relevant hosts (Applied To) or all (Distributed Firewall) ▸ This is parsed by VSFWD on each vSphere host. ▸ VM-ID is used to apply rules to pertinent vNICs ▸ Applied To field will still resolve back to VM-ID NSX VM NETWORK … 15 ESXI- FIREWALL0 USED FOR DVS ACLS SW-SEC1 VM-IP AND ARP LEARNING VMWARE- SFW2 DISTRIBUTED FIREWALL ENFORCEMENT PARTNER-14 NET-X PARTER REDIRECTION POINT VSPHERE HOST
BOOKSTORE APPLICATION MICRO SEGMENTATION ▸ Security Groups provide a logical grouping construct ▸ Intelligent grouping ▸ Usually used to group ‘like’ workloads together such as Web, App, and DB ▸ Security Group ends up as source or destination for rules ▸ Rules are used built using Security Group as source and destination ▸ Permit All means traffic to or from destined group is caught FENCING WITH SECURITY GROUPS NSX
BOOKSTORE APPLICATION FENCING WEB2 DB1 DFWDFW WEB1 DFW APP2 DFW APP1 DFW SGTSWEB SGTSAPP SGTSDB NSX SGTSBOOKS LOG INSIGHT
BOOKSTORE APPLICATION MICRO SEGMENTATION DISTRIBUTED FIREWALL TAGS ▸ Arbitrary text string stamped to all logs ▸ Can be searched in any log platform ▸ Helps group rules with human friendly context ▸ Log Insight Management Pack provides RegEx expressions that can be used in conjunction with it NSX
VISUALISING RULES ▸ Pie chart identifies source IP address and destination IP/Port ▸ Colours indicate different destination ▸ Filtered based on DFW Tag - must contain SGTSWeb ▸ Allows for quick creation of subsequent tables BOOKSTORE APPLICATION MICRO SEGMENTATION NSX
AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
DISTRIBUTED FIREWALL RULES ‣ Taking log output and creating rules ‣ Web Tier chart sees internal edge interface (172.16.1.1) talk to both Web VMs (10.0.1.11/12) within SGTSWeb on port 80. ‣ This results in rule #1 created. BOOKSTORE APPLICATION MICRO SEGMENTATION NSX
DISTRIBUTED FIREWALL RULES ‣ Building individual allow rules against known logs visualised ‣ Ensures application topology is logically covered BOOKSTORE APPLICATION MICRO SEGMENTATION NSX WEB2 DB1 DFWDFW WEB1 DFW APP2 DFW APP1 DFW SGTSWEB SGTSAPP SGTSDB SGTSBOOKS ‣ Final rule created is Any source, Any destination, Any service, Block and log. ‣ Applied to SGTSBooks
AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
CUSTOM DASHBOARDS PER APPLICATIONS ▸ Custom dashboards can be created from ANY data seen by Log Insight ▸ Known as queries ▸ Super flexible with a number of controls ▸ Creating a “Bookstore Security” dashboard ▸ Web, App, DB, and SGTSBook queries ▸ Creating SRC IP, Protocol, DST IP + PORT ▸ Add to Dashboard ▸ Populate notes! BOOKSTORE APPLICATION MICRO SEGMENTATION NSX
THE BOOKSTORE CUSTOM DASHBOARD BOOKSTORE APPLICATION MICRO SEGMENTATION NSX
AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
SCALING APPLICATIONS AND MAINTAINING SECURITY VISIBILITY SGT2-DMZ-PROTECTED REPEATABLE SECURITY ARCHITECTURE SGT3-DMZ-PROTECTED-3TA-WEB SGT3-DMZ-PROTECTED-3TA-DB SGT3-DMZ-PROTECTED-3TA-APP FOUNDATION INFRASTRUCTURE APPLICATION SGT1-TOPSECRET SGT1-SECRET SGT1-CONFIDENTIAL SGT1-PROTECTED CLASSIFICATIONS SECURITYTAGINCLUSION SGT1-DEV SGT1-PRODUCTION SGT1-DMZ CLUSTERS CLUSTERINCLUSION CLUSTER + CLASSIFICATION (CLUSTER+CLASSIFICATION) + TIERS SGT1-3TA-DB SGT1-3TA-APP SGT1-3TA-WEB TIERS SECURITYTAGINCLUSION
SCALING APPLICATIONS AND MAINTAINING SECURITY VISIBILITY SGT2-PROTECTED-3TA-WEB SGT2-PROTECTED-3TA-DB SGT2-PROTECTED-3TA-APP REPEATABLE SECURITY ARCHITECTURE SGT3-DMZ-PROTECTED-3TA-WEB SGT3-DMZ-PROTECTED-3TA-DB SGT3-DMZ-PROTECTED-3TA-APP INFRASTRUCTURE APPLICATION POLICY
 DNS POLICY
 AD POLICY
 WEB POLICY
 APP POLICY
 DB FOUNDATION SGT1-TOPSECRET SGT1-SECRET SGT1-CONFIDENTIAL SGT1-PROTECTED SGT1-3TA-DB SGT1-3TA-APP SGT1-3TA-WEB SGT1-DEVELOPER SGT1-PRODUCTION SGT1-DMZ POLICY
 DNS POLICY
 DNS
SECURITY INCEPTION: SECURITY PRACTITIONERS GUIDE TO MICRO SEGMENTATION WITH LOG INSIGHT LOG INSIGHT ▸ 25 OSI pack included with all licensed vCenter instances ▸ Per CPU socket licensing included with all vCloud Suite ▸ Operating System Instance denotes an individual endpoint outside a vCentre domain
 (Network device, Physical Object, Storage array) ▸ CPU socket includes all virtual objects associated to that vSphere host (VMs, DFW, Load Balancer, NSX Edges)
GRANULAR. REPEATABLE.
 SCALABLE. INTELLIGENT. 
Takeaways of the approach
SECURITY INCEPTION: SECURITY PRACTITIONERS GUIDE TO MICRO SEGMENTATION WITH LOG INSIGHT FIND OUT MORE ▸ Anthony Burke - Senior Systems Engineer, VMware Network and Security Business Unit ▸ VCIX-NV, CCNP, closing in on a VCDX-NV ▸ Author at networkinferno.net ▸ An author of the upcoming VMware press title: 
 VMware NSX 6.2 for vSphere Essentials ▸ An author of the newly released VMware NSX Fundamentals LiveLessons ▸ Find me on Twitter as @pandom_
QUESTIONS? THANK YOU

Recommended

Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
solarisyougood
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
VMworld
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSX
VMworld
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
VMworld
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
VMworld
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSX
Scott Lowe
 
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
Filip Verloy
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
Ploynatcha Akkaraputtipat
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack
VMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
Sanjay Basu
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use Cases
Kevin Groat
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
David Pasek
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMware
Angel Villar Garea
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
Scott Lowe
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
VMworld
 
Log insight 3.3 customer presentation
Log insight 3.3 customer presentationLog insight 3.3 customer presentation
Log insight 3.3 customer presentation
David Pasek
 
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Kesavan Munuswamy
 

More Related Content

What's hot (20)

VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
Filip Verloy
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
Ploynatcha Akkaraputtipat
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack
VMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
Sanjay Basu
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use Cases
Kevin Groat
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
David Pasek
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMware
Angel Villar Garea
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
Scott Lowe
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
VMworld
 
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
Filip Verloy
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
Ploynatcha Akkaraputtipat
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack
VMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
Sanjay Basu
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use Cases
Kevin Groat
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
David Pasek
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMware
Angel Villar Garea
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
Scott Lowe
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
VMworld
 

Viewers also liked (20)

Log insight 3.3 customer presentation
Log insight 3.3 customer presentationLog insight 3.3 customer presentation
Log insight 3.3 customer presentation
David Pasek
 
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Kesavan Munuswamy
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
Presentation v cloud architecture toolkit (vcat) 2.0
Presentation v cloud architecture toolkit (vcat) 2.0Presentation v cloud architecture toolkit (vcat) 2.0
Presentation v cloud architecture toolkit (vcat) 2.0
solarisyourep
 
Dropwizard and Friends
Dropwizard and FriendsDropwizard and Friends
Dropwizard and Friends
Yun Zhi Lin
 
Nano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyNano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security Journey
Yun Zhi Lin
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
Cisco Canada
 
Tips For Building Private Cloud Architecture With Virtualization
Tips For Building Private Cloud Architecture With Virtualization Tips For Building Private Cloud Architecture With Virtualization
Tips For Building Private Cloud Architecture With Virtualization
Aventis Systems, Inc.
 
Atf 3 q15-8 - introducing macro-segementation
Atf 3 q15-8 - introducing macro-segementationAtf 3 q15-8 - introducing macro-segementation
Atf 3 q15-8 - introducing macro-segementation
Mason Mei
 
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
CA Technologies
 
Presentation v cloud architecture toolkit overview
Presentation v cloud architecture toolkit overviewPresentation v cloud architecture toolkit overview
Presentation v cloud architecture toolkit overview
solarisyourep
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
Adi Gazit Blecher
 
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
WebNMS
 
Log insight technical overview customer facing (based on 3.x)
Log insight technical overview customer facing (based on 3.x)Log insight technical overview customer facing (based on 3.x)
Log insight technical overview customer facing (based on 3.x)
David Pasek
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
VMware
 
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
CA Technologies
 
3 Techniques to Increase Conversions for Your SaaS Business
3 Techniques to Increase Conversions for Your SaaS Business3 Techniques to Increase Conversions for Your SaaS Business
3 Techniques to Increase Conversions for Your SaaS Business
Kissmetrics on SlideShare
 
Expectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkExpectation for SDN as Carrier's Network
Expectation for SDN as Carrier's Network
Open Networking Summits
 
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
CA Technologies
 
Private Cloud Architecture
Private Cloud ArchitecturePrivate Cloud Architecture
Private Cloud Architecture
Derek Keats
 
Log insight 3.3 customer presentation
Log insight 3.3 customer presentationLog insight 3.3 customer presentation
Log insight 3.3 customer presentation
David Pasek
 
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Kesavan Munuswamy
 
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy - Scottish VMUG April 2016
Andy Kennedy
 
Presentation v cloud architecture toolkit (vcat) 2.0
Presentation v cloud architecture toolkit (vcat) 2.0Presentation v cloud architecture toolkit (vcat) 2.0
Presentation v cloud architecture toolkit (vcat) 2.0
solarisyourep
 
Dropwizard and Friends
Dropwizard and FriendsDropwizard and Friends
Dropwizard and Friends
Yun Zhi Lin
 
Nano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security JourneyNano Segmentation - A Docker Security Journey
Nano Segmentation - A Docker Security Journey
Yun Zhi Lin
 
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
The Hitch-Hikers Guide to Data Centre Virtualization and Workload Consolidation:
Cisco Canada
 
Tips For Building Private Cloud Architecture With Virtualization
Tips For Building Private Cloud Architecture With Virtualization Tips For Building Private Cloud Architecture With Virtualization
Tips For Building Private Cloud Architecture With Virtualization
Aventis Systems, Inc.
 
Atf 3 q15-8 - introducing macro-segementation
Atf 3 q15-8 - introducing macro-segementationAtf 3 q15-8 - introducing macro-segementation
Atf 3 q15-8 - introducing macro-segementation
Mason Mei
 
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...
CA Technologies
 
Presentation v cloud architecture toolkit overview
Presentation v cloud architecture toolkit overviewPresentation v cloud architecture toolkit overview
Presentation v cloud architecture toolkit overview
solarisyourep
 
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
How to-migrate-and-manage-security-policies-in-a-segmented-data-center---webi...
Adi Gazit Blecher
 
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0Demystifying Orchestration and Assurance Across SDN NFV CE2.0
Demystifying Orchestration and Assurance Across SDN NFV CE2.0
WebNMS
 
Log insight technical overview customer facing (based on 3.x)
Log insight technical overview customer facing (based on 3.x)Log insight technical overview customer facing (based on 3.x)
Log insight technical overview customer facing (based on 3.x)
David Pasek
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
VMware
 
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
Pre-Con Ed: Integrate Your Monitoring Tools Into an Automated Service Impact ...
CA Technologies
 
3 Techniques to Increase Conversions for Your SaaS Business
3 Techniques to Increase Conversions for Your SaaS Business3 Techniques to Increase Conversions for Your SaaS Business
3 Techniques to Increase Conversions for Your SaaS Business
Kissmetrics on SlideShare
 
Expectation for SDN as Carrier's Network
Expectation for SDN as Carrier's NetworkExpectation for SDN as Carrier's Network
Expectation for SDN as Carrier's Network
Open Networking Summits
 
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
Managing Tomorrow’s Networks: The Impacts of SDN and Network Virtualization o...
CA Technologies
 
Private Cloud Architecture
Private Cloud ArchitecturePrivate Cloud Architecture
Private Cloud Architecture
Derek Keats
 

Similar to Security Practitioners guide to Micro Segmentation with VMware NSX and Log Insight (20)

Secure SDN
Secure SDNSecure SDN
Secure SDN
APNIC
 
Securing your vpc in aws
Securing your vpc in awsSecuring your vpc in aws
Securing your vpc in aws
vinoth kumar
 
How to Design a Backend for IoT
How to Design a Backend for IoTHow to Design a Backend for IoT
How to Design a Backend for IoT
İbrahim Gürses
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configuration
Dag Sonstebo
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
solarisyougood
 
Technical Architecture of RASP Technology
Technical Architecture of RASP TechnologyTechnical Architecture of RASP Technology
Technical Architecture of RASP Technology
Priyanka Aash
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
VMware
 
Stockholm Serverless Meetup - Serverless Challenges
Stockholm Serverless Meetup - Serverless ChallengesStockholm Serverless Meetup - Serverless Challenges
Stockholm Serverless Meetup - Serverless Challenges
İbrahim Gürses
 
Building security from scratch
Building security from scratchBuilding security from scratch
Building security from scratch
Roman Zelenko
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network Security
Scott Hoag
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
Intigua review aws integration
Intigua review aws integrationIntigua review aws integration
Intigua review aws integration
Scott Dainty
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
AlgoSec
 
Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)
Shawn Ismail
 
Cloud Native Microservices with Spring Cloud
Cloud Native Microservices with Spring CloudCloud Native Microservices with Spring Cloud
Cloud Native Microservices with Spring Cloud
Conor Svensson
 
Privileged Access Management for the Software-Defined Network
Privileged Access Management for the Software-Defined NetworkPrivileged Access Management for the Software-Defined Network
Privileged Access Management for the Software-Defined Network
CA Technologies
 
Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring
Conor Svensson
 
New NSX Pitch Deck 2023 030302020202.pptx
New NSX Pitch Deck 2023 030302020202.pptxNew NSX Pitch Deck 2023 030302020202.pptx
New NSX Pitch Deck 2023 030302020202.pptx
contaworldigital
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
VMworld
 
Secure SDN
Secure SDNSecure SDN
Secure SDN
APNIC
 
Securing your vpc in aws
Securing your vpc in awsSecuring your vpc in aws
Securing your vpc in aws
vinoth kumar
 
How to Design a Backend for IoT
How to Design a Backend for IoTHow to Design a Backend for IoT
How to Design a Backend for IoT
İbrahim Gürses
 
Automating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configurationAutomating CloudStack and hypervisor installation and configuration
Automating CloudStack and hypervisor installation and configuration
Dag Sonstebo
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
solarisyougood
 
Technical Architecture of RASP Technology
Technical Architecture of RASP TechnologyTechnical Architecture of RASP Technology
Technical Architecture of RASP Technology
Priyanka Aash
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
VMware
 
Stockholm Serverless Meetup - Serverless Challenges
Stockholm Serverless Meetup - Serverless ChallengesStockholm Serverless Meetup - Serverless Challenges
Stockholm Serverless Meetup - Serverless Challenges
İbrahim Gürses
 
Building security from scratch
Building security from scratchBuilding security from scratch
Building security from scratch
Roman Zelenko
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network Security
Scott Hoag
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
Intigua review aws integration
Intigua review aws integrationIntigua review aws integration
Intigua review aws integration
Scott Dainty
 
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
2020 09-30 overcoming the challenges of managing a hybrid environment - aws a...
AlgoSec
 
Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)Azure Network Security Groups (NSG)
Azure Network Security Groups (NSG)
Shawn Ismail
 
Cloud Native Microservices with Spring Cloud
Cloud Native Microservices with Spring CloudCloud Native Microservices with Spring Cloud
Cloud Native Microservices with Spring Cloud
Conor Svensson
 
Privileged Access Management for the Software-Defined Network
Privileged Access Management for the Software-Defined NetworkPrivileged Access Management for the Software-Defined Network
Privileged Access Management for the Software-Defined Network
CA Technologies
 
Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring
Conor Svensson
 
New NSX Pitch Deck 2023 030302020202.pptx
New NSX Pitch Deck 2023 030302020202.pptxNew NSX Pitch Deck 2023 030302020202.pptx
New NSX Pitch Deck 2023 030302020202.pptx
contaworldigital
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
VMworld
 

Recently uploaded (18)

Essential Tech Stack for Effective Shopify Dropshipping Integration.pdf
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdfEssential Tech Stack for Effective Shopify Dropshipping Integration.pdf
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdf
CartCoders
 
DATA COMMUNICATION components, modes of transmission & communication devices ...
DATA COMMUNICATION components, modes of transmission & communication devices ...DATA COMMUNICATION components, modes of transmission & communication devices ...
DATA COMMUNICATION components, modes of transmission & communication devices ...
samina khan
 
5 Reasons cheap WordPress hosting is costing you more | Reversed Out
5 Reasons cheap WordPress hosting is costing you more | Reversed Out5 Reasons cheap WordPress hosting is costing you more | Reversed Out
5 Reasons cheap WordPress hosting is costing you more | Reversed Out
Reversed Out Creative
 
All-4 Chapters-Emerging-technology-ppt.pptx
All-4 Chapters-Emerging-technology-ppt.pptxAll-4 Chapters-Emerging-technology-ppt.pptx
All-4 Chapters-Emerging-technology-ppt.pptx
beletetesfaw1
 
Networking concepts from zero to hero that covers the security aspects
Networking concepts from zero to hero that covers the security aspectsNetworking concepts from zero to hero that covers the security aspects
Networking concepts from zero to hero that covers the security aspects
amansinght675
 
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
Taqyea
 
Fast Reroute in SR-MPLS by Md Abdullah Al Naser
Fast Reroute in SR-MPLS by Md Abdullah Al NaserFast Reroute in SR-MPLS by Md Abdullah Al Naser
Fast Reroute in SR-MPLS by Md Abdullah Al Naser
Bangladesh Network Operators Group
 
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptxTransport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
ssuser80a7e81
 
IPv6 Mostly Experience at APRICOT by Yoshinobu Matsuzaki (IIJ)
IPv6 Mostly Experience at APRICOT by Yoshinobu Matsuzaki (IIJ)IPv6 Mostly Experience at APRICOT by Yoshinobu Matsuzaki (IIJ)
IPv6 Mostly Experience at APRICOT by Yoshinobu Matsuzaki (IIJ)
Bangladesh Network Operators Group
 
DNS & DNSSEC operational best practices - Sleep better at night with KINDNS i...
DNS & DNSSEC operational best practices - Sleep better at night with KINDNS i...DNS & DNSSEC operational best practices - Sleep better at night with KINDNS i...
DNS & DNSSEC operational best practices - Sleep better at night with KINDNS i...
Bangladesh Network Operators Group
 
Bsjsudhjsidudjdudjdudidjjdjdkdel-se-br.ppt
Bsjsudhjsidudjdudjdudidjjdjdkdel-se-br.pptBsjsudhjsidudjdudjdudidjjdjdkdel-se-br.ppt
Bsjsudhjsidudjdudjdudidjjdjdkdel-se-br.ppt
ssuserb171f7
 
Presentation About The Buttons | Selma SALTIK
Presentation About The Buttons | Selma SALTIKPresentation About The Buttons | Selma SALTIK
Presentation About The Buttons | Selma SALTIK
SELMA SALTIK
 
Concept and purpose of community diagnosis
Concept and purpose of community diagnosisConcept and purpose of community diagnosis
Concept and purpose of community diagnosis
felixsakwa55
 
Unlocking the Power of SIM Card IoT Connectivity.pdf
Unlocking the Power of SIM Card IoT Connectivity.pdfUnlocking the Power of SIM Card IoT Connectivity.pdf
Unlocking the Power of SIM Card IoT Connectivity.pdf
elite virtual staffing solutions
 
all Practical Project LAST summary note.docx
all Practical Project LAST summary note.docxall Practical Project LAST summary note.docx
all Practical Project LAST summary note.docx
seidjemal94
 
Cloud VPS Provider in India: The Best Hosting Solution for Your Business
Cloud VPS Provider in India: The Best Hosting Solution for Your BusinessCloud VPS Provider in India: The Best Hosting Solution for Your Business
Cloud VPS Provider in India: The Best Hosting Solution for Your Business
DanaJohnson510230
 
Paper: QFS: World Game (s) Great Redesign.pdf
Paper: QFS: World Game (s) Great Redesign.pdfPaper: QFS: World Game (s) Great Redesign.pdf
Paper: QFS: World Game (s) Great Redesign.pdf
Steven McGee
 
HPC_Course_Presentation_No_Images included.pptx
HPC_Course_Presentation_No_Images included.pptxHPC_Course_Presentation_No_Images included.pptx
HPC_Course_Presentation_No_Images included.pptx
naziaahmadnm
 
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdf
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdfEssential Tech Stack for Effective Shopify Dropshipping Integration.pdf
Essential Tech Stack for Effective Shopify Dropshipping Integration.pdf
CartCoders
 
DATA COMMUNICATION components, modes of transmission & communication devices ...
DATA COMMUNICATION components, modes of transmission & communication devices ...DATA COMMUNICATION components, modes of transmission & communication devices ...
DATA COMMUNICATION components, modes of transmission & communication devices ...
samina khan
 
5 Reasons cheap WordPress hosting is costing you more | Reversed Out
5 Reasons cheap WordPress hosting is costing you more | Reversed Out5 Reasons cheap WordPress hosting is costing you more | Reversed Out
5 Reasons cheap WordPress hosting is costing you more | Reversed Out
Reversed Out Creative
 
All-4 Chapters-Emerging-technology-ppt.pptx
All-4 Chapters-Emerging-technology-ppt.pptxAll-4 Chapters-Emerging-technology-ppt.pptx
All-4 Chapters-Emerging-technology-ppt.pptx
beletetesfaw1
 
Networking concepts from zero to hero that covers the security aspects
Networking concepts from zero to hero that covers the security aspectsNetworking concepts from zero to hero that covers the security aspects
Networking concepts from zero to hero that covers the security aspects
amansinght675
 
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
原版西班牙马拉加大学毕业证(UMA毕业证书)如何办理
Taqyea
 
Fast Reroute in SR-MPLS by Md Abdullah Al Naser
Fast Reroute in SR-MPLS by Md Abdullah Al NaserFast Reroute in SR-MPLS by Md Abdullah Al Naser
Fast Reroute in SR-MPLS by Md Abdullah Al Naser
Bangladesh Network Operators Group
 
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptxTransport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
Transport Conjjjjjjjjjjjjjjjjjjjjjjjsulting by Slidesgo.pptx
ssuser80a7e81
 
IPv6 Mostly Experience at APRICOT by Yoshinobu Matsuzaki (IIJ)
IPv6 Mostly Experience at APRICOT by Yoshinobu Matsuzaki (IIJ)IPv6 Mostly Experience at APRICOT by Yoshinobu Matsuzaki (IIJ)
IPv6 Mostly Experience at APRICOT by Yoshinobu Matsuzaki (IIJ)
Bangladesh Network Operators Group
 
DNS & DNSSEC operational best practices - Sleep better at night with KINDNS i...
DNS & DNSSEC operational best practices - Sleep better at night with KINDNS i...DNS & DNSSEC operational best practices - Sleep better at night with KINDNS i...
DNS & DNSSEC operational best practices - Sleep better at night with KINDNS i...
Bangladesh Network Operators Group
 
Bsjsudhjsidudjdudjdudidjjdjdkdel-se-br.ppt
Bsjsudhjsidudjdudjdudidjjdjdkdel-se-br.pptBsjsudhjsidudjdudjdudidjjdjdkdel-se-br.ppt
Bsjsudhjsidudjdudjdudidjjdjdkdel-se-br.ppt
ssuserb171f7
 
Presentation About The Buttons | Selma SALTIK
Presentation About The Buttons | Selma SALTIKPresentation About The Buttons | Selma SALTIK
Presentation About The Buttons | Selma SALTIK
SELMA SALTIK
 
Concept and purpose of community diagnosis
Concept and purpose of community diagnosisConcept and purpose of community diagnosis
Concept and purpose of community diagnosis
felixsakwa55
 
Unlocking the Power of SIM Card IoT Connectivity.pdf
Unlocking the Power of SIM Card IoT Connectivity.pdfUnlocking the Power of SIM Card IoT Connectivity.pdf
Unlocking the Power of SIM Card IoT Connectivity.pdf
elite virtual staffing solutions
 
all Practical Project LAST summary note.docx
all Practical Project LAST summary note.docxall Practical Project LAST summary note.docx
all Practical Project LAST summary note.docx
seidjemal94
 
Cloud VPS Provider in India: The Best Hosting Solution for Your Business
Cloud VPS Provider in India: The Best Hosting Solution for Your BusinessCloud VPS Provider in India: The Best Hosting Solution for Your Business
Cloud VPS Provider in India: The Best Hosting Solution for Your Business
DanaJohnson510230
 
Paper: QFS: World Game (s) Great Redesign.pdf
Paper: QFS: World Game (s) Great Redesign.pdfPaper: QFS: World Game (s) Great Redesign.pdf
Paper: QFS: World Game (s) Great Redesign.pdf
Steven McGee
 
HPC_Course_Presentation_No_Images included.pptx
HPC_Course_Presentation_No_Images included.pptxHPC_Course_Presentation_No_Images included.pptx
HPC_Course_Presentation_No_Images included.pptx
naziaahmadnm
 

Security Practitioners guide to Micro Segmentation with VMware NSX and Log Insight

  • 1. MICRO SEGMENTATION SECURITY INCEPTION: A SECURITY PRACTITIONERS GUIDE TO WITH LOG INSIGHT
  • 2. AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
  • 3. AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
  • 4. SECURITY INCEPTION: SECURITY PRACTITIONERS GUIDE TO MICRO SEGMENTATION WITH LOG INSIGHT GOALS ▸ Where do I start? ▸ Finding the traffic ▸ Building the rules ▸ Visualising the data ▸ Automating ▸ Example Security Architecture PRODUCTS ▸ vSphere ▸ NSX for vSphere ▸ vRealize Log Insight ▸ PowerCLI / PowerNSX
  • 5. AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
  • 6. DISTRIBUTED FIREWALL LOGS LOGS SOMEWHERE APP1WEB1 ▸ Firewall rules or Access lists were the point of visibility ▸ Only inter-tier communication was protected and seen ▸ Very tricky to detect and enforce workloads on the same network segment ▸ Private VLANs were used to enforce east-west communication NETWORK DC FIREWALL Logs
  • 7. DISTRIBUTED FIREWALL LOGS LOGS EVERYWHERE APP1 NETWORK WEB1 ▸ Logs can be found at the DC Firewall, NSX Edge, Distributed Firewall ▸ Logs allow the trace of an application end to end (even if NAT is used!) DC FIREWALL Logs DFWDFWLogs Logs▸ DFW has both ingress and egress of source and destination workloads ▸ Logs on every device are cumbersome to collect and analyse
  • 8. BOOKSTORE APPLICATION TOPOLOGY FUNCTION IP ADDRESS WEBLB 192.168.100.193 WEB01 10.0.1.11 WEB02 10.0.1.12 APPLB 172.16.1.6 APP01 10.0.2.11 APP02 10.0.2.12 DB01 10.0.3.11 WEB2 DB1 EXTERNAL NETWORK DFWDFW WEB1 DFW APP2 DFW APP1 DFW WEB LS APP LS DB LS TRANSIT LS EDGE
 01 NSX DC FIREWALL APPLICATION A APPLICATION B APPLICATION C
  • 9. BOOKSTORE APPLICATION MICRO SEGMENTATION ▸ Current security requirements are not enforced ▸ Unsure of inter-tier communication ▸ What ports are required to be opened? ▸ Not sure where to start ▸ Secure applications topologies ▸ Granular logging ▸ Visualisation / Dashboard of application security logs ▸ Repeatable process for other applications CURRENT STATE DESIRED OUTCOME NSX
  • 10. AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
  • 11. IOCHAINS WHAT CAN I SEE? DISTRIBUTED FIREWALL ▸ vNIC level firewall on every VM ▸ Rules that are created via vCenter UI are pushed to NSX Manager to be stored. API is directly against NSX Manager. ▸ Rules are pushed down to relevant hosts (Applied To) or all (Distributed Firewall) ▸ This is parsed by VSFWD on each vSphere host. ▸ VM-ID is used to apply rules to pertinent vNICs ▸ Applied To field will still resolve back to VM-ID NSX VM NETWORK … 15 ESXI- FIREWALL0 USED FOR DVS ACLS SW-SEC1 VM-IP AND ARP LEARNING VMWARE- SFW2 DISTRIBUTED FIREWALL ENFORCEMENT PARTNER-14 NET-X PARTER REDIRECTION POINT VSPHERE HOST
  • 12. BOOKSTORE APPLICATION MICRO SEGMENTATION ▸ Security Groups provide a logical grouping construct ▸ Intelligent grouping ▸ Usually used to group ‘like’ workloads together such as Web, App, and DB ▸ Security Group ends up as source or destination for rules ▸ Rules are used built using Security Group as source and destination ▸ Permit All means traffic to or from destined group is caught FENCING WITH SECURITY GROUPS NSX
  • 13. BOOKSTORE APPLICATION FENCING WEB2 DB1 DFWDFW WEB1 DFW APP2 DFW APP1 DFW SGTSWEB SGTSAPP SGTSDB NSX SGTSBOOKS LOG INSIGHT
  • 14. BOOKSTORE APPLICATION MICRO SEGMENTATION DISTRIBUTED FIREWALL TAGS ▸ Arbitrary text string stamped to all logs ▸ Can be searched in any log platform ▸ Helps group rules with human friendly context ▸ Log Insight Management Pack provides RegEx expressions that can be used in conjunction with it NSX
  • 15. VISUALISING RULES ▸ Pie chart identifies source IP address and destination IP/Port ▸ Colours indicate different destination ▸ Filtered based on DFW Tag - must contain SGTSWeb ▸ Allows for quick creation of subsequent tables BOOKSTORE APPLICATION MICRO SEGMENTATION NSX
  • 16. AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
  • 17. DISTRIBUTED FIREWALL RULES ‣ Taking log output and creating rules ‣ Web Tier chart sees internal edge interface (172.16.1.1) talk to both Web VMs (10.0.1.11/12) within SGTSWeb on port 80. ‣ This results in rule #1 created. BOOKSTORE APPLICATION MICRO SEGMENTATION NSX
  • 18. DISTRIBUTED FIREWALL RULES ‣ Building individual allow rules against known logs visualised ‣ Ensures application topology is logically covered BOOKSTORE APPLICATION MICRO SEGMENTATION NSX WEB2 DB1 DFWDFW WEB1 DFW APP2 DFW APP1 DFW SGTSWEB SGTSAPP SGTSDB SGTSBOOKS ‣ Final rule created is Any source, Any destination, Any service, Block and log. ‣ Applied to SGTSBooks
  • 19. AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
  • 20. CUSTOM DASHBOARDS PER APPLICATIONS ▸ Custom dashboards can be created from ANY data seen by Log Insight ▸ Known as queries ▸ Super flexible with a number of controls ▸ Creating a “Bookstore Security” dashboard ▸ Web, App, DB, and SGTSBook queries ▸ Creating SRC IP, Protocol, DST IP + PORT ▸ Add to Dashboard ▸ Populate notes! BOOKSTORE APPLICATION MICRO SEGMENTATION NSX
  • 21. THE BOOKSTORE CUSTOM DASHBOARD BOOKSTORE APPLICATION MICRO SEGMENTATION NSX
  • 22. AGENDA INTRODUCTION 
WHERE DO I START? 
FINDING THE FLOWS 
BUILDING THE RULES 
VISUALISING THE DATA 
AUTOMATING THE STACK
  • 23. SCALING APPLICATIONS AND MAINTAINING SECURITY VISIBILITY SGT2-DMZ-PROTECTED REPEATABLE SECURITY ARCHITECTURE SGT3-DMZ-PROTECTED-3TA-WEB SGT3-DMZ-PROTECTED-3TA-DB SGT3-DMZ-PROTECTED-3TA-APP FOUNDATION INFRASTRUCTURE APPLICATION SGT1-TOPSECRET SGT1-SECRET SGT1-CONFIDENTIAL SGT1-PROTECTED CLASSIFICATIONS SECURITYTAGINCLUSION SGT1-DEV SGT1-PRODUCTION SGT1-DMZ CLUSTERS CLUSTERINCLUSION CLUSTER + CLASSIFICATION (CLUSTER+CLASSIFICATION) + TIERS SGT1-3TA-DB SGT1-3TA-APP SGT1-3TA-WEB TIERS SECURITYTAGINCLUSION
  • 24. SCALING APPLICATIONS AND MAINTAINING SECURITY VISIBILITY SGT2-PROTECTED-3TA-WEB SGT2-PROTECTED-3TA-DB SGT2-PROTECTED-3TA-APP REPEATABLE SECURITY ARCHITECTURE SGT3-DMZ-PROTECTED-3TA-WEB SGT3-DMZ-PROTECTED-3TA-DB SGT3-DMZ-PROTECTED-3TA-APP INFRASTRUCTURE APPLICATION POLICY
 DNS POLICY
 AD POLICY
 WEB POLICY
 APP POLICY
 DB FOUNDATION SGT1-TOPSECRET SGT1-SECRET SGT1-CONFIDENTIAL SGT1-PROTECTED SGT1-3TA-DB SGT1-3TA-APP SGT1-3TA-WEB SGT1-DEVELOPER SGT1-PRODUCTION SGT1-DMZ POLICY
 DNS POLICY
 DNS
  • 25. SECURITY INCEPTION: SECURITY PRACTITIONERS GUIDE TO MICRO SEGMENTATION WITH LOG INSIGHT LOG INSIGHT ▸ 25 OSI pack included with all licensed vCenter instances ▸ Per CPU socket licensing included with all vCloud Suite ▸ Operating System Instance denotes an individual endpoint outside a vCentre domain
 (Network device, Physical Object, Storage array) ▸ CPU socket includes all virtual objects associated to that vSphere host (VMs, DFW, Load Balancer, NSX Edges)
  • 27. SECURITY INCEPTION: SECURITY PRACTITIONERS GUIDE TO MICRO SEGMENTATION WITH LOG INSIGHT FIND OUT MORE ▸ Anthony Burke - Senior Systems Engineer, VMware Network and Security Business Unit ▸ VCIX-NV, CCNP, closing in on a VCDX-NV ▸ Author at networkinferno.net ▸ An author of the upcoming VMware press title: 
 VMware NSX 6.2 for vSphere Essentials ▸ An author of the newly released VMware NSX Fundamentals LiveLessons ▸ Find me on Twitter as @pandom_

Download presentation

Your download has started