This 8 week online course equips learners with the basics of network virtualization with VMware NSX. To get the most of this course, you should have familiarity with generic IT concepts of routing, switching, firewalling, disaster recovery, business continuity, cloud and security. At the end of the course, you will be able to: • Understand network virtualization basics • Describe NSX business value and use cases • Explain how NSX is different from traditional networking • Summarize networking and security solution architecture with VMware NSX around these key areas: + Micro-segmentation + Automation with OpenStack + Automation with VMware vRealize Automation + Disaster Recovery and Business Continuity + Operational Transformation • Demonstrate understanding through hands-on experience • Develop a learning plan for network virtualization certification If you are new to network virtualization, download our Network Virtualization for Dummies guide. http://learn.vmware.com/36350_NSX_ITAutomation_Reg?src=af_5acfd24cebb90&cid=70134000001YR9b
Secure End-User Computing Solutions with VMware NSX
Loading...
From the course by VMware
Networking and Security Architecture with VMware NSX
4 ratings
From the lesson
Security Solutions with VMware NSX
This module dives into VMware NSX as a security platform that provides a defensive in depth solution. The content compares traditional security solutions with the in-kernel firewall provided by VMware NSX. In addition, this module covers application behavior monitoring and the ecosystem of partners that integrate with VMware NSX to provide a comprehensive security solution.
Meet the Instructors
Chris McCainDirector of Product Management
Networking & Security
In this section,
we're going to talk about secure end-user computing solutions with VMware NSX.
VMware NSX when combined with an end-user computing solution,
we actually have six different use cases that we can actually, in business problems,
that we can actually solve within NSX for secure end-user computing environments.
So, let's take a look at the first use case.
First use case is around our ability to do
micro-segmentation around all of our VDI desktops systems.
If you actually take a look and think about what
our VDI systems actually look like, these are systems running,
say things like Windows 7 or Windows 10, or even Linux,
and our ability to actually control
the traffic that actually goes between those virtual machines.
If you think about that in terms of like a physical desktop environment,
these physical machines or these machines shouldn't normally talk to each other.
These workloads are now living within your data center,
and their ability to talk to each other can compromise not only themselves,
but also other workloads within your data center.
When you apply NSX,
each one of these VDI desktops systems actually gets a firewall,
and we can with one rule,
say all of our VDI systems cannot talk to VI by just creating
a security group called VDI or
something similar and placing all those virtual machines within that group.
It's a very easy way to control intra,
VDI traffic with NSX.
Let's take a look at the next use case.
This comes around our ability to logically group and
secure different pools of desktops within a VDI deployment.
It is possible for there to be one or even more pools of desktop systems
based on the actual workloads that are
necessary or the user groups that are actually accessing them.
With NSX, this could possibly be a development environment,
where our developers have access to virtual desktops,
or this could actually be our production environment,
where our production users that normally use their desktops on
a daily basis are grouped together for their own use.
Now, our developers may be doing development work with
products or even applications that don't need to talk to our production environment.
So, with NSX and placing a firewall at each one of these VDI desktops,
we can actually block and control communications that happen between desktop pools.
So, we can also do this type of security with being able to secure one specific pool,
and then we can apply that to all subsequent pools going forward.
Another use case that we have is,
around this ability to provide agentless antivirus, agentless malware,
IDS/IPS services through third party partners
with a technology called Guest Introspection.
With Guest Introspection and third party partners,
we can actually offload
normal applications that would
technically be used with an agent that resides in each one of these systems.
We can actually take these and actually provide them through
the host agentless antimalware or IDS/IPS,
by connecting the third-party components to NSX and
actually using them to provide the software solution through the hypervisor.
The next solution that we have here is around their ability to actually
control who can actually log into the desktops,
and what resources they can actually have access to
within our data center through the identity-based firewall.
We have our desktop pool here that our production users can gain access to.
We have an HR employee who wants to gain access into their VDI deployment,
and get access to their HR application within the data center.
Then, we have our engineer who logs into the same pool,
but he's not allowed communications to the HR system.
With NSX and identity-based firewalling,
we can say that anyone in our HR environment by connecting
our active directory to the horizon environment or citrix environment,
and say that these folks,
HR folks are allowed to talk to their HR application.
But our engineering folks,
when they log into their desktop,
are not allowed to talk to our HR system or HR application.
That provides granular base control based on the users need within the environment.
One of other use cases here is what I refer to as elasticity within a VDI deployment.
I see elasticity because VDI deployments are hardly ever static.
We usually have a pool of desktops that are waiting and willing
and ready for users to accept connections to,
but that may not always be the case.
We may not have enough desktops provision at the time where we might need
to provision a new desktop for more users to gain access to the VDI pool.
With NSX and the same concept that we're talking about here and the first use case,
our ability to group these VDI desktops systems into a security group.
The security group and security that's involved for the systems is elastic,
meaning that, as we add more virtual desktop systems to the security group,
the security group grows horizontally and continues to
encapsulate all the VDI desktops systems that should be in that security group.
This means that the same security policy that VDI desktops
system 01 and 02 already have in place,
03 will adopt that same security posture until the desktop is no longer needed.
When I say elasticity, it means if this desktop is no longer
needed and the pool will shrink back down,
meaning that our security group and our security posture will
only encompass the machines that are actually active on the network.
Our last use case is all these VDI desktops systems are great right?
All these systems were able to spin up virtual desktops,
and everything is just great.
But, what about the actual virtual machines that make up
the management environment for actually
making these VDI desktops systems actually come alive?
With NSX, we can take the same,
when we talked about that in our last session around
microsegmentation and being able to put firewalls at all of our virtual machines,
we could do that same concept with the VDI desktop management environment,
and we could say that our VDI management systems may
only need to talk to the next system over port say 8443,
and this other system mailing to talk over 443.
We're able to actually limit the communication paths for the management systems,
so that the management system has the same security posture,
that are other desktops or other application servers
within the data center currently have leveraging with NSX.
So to recap, security and end-user computing solutions with NSX,
there is at least six different use cases here in which we can
actually provide business results for end-users.
Thanks for watching. In the next section,
we're actually going to talk about how to leverage
VMware NSX solutions for DMZ, anywhere style environments.
Explore our Catalog
Join for free and get personalized recommendations, updates and offers.
Coursera provides universal access to the world’s best education,
partnering with top universities and organizations to offer courses online.
© 2018 Coursera Inc. All rights reserved.
