but he's not allowed communications to the HR system.
With NSX and identity-based firewalling,
we can say that anyone in our HR environment by connecting
our active directory to the horizon environment or citrix environment,
and say that these folks,
HR folks are allowed to talk to their HR application.
But our engineering folks,
when they log into their desktop,
are not allowed to talk to our HR system or HR application.
That provides granular base control based on the users need within the environment.
One of other use cases here is what I refer to as elasticity within a VDI deployment.
I see elasticity because VDI deployments are hardly ever static.
We usually have a pool of desktops that are waiting and willing
and ready for users to accept connections to,
but that may not always be the case.
We may not have enough desktops provision at the time where we might need
to provision a new desktop for more users to gain access to the VDI pool.
With NSX and the same concept that we're talking about here and the first use case,
our ability to group these VDI desktops systems into a security group.
The security group and security that's involved for the systems is elastic,
meaning that, as we add more virtual desktop systems to the security group,
the security group grows horizontally and continues to
encapsulate all the VDI desktops systems that should be in that security group.
This means that the same security policy that VDI desktops
system 01 and 02 already have in place,
03 will adopt that same security posture until the desktop is no longer needed.
When I say elasticity, it means if this desktop is no longer
needed and the pool will shrink back down,
meaning that our security group and our security posture will
only encompass the machines that are actually active on the network.
Our last use case is all these VDI desktops systems are great right?
All these systems were able to spin up virtual desktops,
and everything is just great.
But, what about the actual virtual machines that make up
the management environment for actually
making these VDI desktops systems actually come alive?
With NSX, we can take the same,
when we talked about that in our last session around
microsegmentation and being able to put firewalls at all of our virtual machines,
we could do that same concept with the VDI desktop management environment,
and we could say that our VDI management systems may
only need to talk to the next system over port say 8443,
and this other system mailing to talk over 443.
We're able to actually limit the communication paths for the management systems,
so that the management system has the same security posture,
that are other desktops or other application servers
within the data center currently have leveraging with NSX.
So to recap, security and end-user computing solutions with NSX,
there is at least six different use cases here in which we can
actually provide business results for end-users.
Thanks for watching. In the next section,
we're actually going to talk about how to leverage
VMware NSX solutions for DMZ, anywhere style environments.