CONTEXT-AWARE
MICRO-SEGMENTATION WITH
VMWARE NSX DATA CENTER
Protect the Network from the Lateral Spread of Threats
Consistent Security from the Data Center, to the Cloud, to the Edge
With VMware NSX® Data Center, security policies can be defined consistently
across the entire environment, regardless of the type of application or where
it has been deployed. Policies are enforced at the individual workload level,
which enables the segmentation of workloads that live on the same physical
host without having to hairpin traffic out through an external physical or
virtual firewall. This granular level of security is called micro-segmentation.
“
“With the increasing number
of IoT devices, the more
segmented our network is, the
better off we are…That way,
threats can’t move laterally
within the data center.”
CHRISTOPHER FRENZ
DIRECTOR OF INFRASTRUCTURE
INTERFAITH MEDICAL CENTER
Figure 1. Micro-segmentation refers to the enforcement of network security policy at the individual
workload level.
V M W A R E N S X D ATA C E N T E R | 1
CONTEXT-AWARE MICRO-SEGMENTATION WITH VMWARE NSX DATA CENTER
KEY HIGHLIGHTS Micro-segments built with NSX Data Center are defined and managed in
• The distributed, dynamic nature software, making them agile and automatable. As new workloads get deployed,
of modern applications makes they automatically inherit the security policies that stay with the workload
legacy, perimeter-centric security throughout its lifecycle, no matter where it has been provisioned or where it
insufficient. might move to.
• VMware NSX Data Center enables
micro-segmentation to protect Context-Aware Micro-Segmentation, Security Aligned to
applications from the lateral spread Applications and Data
of threats.
The ability to define security policies based on what matters most is equally as
• Security policy gets defined based important as consistent delivery of the policies. NSX Data Center decouples
on application context and enforced security policy from static network attributes like IP address, port, and protocol,
on the individual workload. and allows for the definition of policies based on a contextual understanding of
• Security is delivered consistently the application and the infrastructure. These contexts include user and identity
from the data center, to the cloud, attributes, workload attributes (like operating system), or even regulatory
to the edge. compliance scopes.
Figure 2. Micro-segments in NSX Data Center can be defined based on a number of different contexts,
including regulatory compliance scopes.
SOLUTION OVERVIE W | 2
CONTEXT-AWARE MICRO-SEGMENTATION WITH VMWARE NSX DATA CENTER
Get started today with a free virtual network assessment to analyze your current
network traffic and begin planning your micro-segmentation project. To learn
more, visit www.vmware.com/products/nsx/security.
VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com
Copyright © 2018 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents
listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All other marks and names
mentioned herein may be trademarks of their respective companies. Item No: 147939wf-vmw-q2fy19-sddc-launch-so-nsbu-context-aware-micro-seg-a4
5/ 18