How Does VMware NSX Work?
VMware NSX’s native security capabilities, automation, and extensibility framework are leveraged by Check Point to dynamically insert, deploy, and orchestrate advanced security services inside the Software-Defined Data Center to enhance customers’ VMware NSX security.
VMware NSX provides network virtualization, and accomplishes this by taking advantage of network encapsulation. This wraps the network traffic flowing over NSX within protocols that the physical network hardware natively supports (like GRE). However, the physical hardware has no visibility into the actual encapsulated traffic.
NSX gateways are deployed at all connections between the internal virtual network and the physical network. This enables encapsulation to be applied and removed as needed when transitioning from physical to virtual connections and back again.
Key Features and Benefits of VMware NSX
VMware NSX uses network function virtualization (NFV) to provide a number of benefits, including:
- Network Automation: VMware NSX is a software-defined networking (SDN) solution. This makes it possible to automate deployment, configuration, and updates of the network infrastructure since all components are virtualized and implemented as code. As a result, networks are more agile and adaptable.
- Multi-Cloud Support: Different cloud environments can have different implementations of network infrastructure and security, making multi-cloud environments complex and difficult to secure. Network virtualization provides consistent network infrastructure across all environments, enhancing its performance and security.
- Intrinsic Segmentation: Network segmentation is the foundation of network security, enabling different systems and network sections to be separated from one another and have all cross-boundary traffic inspected and monitored. With a virtualized network, these boundaries can be defined and enforced in software, rather than requiring physical network infrastructure and firewalls.
- Reduced Overhead: VMware NSX enables networking and security functionality to be converted from physical appliances to software-defined solutions. This eliminates the cost of acquiring, configuring, managing, and maintaining these appliances, reducing both capital expenditure (CapEx) and operating expenditure (OpEx).
Cloud Network Security and Visualization
VMware NSX provides full network virtualization in both on-premises and cloud-based environments. This virtualization offers network consistency across cloud platforms and provides a level of visibility that is often lacking in the cloud. Additionally, NSX’s support for segmentation of its virtualized network infrastructure makes it possible to easily define and enforce internal network boundaries, providing more granular traffic visibility and security policy enforcement.
Check Point CloudGuard Network Security provides consistent policy management and enforcement of advanced security protections, is automatically deployed and dynamically orchestrated into software-defined data center environments. CloudGuard leverages the capabilities of VMware NSX to complement and enhance its integrated security capabilities. By integrating with NSX, CloudGuard is able to achieve deeper visibility and provide improved security for public, private, hybrid, and multi-cloud environments.
Securing the Cloud with VMware NSX and CloudGuard
VMware NSX offers an array of integrated security protections. Its virtualization simplifies network segmentation and enforcement of security policies. Check Point CloudGuard Network Security for VMware NSX uses NSX’s capabilities to insert its own advanced threat prevention and multi-layered security protections into cloud environments to further enhance customers’ VMware NSX security.
This provides a number of cloud security benefits, such as:
- Security Automation and Orchestration: Cloud environments are fast-moving, and rapid cloud adoption means that organizations’ cloud infrastructure often sprawls over multiple vendors and types of cloud deployments. By integratingwith NSX, CloudGuard is able to automatically configure and update security policies and settings at the network level to meet the changing requirements of the business.
- Policy and Compliance Enforcement: With the network-level visibility and control provided by NSX, CloudGuard has deep visibility into cloud network traffic. This allows it to enforce contextual security policies to ensure that activities in the cloud comply with corporate policy and the requirements of applicable regulations, such as the Payment Card Industry Data Security Standard (PCI DSS).
- Data Protection: Data leaks from cloud infrastructure are common, most often due to poor security configurations. Together, VMware NSX and CloudGuard ensure that all traffic in the cloud undergoes security inspection to verify that no sensitive data is being leaked from the cloud.
- Centralized Security Management: Check Point’s unified threat management solutions are designed to provide visibility across an organization’s entire IT infrastructure – including both on-prem systems and public, private, and hybrid cloud deployments – from a single pane of class portal. A deep technological and product partnership with VMware NSX provides the advanced private cloud security and required visibility into network traffic across cloud environments.
Check Point and VMware’s partnership makes it easier to secure virtualized environments. To learn more about architecture best practices for VMware NSX security, check out this webinar. To read a customer story, click here or watch the video. You’re also welcome to sign up for a free CloudGuard demo to see its capabilities in action.
For questions and more information about securing the cloud, contact us to schedule a discussion with a cloud security expert.
Feedback