VMware is transforming hybrid cloud security for mobile end users through a combination of VMware NSX network virtualisation, AirWatch and VMware Horizon.
At the RSA Conference, VMware showcased how VMware NSX, when deployed with AirWatch EMM or VMware Horizon, addresses the enterprise security challenge of over-provisioned data centre access through the use of network micro-segmentation. This combination creates an individualised virtual network that allows users or groups to access only the specific applications within the data centre to which they are authorised. This model can prevent users from accessing or even seeing resources that exist within the data centre to which they are not entitled. Through this combined solution, IT can help minimise security threats resulting from over-provisioned access that is common with traditional gateway VPNs.
VMware is a driving force in helping to evolve security inside the data centre through micro-segmentation with VMware NSX, and on the device level through capabilities such as per-application VPN,” said Noah Wasmer, vice president of product management and CTO, End-User Computing, VMware. “Today we are bringing the power of these two solutions together to deliver the ability to implement a fully-segmented virtualised data centre network that meets the unique challenges presented by today’s mobile end users.
Organisations typically provide user access through a secure VPN gateway connection into the cloud data centre where applications and data reside. Once inside the data centre, however, users can gain nearly unlimited access to all of the resources inside of the data centre. Modern attacks exploit this perimeter-centric defence strategy by ‚Äòhitching a ride’ from authorised users using completely secure connections, then moving laterally within the data centre between workloads with little or no controls to block propagation. As more and different types of devices are coming into businesses, IT requires a solution that solves this over-provisioned access challenge to provide secure, restricted access to only the resources to which users are entitled.
VMware NSX helps solve this challenge through network micro-segmentation inside the data centre. The VMware NSX approach to securing user access offers several advantages over traditional security approaches‚Äîautomated provisioning, automated move/add/change for workloads, distributed policy enforcement at every virtual interface and in-kernel, scale-out firewalling distributed to every hypervisor or virtual desktop and baked into the platform.
¬∑ Deploying VMware NSX with AirWatch Enterprise Mobility Management – combining AirWatch identity management and per-app VPN controls with VMware NSX network virtualisation completes the security bridge from the device to the data centre. This solution enables IT to assign exact data centre resources to specific applications based on the organisational groups already set up through AirWatch EMM. The permissions set by IT can prevent the enterprise from overexposing data centre information to applications on any device while still empowering the mobile user with the corporate resources they need to do work efficiently and effectively. The combined solution also gives admins greater visibility into what mobile users can access and eases change management as new applications come online.
¬∑ Deploying VMware NSX with Horizon – this solution enables effective firewalling for each virtual desktop at a VM level, preventing the spread of threats from desktop to server as well as desktop to desktop. Security policies can be created based on individual users or logical groupings, rather than being tied to rigid network topologies, and VMware NSX streamlines and simplifies configuration of security policies based on types of users (e.g.,
engineering, HR, finance) and types of data being accessed (e.g., credit card, payroll). Because mobile and virtual desktop sessions are more dynamic than server workloads, static security policies are far less effective. VMware NSX simplifies and automates application of
network and security policies to users or virtual desktop pools.
* Follow Gadget on Twitter on @GadgetZA