Virtualization has brought IT many gifts. It has made the impossible not just possible, but common. From server consolidation to the cloud, virtualization is now the dominant computing platform worldwide.
Beyond expanding computing capabilities, virtualization can also be considered a method to increase network security. Rod Stuhlmuller, Director of Product Marketing in the Networking & Security Business Unit at VMware, takes us through four ways that security can be improved through network virtualization. -- Paul Venezia
How network virtualization improves security
In cloud data centers, application workloads are provisioned, moved, and decommissioned at will. Cloud management software allocates compute, storage, and network capacity on demand.
Add network virtualization to that dynamic environment, and the operational model for networking changes completely. Profound changes of this sort tend to make security professionals nervous, but in reality, neCtwork virtualization includes several built-in network security advantages. These include isolation and multitenancy; segmentation; distribution firewalling; and service insertion and chaining. Network virtualization platforms can combine these features with other security functions to streamline security operations in a software-defined data center.
Isolation and multitenancy
One of the core features of network virtualization is isolation -- the foundation of most network security, whether for compliance, containment, or just to keep development, test, and production environments from interacting. Virtual networks are isolated from other virtual networks and from the underlying physical network by default, delivering the security principle of least privilege. No physical subnets, VLANs, ACLs, or firewall rules are required to enable this isolation.
Any isolated virtual network can be made up of workloads distributed anywhere in the data center. Workloads in the same virtual network can reside on the same or separate hypervisors. Workloads in multiple isolated virtual networks can reside on the same hypervisor. Isolation between virtual networks allows for overlapping IP addresses, making it possible to have isolated development, test, and production virtual networks -- each with different application versions, but with the same IP addresses, and all operating at the same time on the same underlying physical infrastructure.