Network virtualization platforms distribute network services into the vSwitch to form a logical pipeline of services applied to virtual network traffic. Third-party network services can be inserted into this logical pipeline, allowing physical or virtual services to be consumed in the logical pipeline.
A powerful benefit of the network virtualization approach is its ability to build policies that leverage service insertion, chaining, and steering to drive service execution in the logical services pipeline based on the result of other services, making it possible to coordinate otherwise completely unrelated network security services from multiple vendors.
For example, VMware's integration with Palo Alto Networks uses the VMware NSX platform to distribute the Palo Alto Networks VM-Series next-generation firewall, making the advanced features locally available on each hypervisor. Network security policies, defined for applications workloads provisioned or moved to that hypervisor, are inserted into the virtual network's logical pipeline. At runtime, the service insertion leverages the locally available Palo Alto Networks next-generation firewall feature set to deliver and enforce application, user, and context-based controls policies at the workload's virtual interface.
Consistent security models across physical and virtual infrastructure
Network virtualization provides a platform that allows automated provisioning and context-sharing across virtual and physical security platforms. Partner services traditionally deployed in a physical network environment are easily provisioned and enforced in a virtual network environment, which delivers a consistent model of visibility and security across applications residing on either physical or virtual workloads.
Traditionally, this level of network security would have forced network and security teams to choose between performance and features. Leveraging the ability to distribute and enforce the advanced feature set at the application's virtual interface delivers the best of both.
The infrastructure maintains policy, allowing workloads to be placed and moved anywhere in the data center without manual intervention. Pre-approved application security policies can be applied programmatically, enabling self-service deployment of even complex network security services.
As more data centers adopt network virtualization and move toward the software-defined data center, we'll see a broad range of traditional security solutions that leverage the unique position of the network virtualization platform in the hypervisor. Detailed knowledge of VMs and application process owners, combined with automated provisioning speed and operational efficiency, is the foundation for an exciting new approach to some very old challenges.
New Tech Forum provides a means to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all enquiries to firstname.lastname@example.org.