When Zero Trust is a Good Thing: VMware NSX Security
As firewalls and security management become more integrated with virtual environments, there are big changes happening in how we design, deploy, and manage these products. VMware NSX is neatly integrated within the VMware virtualization platform as you can imagine, but there is much more possible with the product.
Zero Trust Security With VMware NSX
A new security model that has been made possible with NSX virtualization is one described as a Zero Trust model. Previously, ACLs and Firewall rules were traditionally managed on segments, and zones which has the potential to leave a hole in the even that a VM is misconfigured.
Using the new stateful firewall capabilities that are attached to the VM, rather than the network segment higher higher up the stack, we can ensure that policies provide a much more granular control and that they follow the VM because it is attached to a virtual port in the NSX network which retains the configuration regardless of where the VM moves in the host environment.
Brad Hedlund has produced yet another great article on VMware NSX which fully explains the Zero Trust security model and how it relates to VMware NSX.
You can read Brad’s full article here at his blog for a full view of the Zero Trust Security model explanation.