While true for all enterprise software, when it comes to security, every organisation wants one dashboard to rule them all – to implement security policies consistently. That consistency of operation should be proper, regardless of wherever the service resides and is consumed from.
NSX is no different and VMware has been working behind the scenes on that capability. The fruit of that labour is what VMware is calling NSX+ which is a SaaS (Software as a Service) deployment and aims to provide 5 “as-a-service” services:
- Policy Management
- Application Visibility
- Network Detection & Response
- ALB Controller
- HCX+ Workload Mobility
Policy Management allows customers to define and deploy consistent security and network policies across all locations.
Application Visibility provides network flow recommendations for applications so that more efficient and accurate application mappings can be created. Essentially, it allows you to create a zero-trust micro-segmentation environment so that all unexpected traffic can be dropped, thereby improving the security posture.
Network Detection & Response provides the capability to triage and block/isolate incoming threats in your environment
ALB Controller capability allows the AVI controllers to be deployed and run from the cloud, and finally,
Hybrid Cloud Extension service allows organisations to migrate virtual machines between whichever cloud deployment they might have.
All of these services will be available as SaaS under the NSX+ umbrella and organisations will be able to subscribe to them as per their needs. At launch, NSX+ will provide consistent policy management to on-premises environments, with support for VMware Cloud on AWS coming soon.
In this post, I will pick two key capabilities that I see making a positive impact on NSX’s ease of management and therefore, adoption.
NSX+ Multi-Tenant Self-Service Policy Management
A cool capability that NSX+ introduces is multi-tenancy for self-service cloud consumption. The mechanism works by defining the various tenants in the environment and calling them “Projects”. That part is done by the Enterprise Administrator.
Those projects are then assigned to application owners – with appropriate user rights – to be managed by them on a self-service basis. They become the “Project Administrators”.
From then on, those projects are treated as an entity on their own and the project administrators can configure them as per their needs, with their own logging and monitoring arrangements, amongst other functions. As you can see from the slide, different lines of business areas can have their own project administrator and they can configure their part independently, without affecting each other and best of all, without involving the Enterprise Administrators.
With NSX+, the projects can also span locations which allows those project administrators to keep the policies and configurations consistent across the organisation. If you remember Federation capabilities in NSX, think of NSX+ Multi-Tenant Self-Serivce Policy Management as “federation on steroids” which will allow you to manage all your locations from a single management console.
NSX VPC (Virtual Private Cloud)
I am also excited about this new capability of creating virtual private clouds in NSX. Public clouds have had this capability for a while but providing it in NSX, will simplify and accelerate the deployment of standard configurations inside projects.
Defining a VPC will be similar to how you do it in the public cloud today i.e., the interface will ask the project admin about the subnet needs with connectivity configuration and NSX will create that isolated environment for consumption by that project.
As always, you’ll get to see more information on these two key feature enhancements (and the other SaaS components of NSX+) so keep a close eye on upcoming blogs from VMware on it. It will be interesting to see all the use cases that organisations enable using these new capabilities!
Leave A Comment