Home Security VMware NSX for vSphere 6.4 brings greater micro-segmentation and security

VMware NSX for vSphere 6.4 brings greater micro-segmentation and security

Cloud computing and platform virtualisation vendor VMware has announced VMware NSX for vSphere 6.4 is now generally available, bringing with it easier operations and context-sensitive application security.

Cyber security is a constant battle, but VMware is delivering on promises it made during VMworld 2017 to simplify the security burdens on enterprise.

iTWire attended VMware chief executive Pat Gelsinger’s keynote at the company’s annual event last year, where Gelsinger stated the tech industry had failed business, with too many security products across too many segments, with too much complexity to bridge it all together. “We need to restructure security. It has to be built-in and those many components have to go away and be native components with the infrastructure itself. It has to be intrinsically built-in,” Gelsinger said.

Gelsinger committed that VMware would transform cyber security, from “chasing bad” to “ensuring good” and this philosophy is being realised in VMware NSX for vSphere 6.4, among other products.

Specifically, VMware NSX 6.4 builds on micro-segmentation to now deliver context-aware micro-segmentation.

For clarity, micro-segmentation brings security policies traditionally only enforced at the perimeter down to the application. It has proven successful but also creates challenges – where does one begin? How do you manage it as applications change? How will security evolve as breaches are evolving?

VMware saw the virtualisation layer as the ideal place to implement this critical defence capability because NSX is close enough to the application to gain valuable context and enforce granular security, while at the same time being separate enough from the application to protect NSX from the attack surface in the event of malicious exploitation.

Beyond the architectural advantages of NSX, the product has been using attributes in the context of the application — like VM name, OS version, regulatory scope and more — to create policy. This approach enhances security, is more manageable, and can be automated, rather than basing policy on constructs like IP addresses which may change often. VMware NSX for vSphere 6.4 takes this to a higher level adding context-aware micro-segmentation, better securing applications using the full context of the application.

Highlights include:

  1. Network flex app detection and enforcement at layer 7 – while NSX tools like Endpoint Monitoring look within the application, NSX now performs deep packet inspection to identify the application within the network flow. This means micro-segmentation policies from the network view don’t have to infer the application, and NSX will start with a core set of over fifty common application signatures such as HTTP, SSH and DNS, and will grow over time.
  2. Virtual desktop and remote session security per user – securing virtual desktops is a popular starting point for micro-segmentation where no traffic should flow between virtual desktops. However, in many environments, multiple users run desktop sessions on a single host. NSX for vSphere 6.4 can implement security in these environments based on the user and what they should be able to access. This increases security for those environments and also opens the use case to a wider variety of environments such as Citrix and Microsoft’s remote desktop.
  3. Application Rule Manager – VMware is seeking to model the people and processes involved in NSX deployments and micro-segmentation, in addition to making policies more intuitive and application-driven. NSX for vSphere 6.4 brings with it tools to help users be successful in their deployment. Previously Application Rule Manager pushed policies directly into distributed firewalls, and now it includes smarts to suggest rules and suggest application security groups to help build a more cohesive and manageable micro-segmentation security across the data centre. VMware reports one customer found it took 1/3rd of the time to micro-segment their applications with this release of Application Rule Manager over the previous version.

In addition, VMware NSX for vSphere 6.4 delivers many ease of use enhancements, simplifying the GUI, bring dashboard and logging enhancements, and many other operational improvements.

Other functionality includes new routing features, JSON support for custom automation, multi-site enhancements, scale improvements, greater resiliency, health check monitors, and many other improvements.

Security threats continue to evolve, but increasing sophistication of security controls is only half the battle – the solutions must also be simple to deploy and manage in order to operate at scale. VMware says these two goals were major design factors in NSX for vSphere 6.4, and it is generally available now.

Full release notes are available online.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


David M Williams

joomla site stats

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. Within two years, he returned to his alma mater, the University of Newcastle, as a UNIX systems manager. This was a crucial time for UNIX at the University with the advent of the World-Wide-Web and the decline of VMS. David moved on to a brief stint in consulting, before returning to the University as IT Manager in 1998. In 2001, he joined an international software company as Asia-Pacific troubleshooter, specialising in AIX, HP/UX, Solaris and database systems. Settling down in Newcastle, David then found niche roles delivering hard-core tech to the recruitment industry and presently is the Chief Information Officer for a national resources company where he particularly specialises in mergers and acquisitions and enterprise applications.