Security Market Segment LS
Sunday, 21 January 2018 19:46

VMware NSX for vSphere 6.4 brings greater micro-segmentation and security


Cloud computing and platform virtualisation vendor VMware has announced VMware NSX for vSphere 6.4 is now generally available, bringing with it easier operations and context-sensitive application security.

Cyber security is a constant battle, but VMware is delivering on promises it made during VMworld 2017 to simplify the security burdens on enterprise.

iTWire attended VMware chief executive Pat Gelsinger’s keynote at the company’s annual event last year, where Gelsinger stated the tech industry had failed business, with too many security products across too many segments, with too much complexity to bridge it all together. “We need to restructure security. It has to be built-in and those many components have to go away and be native components with the infrastructure itself. It has to be intrinsically built-in,” Gelsinger said.

Gelsinger committed that VMware would transform cyber security, from “chasing bad” to “ensuring good” and this philosophy is being realised in VMware NSX for vSphere 6.4, among other products.

Specifically, VMware NSX 6.4 builds on micro-segmentation to now deliver context-aware micro-segmentation.

For clarity, micro-segmentation brings security policies traditionally only enforced at the perimeter down to the application. It has proven successful but also creates challenges – where does one begin? How do you manage it as applications change? How will security evolve as breaches are evolving?

VMware saw the virtualisation layer as the ideal place to implement this critical defence capability because NSX is close enough to the application to gain valuable context and enforce granular security, while at the same time being separate enough from the application to protect NSX from the attack surface in the event of malicious exploitation.

Beyond the architectural advantages of NSX, the product has been using attributes in the context of the application — like VM name, OS version, regulatory scope and more — to create policy. This approach enhances security, is more manageable, and can be automated, rather than basing policy on constructs like IP addresses which may change often. VMware NSX for vSphere 6.4 takes this to a higher level adding context-aware micro-segmentation, better securing applications using the full context of the application.

Highlights include:

  1. Network flex app detection and enforcement at layer 7 – while NSX tools like Endpoint Monitoring look within the application, NSX now performs deep packet inspection to identify the application within the network flow. This means micro-segmentation policies from the network view don’t have to infer the application, and NSX will start with a core set of over fifty common application signatures such as HTTP, SSH and DNS, and will grow over time.
  2. Virtual desktop and remote session security per user – securing virtual desktops is a popular starting point for micro-segmentation where no traffic should flow between virtual desktops. However, in many environments, multiple users run desktop sessions on a single host. NSX for vSphere 6.4 can implement security in these environments based on the user and what they should be able to access. This increases security for those environments and also opens the use case to a wider variety of environments such as Citrix and Microsoft’s remote desktop.
  3. Application Rule Manager – VMware is seeking to model the people and processes involved in NSX deployments and micro-segmentation, in addition to making policies more intuitive and application-driven. NSX for vSphere 6.4 brings with it tools to help users be successful in their deployment. Previously Application Rule Manager pushed policies directly into distributed firewalls, and now it includes smarts to suggest rules and suggest application security groups to help build a more cohesive and manageable micro-segmentation security across the data centre. VMware reports one customer found it took 1/3rd of the time to micro-segment their applications with this release of Application Rule Manager over the previous version.

In addition, VMware NSX for vSphere 6.4 delivers many ease of use enhancements, simplifying the GUI, bring dashboard and logging enhancements, and many other operational improvements.

Other functionality includes new routing features, JSON support for custom automation, multi-site enhancements, scale improvements, greater resiliency, health check monitors, and many other improvements.

Security threats continue to evolve, but increasing sophistication of security controls is only half the battle – the solutions must also be simple to deploy and manage in order to operate at scale. VMware says these two goals were major design factors in NSX for vSphere 6.4, and it is generally available now.

Full release notes are available online.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.



Recent Comments