SlideShare a Scribd company logo

VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

VMworld
VMworld

VMworld 2013 Shubha Bheemarao, VMware Mitchell Christensen, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare

Technology
1 of 46
Download to read offline
Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889
2 Objective • Identify specific use cases that highlight the value of advanced visibility with simplified workflows • Showcase why user and application visibility is essential to have a secure datacenter policy • Demonstrate how to use NSX Activity Monitoring provides advanced visibility
4 Security Teams Care About Policy and Compliance Security Architect Regulations, Standards, Best Practices • Access Control • Segmentation • Automation • Audit Infrastructure Requirements Common Control Frameworks
5 Think About Your Last Interaction With The Security Team VI Admin / Cloud Operator Do we have this malicious software running? PCI Auditors in the house… are we compliant? High severity vulnerabilities on critical business systems… must patch!
6 The Cloud Operator Has to Make This All Work…But How? VI Admin / Cloud Operator Yikes. Security Policy ≠ Security Operations Security team asks operator to implement policies that are specified at user and application level I need this. Security Architect
7 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
8 Visibility Tools Are Required To Implement Security Policy DEFINE Security Architect MONITOR VI Admin / Cloud Operator ENFORCE VI Admin / Cloud Operator
9 Get Advanced Visibility Into Users and Applications VI Admin / Cloud Operator No problem. Allow THIS user can access THAT application Security Architect Step 1. Security team defines policy for who is allowed access to what applications. Then they ask the data center operator to make it happen.
10 VI Admin / Cloud Operator Easy. Step 2. Operator monitors the system to identify right level of application protection. Then they tune the enforcement rules to ensure adherence to expected policy. Security Architect Compliant. ✔ Get Advanced Visibility Into Users and Applications
11 Step 3. Operator identifies non compliant activity and informs the security team to remediate/ tune security policies. Gets approval and applies to workloads. I found something fishy. VI Admin / Cloud Operator Yup. Can you block this Security Architect Sure, No problem Get Advanced Visibility Into Users and Applications
12 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Provides Tools for Advanced Visibility  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
13 NSX Provides Tools To Define and Enforce Policy MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Service Composer NSX Firewall
14 Built-In Services • Firewall, Identity-based Firewall • Data Security (DLP / Discovery) Visibility • Network traffic flows • User access of network assets • Active In-guest applications • User access of in-guest applications 3rd Party Services • IDS / IPS, AV, Vulnerability Mgmt • 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies • Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads VMware NSX Service Composer Provides Policy Framework Automation • Use security tags and other context to drive dynamic membership of security groups – results in IF-THEN workflows across services
15 NSX Provides Advanced Visibility Into Users and Applications MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Activity Monitoring NSX Service Composer NSX Firewall
16 Built-In Services • Firewall, Identity-based Firewall • Data Security (DLP / Discovery) Visibility • Network traffic flows • User access of network assets • Active In-guest applications • User access of in-guest applications 3rd Party Services • IDS / IPS, AV, Vulnerability Mgmt • 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies • Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads NSX Activity Monitoring Provides Advanced Visibility Automation • Use security tags and other context to drive dynamic membership of security groups – results in IF-THEN workflows across services
17 NSX Activity Monitoring Provides Advanced VIsibility AD Group AD Group Security Group Security Group Desktop Pool NSX Activity Monitoring provides visibility into group, application and destination activity in the virtual environment User: Joe • Users accessing assets • Applications running on virtual machines • Server access by AD Group, Security group or Desktop Pool • Interactions between groups ( AD, SG or DP)
18 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
19 Sample Security Policy Allow only approved users access specific applications on corporate assets. Have a policy on WHO is allowed access to WHAT from WHERE is critical to secure assets. In other words.. 1. Allow only authorized users to access critical business applications 2. Allow only authorized applications on corporate servers 3. Allow access to only required ports from specific networks MONITOR ENFORCE DEFINE
20 Challenge: Do You Trust All Your Users? Monitor Enforce Define Policy Category  Regulatory / HIPAA: Access controls should enable authorized users to access the minimum necessary information needed to perform job functions. Challenges • Threats are not just outside organizational boundaries • Network level access control is not sufficient for cloud environments • Controlled access for insiders based on user identity is required to safeguard corporate assets
21 EPIC Servers NursesDoctors ✔✔ Requirement: Allow only authorized users to access critical applications Requirements  Find which user group needs access to which asset  Ability to generate reports on: Which users are connecting to the set of applications? What applications are the non trusted users connecting to?  Option to limit access based on user identity Monitor Enforce Define Financ e ✔ Accounting Servers
22 Demo UI Introduction
24 Demo Verify EPIC Access
26 Demo Block Finance access to EPIC Servers
28 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
29 Challenge: Do you know what’s running on your servers? Monitor Enforce Define Policy Category • Acceptable use of Information Systems: Clear definition of what is and is not acceptable • Corporate Governance of IT: Define how technology is used and managed to support business needs Challenges • Visibility into all data center applications • Identify Rogue Applications that either capture confidential information or siphon sensitive data to external sources • Identify Vulnerable Applications to reduce the scope of attack
30 Requirement: Allow only authorized applications corporate servers DB Administrators ✔ HR Requirements  Identify all applications running on corporate servers  Create a list of acceptable, grey listed and non permitted applications for servers  Monitor, restrict and report violations of all acceptable use policies Monitor Enforce Define HTTP WEB APP DATABASE ✔ ODBC ODBC
31 Demo User Access to Applications
32
33 Demo Inbound Application Access
35 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
36 Challenge: Are you protected from malware? Monitor Enforce Define Policy Category • Acceptable use of Information Systems: Clear definition of what is and is not acceptable • Single use systems: for protection of critical services Challenges • Identify and prevent further spread of malware in the network • Regular Monitoring for rogue or vulnerable applications to avoid compromise
37 Requirement: Allow only required ports to be open based on expected use HTTPS WEB APP DATABASE Requirements  Find all user and application activity on critical servers  Ensure that only allowed applications are running  Monitor applicable controls regularly ✔ Monitor Enforce Define HR ✔
38 Demo VM Activity
41 How Do You Deploy? Active Directory Eric Frost Today Source Destination 172.16.254.1 172.16.112.2 With Activity Monitoring VM Tools User AD Group App Name Originating VM Name Destination VM Name Source IP Destination IP Eric Engineering iexplorer.exe Windows 7 Apache Server 192.168.10.75 192.168.10.78 NSX Mgr SVM Compute Management Gateway
42 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
43 Back At The Office… VI Admin / Cloud Operator Security Architect 1. Point your security team to VMware NSX. 2. Partner with security team to evaluate NSX Activity Monitoring to implement security policy I just learned about VMware NSX Activity Monitoring and we could simplify a lot of this! No kidding. Prove it! I will. ✔
THANK YOU
45 Related Sessions  NET5847 - NSX: Introducing the World to VMware NSX  SEC5749 - Introducing NSX Service Composer: The New Consumption Model for Security Services in the SDDC  SEC5820 - NSX PCI Reference Architecture Workshop Session 2 - Privileged User Control
Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889

Recommended

VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...VMworld
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG IT
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 

Recommended

VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...
vVMworld 2013: Deploying, Troubleshooting, and Monitoring VMware NSX Distribu...VMworld
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG IT
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DivePooja Patel
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0Ploynatcha Akkaraputtipat
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined NetworkingPrasenjit Sarkar
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015Dmitri Kalintsev
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
Interface Definition Language
Interface Definition Language Interface Definition Language
Interface Definition Language Institut supérieur des études technologiques de Radès
 
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld
 

More Related Content

What's hot

Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Anthony Burke
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DivePooja Patel
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined NetworkingPrasenjit Sarkar
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015Dmitri Kalintsev
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 

What's hot (20)

Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
Security Practitioners guide to Micro Segmentation with VMware NSX and Log In...
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep Dive
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined Networking
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSX
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
 

Viewers also liked

VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld
 
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...VMworld
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 

Viewers also liked (8)

Interface Definition Language
Interface Definition Language Interface Definition Language
Interface Definition Language
 
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
VMworld 2015: How To Troubleshoot Using vRealize Operations Manager (Deep Liv...
 
The Age of Network Operations Management in Software Defined Data Centers
The Age of Network Operations Management in Software Defined Data CentersThe Age of Network Operations Management in Software Defined Data Centers
The Age of Network Operations Management in Software Defined Data Centers
 
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...
VMworld 2014: Software-Defined Data Center through Hyper-Converged Infrastruc...
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSX
 
NSX-MH
NSX-MHNSX-MH
NSX-MH
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined Networking
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
 

Similar to VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

Un enfoque práctico para implementar confianza cero en el trabajo híbrido
Un enfoque práctico para implementar confianza cero en el trabajo híbridoUn enfoque práctico para implementar confianza cero en el trabajo híbrido
Un enfoque práctico para implementar confianza cero en el trabajo híbridoCristian Garcia G.
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91Shanmugavel Sankaran
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfErikHof4
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The CloudTu Pham
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachRahul Neel Mani
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingBlack Duck by Synopsys
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...AlgoSec
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...SBWebinars
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliancesAhmadi Madi
 

Similar to VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies (20)

Un enfoque práctico para implementar confianza cero en el trabajo híbrido
Un enfoque práctico para implementar confianza cero en el trabajo híbridoUn enfoque práctico para implementar confianza cero en el trabajo híbrido
Un enfoque práctico para implementar confianza cero en el trabajo híbrido
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91
 
Cloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdfCloud App Security Customer Presentation.pdf
Cloud App Security Customer Presentation.pdf
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Security On The Cloud
Security On The CloudSecurity On The Cloud
Security On The Cloud
 
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a BreachThreat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...Application visibility across the security estate the value and the vision ...
Application visibility across the security estate the value and the vision ...
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
 
Check Point vSEC for Microsoft Azure Webinar
Check Point vSEC for Microsoft Azure WebinarCheck Point vSEC for Microsoft Azure Webinar
Check Point vSEC for Microsoft Azure Webinar
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliances
 

More from VMworld

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld
 
VMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld
 
VMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld
 
VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!VMworld
 

More from VMworld (20)

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep Dive
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations!
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way!
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphere
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
 
VMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep Dive
 
VMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's BackboneVMworld 2015: Networking Virtual SAN's Backbone
VMworld 2015: Networking Virtual SAN's Backbone
 
VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!VMworld 2015: The Best SDDC!
VMworld 2015: The Best SDDC!
 

Recently uploaded

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

VMworld 2013: Troubleshooting and Monitoring NSX Service Composer Policies

  • 1. Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889
  • 2. 2 Objective • Identify specific use cases that highlight the value of advanced visibility with simplified workflows • Showcase why user and application visibility is essential to have a secure datacenter policy • Demonstrate how to use NSX Activity Monitoring provides advanced visibility
  • 3. 4 Security Teams Care About Policy and Compliance Security Architect Regulations, Standards, Best Practices • Access Control • Segmentation • Automation • Audit Infrastructure Requirements Common Control Frameworks
  • 4. 5 Think About Your Last Interaction With The Security Team VI Admin / Cloud Operator Do we have this malicious software running? PCI Auditors in the house… are we compliant? High severity vulnerabilities on critical business systems… must patch!
  • 5. 6 The Cloud Operator Has to Make This All Work…But How? VI Admin / Cloud Operator Yikes. Security Policy ≠ Security Operations Security team asks operator to implement policies that are specified at user and application level I need this. Security Architect
  • 6. 7 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 7. 8 Visibility Tools Are Required To Implement Security Policy DEFINE Security Architect MONITOR VI Admin / Cloud Operator ENFORCE VI Admin / Cloud Operator
  • 8. 9 Get Advanced Visibility Into Users and Applications VI Admin / Cloud Operator No problem. Allow THIS user can access THAT application Security Architect Step 1. Security team defines policy for who is allowed access to what applications. Then they ask the data center operator to make it happen.
  • 9. 10 VI Admin / Cloud Operator Easy. Step 2. Operator monitors the system to identify right level of application protection. Then they tune the enforcement rules to ensure adherence to expected policy. Security Architect Compliant. ✔ Get Advanced Visibility Into Users and Applications
  • 10. 11 Step 3. Operator identifies non compliant activity and informs the security team to remediate/ tune security policies. Gets approval and applies to workloads. I found something fishy. VI Admin / Cloud Operator Yup. Can you block this Security Architect Sure, No problem Get Advanced Visibility Into Users and Applications
  • 11. 12 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Provides Tools for Advanced Visibility  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 12. 13 NSX Provides Tools To Define and Enforce Policy MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Service Composer NSX Firewall
  • 13. 14 Built-In Services • Firewall, Identity-based Firewall • Data Security (DLP / Discovery) Visibility • Network traffic flows • User access of network assets • Active In-guest applications • User access of in-guest applications 3rd Party Services • IDS / IPS, AV, Vulnerability Mgmt • 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies • Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads VMware NSX Service Composer Provides Policy Framework Automation • Use security tags and other context to drive dynamic membership of security groups – results in IF-THEN workflows across services
  • 14. 15 NSX Provides Advanced Visibility Into Users and Applications MONITOR ENFORCE DEFINE Security Architect VI Admin / Cloud Operator VI Admin / Cloud Operator NSX Service Composer NSX Activity Monitoring NSX Service Composer NSX Firewall
  • 15. 16 Built-In Services • Firewall, Identity-based Firewall • Data Security (DLP / Discovery) Visibility • Network traffic flows • User access of network assets • Active In-guest applications • User access of in-guest applications 3rd Party Services • IDS / IPS, AV, Vulnerability Mgmt • 2013 Vendors: Symantec, McAfee, Trend Micro, Rapid 7 Any Application (without modification) Virtual Networks VMware NSX Network Virtualization Platform Logical L2 Any Network Hardware Any Cloud Management Platform Logical Firewall Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Security Policies • Define policies using profiles from built-in services and 3rd party services - HOW you want to protect workloads NSX Activity Monitoring Provides Advanced Visibility Automation • Use security tags and other context to drive dynamic membership of security groups – results in IF-THEN workflows across services
  • 16. 17 NSX Activity Monitoring Provides Advanced VIsibility AD Group AD Group Security Group Security Group Desktop Pool NSX Activity Monitoring provides visibility into group, application and destination activity in the virtual environment User: Joe • Users accessing assets • Applications running on virtual machines • Server access by AD Group, Security group or Desktop Pool • Interactions between groups ( AD, SG or DP)
  • 17. 18 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 18. 19 Sample Security Policy Allow only approved users access specific applications on corporate assets. Have a policy on WHO is allowed access to WHAT from WHERE is critical to secure assets. In other words.. 1. Allow only authorized users to access critical business applications 2. Allow only authorized applications on corporate servers 3. Allow access to only required ports from specific networks MONITOR ENFORCE DEFINE
  • 19. 20 Challenge: Do You Trust All Your Users? Monitor Enforce Define Policy Category  Regulatory / HIPAA: Access controls should enable authorized users to access the minimum necessary information needed to perform job functions. Challenges • Threats are not just outside organizational boundaries • Network level access control is not sufficient for cloud environments • Controlled access for insiders based on user identity is required to safeguard corporate assets
  • 20. 21 EPIC Servers NursesDoctors ✔✔ Requirement: Allow only authorized users to access critical applications Requirements  Find which user group needs access to which asset  Ability to generate reports on: Which users are connecting to the set of applications? What applications are the non trusted users connecting to?  Option to limit access based on user identity Monitor Enforce Define Financ e ✔ Accounting Servers
  • 22.
  • 24.
  • 25. 26 Demo Block Finance access to EPIC Servers
  • 26.
  • 27. 28 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 28. 29 Challenge: Do you know what’s running on your servers? Monitor Enforce Define Policy Category • Acceptable use of Information Systems: Clear definition of what is and is not acceptable • Corporate Governance of IT: Define how technology is used and managed to support business needs Challenges • Visibility into all data center applications • Identify Rogue Applications that either capture confidential information or siphon sensitive data to external sources • Identify Vulnerable Applications to reduce the scope of attack
  • 29. 30 Requirement: Allow only authorized applications corporate servers DB Administrators ✔ HR Requirements  Identify all applications running on corporate servers  Create a list of acceptable, grey listed and non permitted applications for servers  Monitor, restrict and report violations of all acceptable use policies Monitor Enforce Define HTTP WEB APP DATABASE ✔ ODBC ODBC
  • 30. 31 Demo User Access to Applications
  • 31. 32
  • 33.
  • 34. 35 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 35. 36 Challenge: Are you protected from malware? Monitor Enforce Define Policy Category • Acceptable use of Information Systems: Clear definition of what is and is not acceptable • Single use systems: for protection of critical services Challenges • Identify and prevent further spread of malware in the network • Regular Monitoring for rogue or vulnerable applications to avoid compromise
  • 36. 37 Requirement: Allow only required ports to be open based on expected use HTTPS WEB APP DATABASE Requirements  Find all user and application activity on critical servers  Ensure that only allowed applications are running  Monitor applicable controls regularly ✔ Monitor Enforce Define HR ✔
  • 38.
  • 39.
  • 40. 41 How Do You Deploy? Active Directory Eric Frost Today Source Destination 172.16.254.1 172.16.112.2 With Activity Monitoring VM Tools User AD Group App Name Originating VM Name Destination VM Name Source IP Destination IP Eric Engineering iexplorer.exe Windows 7 Apache Server 192.168.10.75 192.168.10.78 NSX Mgr SVM Compute Management Gateway
  • 41. 42 Agenda  Security Operations Is Catching Up with Policy  Prerequisites To Enforcing Policy – Visibility  NSX Activity Monitoring Provides Advanced Visibility to Users and Applications  Demo of NSX Activity monitoring to address Common Enterprise Security Policies • Insider Threat • Rogue Applications • Malicious Software  Next Steps
  • 42. 43 Back At The Office… VI Admin / Cloud Operator Security Architect 1. Point your security team to VMware NSX. 2. Partner with security team to evaluate NSX Activity Monitoring to implement security policy I just learned about VMware NSX Activity Monitoring and we could simplify a lot of this! No kidding. Prove it! I will. ✔
  • 44. 45 Related Sessions  NET5847 - NSX: Introducing the World to VMware NSX  SEC5749 - Introducing NSX Service Composer: The New Consumption Model for Security Services in the SDDC  SEC5820 - NSX PCI Reference Architecture Workshop Session 2 - Privileged User Control
  • 45.
  • 46. Troubleshooting and Monitoring NSX Service Composer Policies Shubha Bheemarao, VMware Mitchell Christensen, VMware SEC5889 #SEC5889