Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VMware Expanding NSX Security

Non-stop news of security breaches has made data security a top-of-mind issue in the enterprise. Not surprisingly, security was a hot topic at this week's VMworld, where VMware executives continued to push virtualization and its NSX platform as a way to tackle the security problem.

Security has been messy and complicated, where the investment in numerous security products bolted onto servers and network infrastructure isn't paying off in increased protection, VMware CEO Pat Gelsinger said in his keynote.

"Virtualization provides the fundamental requirement allowing us to architect for security," by allowing precise and dynamic binding of security services to applications, data and users, he said. "Now we can truly architect in security....Architected-in security allows us to be twice as secure at half the price."

VMware has said that security has been a top use case for its NSX network virtualization platform with its micro-segmentation capabilities. This week, the company provided a view into additional security services its engineers are developing in NSX, specifically network encryption.

Tom Corn, senior VP of security products at VMware, joined Martin Casado, general manager and senior VP of the networking and security business at VMware, on stage Tuesday to discuss the effort. "We’re taking something that was a point product and turning it into a distributed service," he said. (Corn is pictured below at VMworld in a photo provided by VMware)

Encryption is a great way to protect the integrity and confidentiality of data as it crosses the network, but implementing it in the data center has been operationally complex, he said. It creates bottlenecks, breaks visibility for network security controls like IDS, and causes key management headaches.

Network virtualization makes encryption easy with distributing processing in which encryption and decryption is performed on the VM boundary, Corn said.

In a separate session at VMworld, Corn elaborated on the network encryption service project, saying that it would leverage the NSX controller for key management. "Encryption can be a checkbox," he said. VMware plans to launch the service sometime next year.

In the keynote and his session, Corn said VMware also is working on encrypting data at rest and advanced security management, but didn't provide details. "The challenges of dealing with point products such as complexity of management ...when built into the virtual fabric, these things start to disappear," he said.

Outside of security, VMware executives said the company was previewing distributed load balancing in the latest version of NSX.

"Distributed services are really important and we're only finding more things to do with distributed services," Bruce Davie, CTO of networking at VMware, said in a session.

While VMware executives talked up the ability for NSX to distribute security and other services throughout the data center -- and how they're expanding those services -- they also talked about their ecosystem of partners such as Palo Alto Networks, Trend Micro, Symantec, and F5 Networks. But one has to wonder if VMware intends to leave much for its partners to do in the end.