VMware NSX-T Data Center Security 2021 is an important certification for NSX data center administrators. Getting certified is a smart move for any information technology professional who wants to stay on top of their game and enhance their career.
NSX is VMware’s network virtualization platform that abstracts network functions and services into a hypervisor. This approach is called software-defined networking from a computer science perspective.
Overview of NSX-T
VMware NSX-T Data Center Security 2021 is an intensive five-day course that trains you to install, configure and manage the virtualization and network infrastructure that supports VMware NSX-T Data Center. It includes labs to reinforce the concepts and skills covered in the course.
VMware NSX-T Data Center 3.1 Security provides software-defined networking and security capabilities within hypervisors, which network administrators can access from a single console or API. NSX enables policy-based routing, load balancing, and intrusion protection from physical hardware, allowing network engineers to manage the entire virtualized network from one management console and API.
NSX allows network topology agnostic segmentation with tag-based dynamic grouping and IPS/FW policies to isolate workloads on a zone basis. This means that customers can create a DMZ, Prod, Non-Prod, or Services zone and use that to define respective FW/IPS policies for inter-zone traffic without requiring the deployment of firewalls or security fences around workloads.
VMware NSX-T offers several ways to authenticate users and groups. You can use local user accounts, VMware Identity Manager (vIDM), and directory services such as Active Directory over LDAP or OpenLDAP to implement role-based access control.
NSX-T also supports SAML integration with VMware Identity Manager. This feature allows you to log in to NSX Manager with your local samAccountName or userPrincipalName.
Aside from samAccountName or userPrincipalName, you can specify other user account information types. These include samAccountNum, samAccountUserPrincipalName, and samAccountRoleNum.
With vIDM integration, you can create a new security group and assign a role to your NSX-T Data Center users. You can even configure a new NSX-T Data Center policy to manage access to this group and your NSX-T Data Center environment.
NSX-T Security Policy
NSX-T Security Policy is a set of rules that allow you to define the routing and firewalling of traffic on the network. These rules can be applied to specific NSX Groups, including protected virtual machines.
Unlike traditional host firewalls that use a centralized, cross-vendor configuration, NSX-T Data Center has a distributed firewall, enabling you to protect individual VMs at the virtual network interface level.
NSX-T Data Center also includes a gateway firewall, which protects north-south traffic at the edge of the virtual infrastructure. The NSX Firewall offers another unexpected benefit called micro-segmentation, which is VMware’s spin on zero trust.
NSX-T Security Analytics
VMware NSX-T provides security intelligence services that automatically determine network traffic patterns and recommend security policies. Those recommendations can be applied to all workloads, including virtual, physical, and cloud-based environments.
This allows security teams to protect data center traffic without affecting the performance of virtual machines. Moreover, security controls are built into the hypervisor and cannot be tampered with by any user.
NSX-T also provides an unexpected side benefit of micro-segmentation. This VMware NSX-T Data Center Security 2021 feature allows the vCenter database to implement security policies between two nodes on the same logical subnet.
An NSX-T environment typically consists of multiple transport zones connected through gateways routing between them. This is done by mapping EPGs created on the NSX-T Manager Appliance to the VMware SDN VMM domain.
NSX-T Security Management
NSX-T Security Management allows organizations to manage policy configuration and enforcement based on location and deployment needs. It provides a single pane of glass to manage NSX deployments across multiple NSX-T locations and sites.
Moreover, it also provides a single management console for operational simplicity. It enables organizations to manage global policies pushed to all locations-specific NSX managers, regional policies pushed to only region-specific NSX managers, and DR-site-pair policies pushed to disaster recovery protected and recovery site or location-specific NSX managers.
This functionality is a part of the NSX-T Distributed Firewall (DFW). It sends the firewall policy and rules to the NSX-T transport nodes, which make a distributed data plane with DFW enforcement done at the hypervisor’s kernel level.
Also Read: CompTIA CASP+ CAS-004 Exam