Sean O’DellAbhijit Sharma
MMC3066BE
#VMworld #MMC3066BE
How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
#MMC3066BE CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
1 Moving to a Hybrid World
2 The micro-segmentation approach
3Visibility – Key to a successful
micro-segmentation strategy
4Step-by-Step demo: Securing an
application at its core and operating
a micro-segmented environment
#MMC3066BE CONFIDENTIAL 3
VMworld 2017 Content: Not fo
r publication or distri
bution
Consistent InfrastructureVM Infrastructure • Container Infrastructure
Consistent OperationsManagement and Operations • Across Clouds
VMware Cloud Infrastructure Public Cloud IaaS
VISIBILITY OPERATIONS AUTOMATION SECURITY GOVERNANCE
Cloud Management
VMware Cloud Services
Cloud Native AppsTime to market • Innovation • Scale • Differentiation
Existing AppsReduce Costs • Security • Reliability • Control
CONTAINERSVIRTUAL MACHINES
VMware CloudRun, Manage, Connect, Secure Any App on Any Cloud to Any Device
VMware Cloud on AWSfor VMware
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud ServicesManage, Govern and Secure Public and Private Cloud Apps
7
Discovery
Cost Insight
NSX Cloud
Network Insight
AppDefense
Wavefront
ON PREMISES DATA CENTER
Visibility into apps and resources they consume. Analyze usage and utilization across clouds.
Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.
Secure networks with micro-segmentationCreate private networks within or across clouds.
Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.
Metrics-driven monitoring and real-time analytics.
Governance for running workloads.VMworld 2017 Content: Not fo
r publication or distri
bution
A shift towards SDDC and Hybrid Applications
• What are my apps? Where are they?
• How are they communicating?
• Who is talking to whom?
• What’s protected, what’s not?
• Is it changing?
#MMC3066BE CONFIDENTIAL 8
Public Cloud
East-West
>80%
North-South
DATA CENTER PERIMETER
VMworld 2017 Content: Not fo
r publication or distri
bution
Our security realitiesWhen threats breach the perimeter, it’s hard to stop lateral spread
#MMC3066BE CONFIDENTIAL 9
DATA CENTER
DATA CENTER PERIMETER
Low priority systems are often targeted first.
Attackers can move freely within the data center or VPC
Attackers then gather andexfiltrate the valuable data.
AWS
VMworld 2017 Content: Not fo
r publication or distri
bution
What if you could…Enforce security at the most granular level
#MMC3066BE CONFIDENTIAL 10
Every VM/Instance can have:
Individual security policies
Individual firewalls
Protect every piece of communication
AWS
DATA CENTER
DATA CENTER PERIMETER
VMworld 2017 Content: Not fo
r publication or distri
bution
What if you could…Apply that level of security across an entire application
#MMC3066BE CONFIDENTIAL 11
DB
Web
App
Granular threat containment
Logical policy grouping
Simplified security policy
AWS
VMworld 2017 Content: Not fo
r publication or distri
bution
Network InsightPervasive Visibility, Micro-segmentation Automation, Continuous Ops
#MMC3066BE CONFIDENTIAL 12
3600 Visibility & Analytics,
Problem Detection,
Change Tracking
Ensure Best Practices,
Health and Availability
of NSX
Analyze Application Behavior,
Plan Micro-segmentation,
Ensure Compliance
VMworld 2017 Content: Not fo
r publication or distri
bution
Built for Next Gen Visibility & Operations to SDDC & Cloud
#MMC3066BE CONFIDENTIAL 13
Continuous
Operations
Real-time Search
& Analytics
Converged
Visibility
SecurityFirewall Compute
NetworkWorkloads
Physical
Flows
Troubleshooting ComplianceAlertingPlanning Automation
Virtual Cloud
Network Insight Platform
Applications, Security Policies, Network Connectivity
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware
Cloud on AWS
Getting ready for a hybrid world
#MMC3066BE CONFIDENTIAL 14
Private DC
AWS Direct
Connect
NSX
Customer’s
VMC/AWS Instance
VMware Cloud
on AWS
WebWeb
DB App
Flows & Triffic
NSX
Gateway • Connectivity• Bandwidth
• Firewall Rules
Private Cloud
App
Cloud Assessment / Migration Planning
• Discover On-Premise/Brown-field Apps -Network Dependencies and Flows
• Bandwidth Modeling - How much Traffic will Flow across WAN/Direct Connect Link
• Security Assessment - Firewall Ports that need to be opened for connectivity between VMC and On-Premise
VMworld 2017 Content: Not fo
r publication or distri
bution
Securing AWS Workloads
AWS (Native) Visibility and Security
• Discovery of VPCs, VMs, Tags, SG
• Dynamic Flow Analysis, security planning and micro-seg views for AWS workloads (using VPC Flow Logs). Who is talking to whom
• Security Troubleshooting & Operations – SG and firewall dashboards. Troubleshooting connectivity & misconfiguration of FW. Who can talk to whom
• Flow correlation back to on-premise vSphere/NSX. Hybrid topology views
Private Cloud AWS Cloud
Gateway
15#MMC3066BE CONFIDENTIAL 15
VMworld 2017 Content: Not fo
r publication or distri
bution
Network InsightDemo
VMworld 2017 Content: Not fo
r publication or distri
bution
“Stay Informed” @cloud.vmware.com
Sign up for the interest list, learn more and stay updated about when VMware Cloud services are coming to your region
VMworld 2017 Content: Not fo
r publication or distri
bution
18
Sessions, Booth and Theatre Presentations for VMware Cloud Services
All 3 Days
Solutions Exchange Talk to our experts and learn more about VMware Cloud Services
Hands On Labs Self services Experience: Try out VMware Cloud Services yourself
Tuesday
MMC1532BE Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads
MMC3164BE How Data Science is Transforming Operations: Introduction to Wavefront by VMware
Wednesday
MMC2888GE How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check
MMC3074BEThree Ways to Use New VMware Cross-Cloud Services to Efficiently Run Workloads Across AWS, Azure, and
vSphere: VMware and Customer Technical Session
Thursday
MMC2820BE Live Demo: 3 Best Practices for Deploying, Managing and Securing AWS EC2 Apps with VMware Cloud Services
MMC3066BEHow Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on
AWS, and AWS Native?
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution