Académique Documents
Professionnel Documents
Culture Documents
#SEC5891
Objective
Review DMZ design considerations
Propose new DMZ design that is secure, scalable and cloud ready
Provide deployment guidance using NSX highlighting benefits
applicable to DMZ
Related Sessions
NET5847 - NSX: Introducing the World to VMware NSX
NET5266 - Bringing Network Virtualization to VMware
environments with NSX
Agenda
DMZ Challenge #1
Configuration managed by
multiple teams
Cannot automate
Address using:
Build a Software Defined Data
Center
Build focus teams for cloud
architecture and operations
Design Considerations:
1. Security
2. Manageability
3. Scale and performance
4. Automation
Agenda
10
Benefits:
Higher agility - flexible
placement
Simpler configuration
management
Lower cost fewer hardware
devices
Easier automation
11
Agenda
12
Any Application
(without modification)
Virtual Networks
Any Cloud Management Platform
VMware NSX Network Virtualization Platform
Logical
Firewall
Logical
Load Balancer
Logical L2
Logical
VPN
Logical L3
Any Hypervisor
13
Web
14
App
DB
Higher Security:
Web
15
App
DB
Services Edge
NAT, FW, VPN, LB
Web
16
App
DB
Logical Distributed
Router
Web
17
App
DB
Web
18
Web
Admins
Web
Application
Visibility
19
App
DB
Ensure no rogue
applications are running
on your servers
Get reporting on
application usage by user
groups
VM VM VM
VM
VM
VM
VM VM
VM VM
VM VM
VM
VM
VM
VM
VM VM
VM
VM VM VM
VM
VM VM
Web
20
VM
Web
21
App
DB
Agenda
22
50636
135
23
Applications
Common Services
Hub Transport
Routing and
policy
Edge Transport
Routing and
25
AV/AS
Client Access
Client
connectivity
Web services
App gateways
and perimeter devices
RPC
Mailbox
Storage of
mailbox items
5060, 5061
5062, dynamic
Unified
Messaging
Voice mail and
voice access
808
Exchange
AD
EDS
DB
Management network
(vMotion & storage)
External networks
WAN/ Internet
L3
L2
24
vCenter
Server
Infra Racks
Controller Software
Virtual network orchestrator
Massive scale
Physical
Appliances
NSX Edge
Edge Cluster
NSX Controller
Management Cluster
Compute Clusters
Compute Racks
NSX Manager
Edge Racks
Gateway Software
Integration with existing physical
infra.
V to V / V to P
Agenda
25
26
27
Questions?
bheemaraos@vmware.com
bgermain@vmware.com
28
THANK YOU
SEC5891
Technical Deep Dive: Build a Collapsed DMZ
Architecture for Optimal Scale and Performance
Based on NSX Firewall Services
Shubha Bheemarao, VMware
Bruno Germain, VMware
#SEC5891
Automated and
self-healing
32
Security &
compliance
trust zones
Power of cloud
infrastructure
automation
Increased Confidence
with Virtualization and
Virtualization Security
Cluster1
HR App
Aggr.
FIN App
Sales App
Acc.
Acc.
Vmware vSphere + vShield
vSphere
vSphere
Core
Aggr.
Acc.
Legend
Web Frontend
vSphere
vSphere
vSphere
Apps
Database
33
VMware Confidential