MMC3066BU How Do You Use Network Insights' SaaS to …...MMC3066BU How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and

Anuj Jaiswal Sean O’Dell

MMC3066BU

#VMworld #MMC3066BU

How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

CONFIDENTIAL 2



bution

Anuj Jaiswal Sean O’Dell

MMC3066BU

#VMworld2017 #MMC3066BU

How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native



bution

Agenda

1 Moving to a Hybrid World

2 The micro-segmentation approach

3Visibility – Key to a successful

micro-segmentation strategy

4Step-by-Step demo: Securing an

application at its core and operating

a micro-segmented environment

#MMC3066BU CONFIDENTIAL 4



bution

Consistent InfrastructureVM Infrastructure • Container Infrastructure

Consistent OperationsManagement and Operations • Across Clouds

VMware Cloud Infrastructure Public Cloud IaaS

VISIBILITY OPERATIONS AUTOMATION SECURITY GOVERNANCE

Cloud Management

VMware Cloud Services

Cloud Native AppsTime to market • Innovation • Scale • Differentiation

Existing AppsReduce Costs • Security • Reliability • Control

CONTAINERSVIRTUAL MACHINES

VMware CloudRun, Manage, Connect, Secure Any App on Any Cloud to Any Device

VMware Cloud on AWSfor VMware



bution

VMware Cloud ServicesManage, Govern and Secure Public and Private Cloud Apps

6

Discovery

Cost Insight

NSX Cloud

Network Insight

AppDefense

Wavefront

ON PREMISES DATA CENTER

Visibility into apps and resources they consume. Analyze usage and utilization across clouds.

Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.

Secure networks with micro-segmentationCreate private networks within or across clouds.

Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.

Metrics-driven monitoring and real-time analytics.

Governance for running workloads.VMworld 2017 Content: Not fo


bution

7

Public Cloud

East-West

>80%

North-South

DATA CENTER PERIMETER

• What are my apps? Where are they?

• How are they communicating?

• Who is talking to whom?

• What’s protected, what’s not?

• Is it changing?

A shift towards SDDC and Hybrid Applications



bution

8

DATA CENTER


Low priority systems are often targeted first.

Attackers can move freely within the data center or VPC

Attackers then gather andexfiltrate the valuable data.

AWS

Our security realitiesWhen threats breach the perimeter, it’s hard to stop lateral spread



bution

99

Every VM/Instance can have:

Individual security policies

Individual firewalls

Protect every piece of communication

AWS

DATA CENTER


What if you could…Enforce security at the most granular level



bution

1010

DB

Web

App

Granular threat containment

Logical policy grouping

Simplified security policy

What if you could…Apply that level of security across an entire application

AWS



bution

11

3600 Visibility & Analytics,

Problem Detection,

Change Tracking

Ensure Best Practices,

Health and Availability of

NSX

Analyze Application

Behavior, Plan Micro-

segmentation, Ensure

Compliance

Network InsightPervasive Visibility, Micro-segmentation Automation, Continuous

Ops



bution

12

Continuous

Operations

Real-time Search

& Analytics

Converged

Visibility

SecurityFirewall Compute

NetworkWorkloads

Physical

Flows

Built for Next Gen Visibility & Operations to SDDC & Cloud

Troubleshooting ComplianceAlertingPlanning Automation

Virtual Cloud

Network Insight Platform

Applications, Security Policies, Network Connectivity



bution

VMware

Cloud on AWS

Getting ready for a hybrid world

CONFIDENTIAL

Private DC

AWS Direct

Connect

NSX

Customer’s

VMC/AWS Instance

VMware Cloud

on AWS

WebWeb

DB App

Flows & Triffic

NSX

Gateway • Connectivity• Bandwidth

• Firewall Rules

Private Cloud

App

Cloud Assessment / Migration Planning

• Discover On-Premise/Brown-field Apps -Network Dependencies and Flows

• Bandwidth Modeling - How much Traffic will Flow across WAN/Direct Connect Link

• Security Assessment - Firewall Ports that need to be opened for connectivity between VMC and On-Premise

13



bution

Securing AWS Workloads

AWS (Native) Visibility and Security

• Discovery of VPCs, VMs, Tags, SG

• Dynamic Flow Analysis, security planning and micro-seg views for AWS workloads (using VPC Flow Logs). Who is talking to whom

• Security Troubleshooting & Operations – SG and firewall dashboards. Troubleshooting connectivity & misconfiguration of FW. Who can talk to whom

• Flow correlation back to on-premise vSphere/NSX. Hybrid topology views

CONFIDENTIAL

Private Cloud AWS Cloud

Gateway

14



bution

Network InsightDemo



bution

Request Access @ cloud.vmware.com



bution

17

MMC1464QU How to Use Cloud Formations in vRealize Automation to Build Hybrid Applications That Span and Reside On-Premises & on VMware Cloud on AWS and AWS Cloud Quick Talk Vijay Raghavan, Manu Prasanna

MMC1532BU Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads: Part 2 Breakout Session Amol Tipnis, Percy Wadia

MMC2046BU Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads: Part 1 Breakout Session Amol Tipnis, Percy Wadia

MMC2210BU Best Practices: How the City of New York Has Configured AWS for the Best vRealize Automation Integration Breakout Session Stefan Andrieux

MMC2256BU Watching the Clouds: Challenges with Monitoring Hybrid Cloud Environments Breakout Session Craig Lee, John Dias

MMC2455BU On-Demand Disaster Recovery for Enterprise Applications with the VMware Cloud on AWS Breakout Session GS Khalsa, Mohan Potheri, Potheri Mohan

MMC2623BU Integrated Multicloud Management for Automating Standardized Security and Governance in Federal Agencies Breakout Session Kris Ostergard, Sean VanDruff, Douglas Bourgeois

MMC2820BU Deploying Applications into AWS EC2 with VMware Cross-Cloud Services Breakout Session Bahubali Shetti, Bill shetti

MMC2877BU Deep Dive into Cost Insight: Understand, Analyze, and Optimize Your Cloud Expenses (Cross-Cloud Service) Breakout Session Kumar Gaurav, Kameswaran Subramanian

MMC2884GU Manage Cross-Cloud Applications Using vRealize Operations Insight Group Discussion Karl Fultz, Manish Bhaskar

MMC2888GU How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check Group Discussion Burt Toma

MMC3062BU How Customer XYZ Secures and Monitors On-Premises Software-Defined Data Center Virtual and Physical Networks Using Network Insight SaaS Breakout Session Sean O'Dell, Manish Bhaskar

MMC3066BU How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native? Breakout Session Sean O'Dell, Anuj Jaiswal

MMC3074BU 3 ways to use VMware’s new Cross-Cloud SaaS Services to efficiently run workloads across AWS, Azure and vSphere: VMware and Customer technical session Breakout Session Jason Walker, Burt Toma

MMC3110PU How IT Can Enable Development Teams to Build Apps on AWS, Azure, and VMware Without Compromising on Costs and Security Panel Discussion Mark Leake, Ben Mitchell

MMC3112BU Customer Story: Monitoring Costs and Rightsizing Workloads in AWS, Azure, and VMware-Based Clouds Breakout Session Nikhil Girdhar

MMC3164BU How Data Science is Transforming Operations: The Wavefront Story Breakout Session Dev Nag

MMC3165BU Becoming a DevOps Superhero: Introduction to Wavefront for Optimizing Cloud-Native Applications Breakout Session Stela Udovicic, Demetri Mouratis

MMC3321BUS Move, Manage, Use: The New Hybrid IT Breakout Session Donald Foster, Don Foster, Deepak Verma

MMC3406BUS Cloudy Days Ahead!! Leverage F5 to provide application continuity and consistent security policy provisioning and enforcement in an intercloud world. Breakout Session Kent Munson

MMC3424SU VMware Cloud Services and how you can leverage SaaS for your vSphere data center or the public cloud. Spotlight Session Guido Appenzeller

Sessions, Booth and Theatre Presentations for VMware Cloud Services



bution



bution



bution

Documents

MMC3066BU How Do You Use Network Insights' SaaS to …...MMC3066BU How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and