Network Virtualization improves security in

4 different ways

Virtualization has created a new meaning for organizations and the way they provision IT. From

server consolidation to the cloud, virtualization has today become the dominant computing

platform globally. Virtualization not only expands computing capabilities but can be used as a

tool to increase network security.

How Network Virtualization Improves Security

Application workloads in a cloud data center can be provisioned, migrated and decommissioned

when required or as the need may be. The cloud management software allocates compute,

storage and network capacity on demand. By adding network virtualization to this dynamic

environment changes the network operations model completely. Network virtualizations packs

several built in network security advantages like isolation and multi tenancy, segmentation,

distribution firewalling, service insertion and chaining. Combining these features with other

security features, network virtualization platforms help in streamlining security operations in a

software-defined data center

Isolation And Multi Tenancy

Isolation is one of the core features of network virtualization. It is the underlying basis for

network security for compliance, containment or for keeping the development, test, and

production environments from interacting. Virtual networks are isolated from other virtual

networks and from the underlying physical network by default.

An isolated virtual network can be made up of workloads distributed anywhere in the data

center. Workloads in the same virtual network or those residing on multiple isolated virtual

networks can reside on the same hypervisor. Isolation between virtual networks allows for

overlapping IP addresses, making it possible to have isolated development, test, and production

virtual networks, each with different application versions, but with the same IP addresses, all

operating at the same time on the same underlying physical infrastructure.

Virtual networks are also isolated from the underlying physical infrastructure. Since traffic

between hypervisors is encapsulated, physical network devices operate in a completely different

address space than the workloads connected to the virtual networks. For example, a virtual

network could support IPv6 application workloads on top of an IPv4 physical network. This

isolation protects the underlying physical infrastructure from any possible attack initiated by

workloads in any virtual network.

Make Segmentation Simple

Segmentation is interconnected with isolation but is applied within a multi tier network.

Usually, network segmentation is a function of a physical firewall or router designed to allow or

deny traffic between network segments or tiers. Conventional processes for defining and

configuring segmentation are usually prone to human error and is time consuming leading to a

high incidence of security breaches. Implementation requires deep and specific expertise in

device configuration syntax, network addressing, application ports, and protocols.

Like isolation, network segmentation is a principal capability of network virtualization. A virtual

network can support a multi tier network environment consisting of multiple L2 segments with

L3 segmentation or micro segmentation on a single L2 segment using distributed firewall rules.

These could represent a Web tier, an application tier, and a database tier. Physical firewalls and

access control lists deliver a proven segmentation function, trusted by network security teams

and compliance auditors.

This approach has been more than often subject to breaches, attacks and downtime due to

human error or outdated manual network security provisioning or change management.

Network virtualization enables network services (provisioned with a workload) to be

programmatically created and distributed to the hypervisor vSwitch. Network services,

including L3 segmentation and firewalling, are enforced at the virtual interface. Communication

within a virtual network never leaves the virtual environment, thus removing the requirement

for network segmentation to be configured and maintained in the physical network or firewall.

Advanced Security Service Insertion, Chaining, And

Steering

Usually, the foundation or the base of a network virtualization platform provides firewalling

features to deliver segmentation within virtual networks. For some environments advanced

network security capabilities are required. In such instances, the network virtualization platform

can be leveraged to distribute, enable, and enforce advanced network security services in a

virtualized network environment.

Network services are distributed through network virtualization platforms into the vSwitch to

form a logical pipeline of services applied to virtual network traffic. Third-party network services

can be inserted into this logical pipeline, allowing physical or virtual services to be consumed in

the logical pipeline.

A powerful benefit of the network virtualization approach is its ability to build policies that

leverage service insertion, chaining, and steering to drive service execution in the logical services

pipeline based on the result of other services, making it possible to coordinate otherwise

completely unrelated network security services from multiple vendors.

Consistent Security Models Across Physical And Virtual

Infrastructure

Network virtualization provides a platform that allows automated provisioning and context

sharing across virtual and physical security platforms. Partner services traditionally deployed in

a physical network environment are easily provisioned and enforced in a virtual network

environment, which delivers a consistent model of visibility and security across applications

residing on either physical or virtual workloads.

Traditionally, this level of network security would have forced network and security teams to

choose between performance and features. Leveraging the ability to distribute and enforce the

advanced feature set at the application's virtual interface delivers the best of both.

The infrastructure maintains policy, allowing workloads to be placed and moved anywhere in

the data center without manual intervention. Pre-approved application security policies can be

applied programmatically, enabling self-service deployment of even complex network security

services.

As more data centers adopt network virtualization and move toward the software-defined data

center, the industry will see a broad range of traditional security solutions that leverage the

unique position of the network virtualization platform in the hypervisor. Detailed knowledge of

VMs and application process owners, combined with automated provisioning speed and

operational efficiency, is the foundation for an exciting new approach to some very old

challenges.

About NTT Communications Corporation

NTT Communications provides consultancy, architecture, security and cloud services to

optimize the information and communications technology (ICT) environments of enterprises.

These offerings are backed by the company’s worldwide infrastructure, including the leading

global tier-1 IP network, the Arcstar Universal One™ VPN network reaching 196

countries/regions, and 140 secure data centers worldwide. NTT Communications’ solutions

leverage the global resources of NTT Group companies including Dimension Data, NTT

DOCOMO and NTT DATA.

www.ntt.com | Twitter@NTT Com | Facebook@NTT Com | LinkedIn@NTT Com

About Netmagic Solutions (An NTT Communications Company)

Netmagic, an NTT Communications company, is India’s leading Managed Hosting and Cloud

Service Provider, with 9 carrier-neutral, state-of-the-art data centers and serving more than

1500 enterprises globally. A pioneer in the Indian IT Infrastructure services space - it was the

first to launch services such as Cloud Computing, Managed Security, Disaster Recovery-as-a-

Service and Software-Defined Storage. Netmagic, also delivers Remote Infrastructure

Management services to NTT Communications’ customers across Americas, Europe and Asia-

Pacific region. Recipient of several industry accolades, Netmagic was recently chosen by Frost &

Sullivan for both Third Party Data Center Service Provider of the year and Infrastructure as a

Service Provider of the year at India ICT Awards 2015.

Netmagic is the first cloud service provider in India and in the world, to receive the CSA STAR

certification for Cloud Capability Maturity Model (CCM) version 3.0.1, an industry benchmark

for the specific security requirements of multi-tenant service providers. Besides this, Netmagic

is also empanelled as an IT Security Auditing Organization with CERT-In (Indian Computer

Emergency Response Team).

NTT Communications, world’s largest data center company, has over 140 data centers globally.

NTT Communications is a part of NTT Corporation, Japan – which is ranked 53rd on Fortune

Global 500 list (2014) with annual turnover of USD 112 Bn. With 240,000 professionals in 79

countries, NTT Corporation is the only global partner that supports clients with an integrated

perspective across applications, infrastructure and network.

www.netmagicsolutions.com | Twitter@Netmagic | Linkedin@Netmagic | YouTube@Ne

tmagic