Security provisioning and change management is an operational challenge for today’s dynamic cloud data centre environments. Network security configuration and policy assignment can be slow, rigid and lag behind the pace and ease of application provisioning. At the same time, a next-generation security platform – where security policies are tied to applications, users and data – is a growing requirement for an effective cybersecurity strategy.
Recognising these changing requirements, Palo Alto Networks and VMware have partnered to deliver an integrated solution that combines the Palo Alto Networks VM-Series virtualised next-generation security platform with the VMware NSX network virtualisation platform. With this joint solution, customers will be able to unify next-generation network security across their physical and virtual environments with a single point of management.
“The cloud introduces new security challenges, and legacy security systems based on physical attributes such as port and protocol just aren’t adequate to secure these highly dynamic environments,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “A next-generation security approach that eases operational challenges through integration with network virtualisation is a requirement for customers to confidently extend their deployments to cloud.”
Next-Generation Network Security for the Software-Defined Data Centre
The combined solution will enable customers to use the network services insertion capabilities of VMware NSX with Palo Alto Networks’ next-generation security technologies to easily deploy, move, scale and protect applications in their software-defined data centres. Customers will realise more agility and efficiency through centralised policy management and implementation.
This integrated solution is now in beta with general availability planned in the first half of 2014. The offering will help accelerate the delivery of next-generation security services to support virtual application deployments, speeding what has traditionally been a manual and time-consuming process that can delay virtual application deployments as much as two months for some enterprises. These delays can be eliminated, and enterprises will be able to realise the full agility, efficiency and cost benefits of a software-defined data centre while protected by next-generation security policies.
Additional functionality that this integrated solution will deliver for customers includes:
• Automated provisioning of advanced network services
• A consistent network security model that protects against cyber threats – known and unknown – across both physical and virtual workloads
• Native segmentation of virtual machines into virtual networks
• Transparent traffic steering and enforcement at the virtual interface
• Fine-grained visibility into applications, users and content associated with virtual machine context
• Context-sharing across virtual infrastructure and security management platforms
• Separation of duties between server, network and security IT administrators