After the initial General Session between 09:00-10:30 I went on with a breakout session “Distributed Networking and Security Services – NET1932” presented by Anirban Sengupta who is a Sr Direcrot NSX and Jayjant Jain who is a NSX Architect.
The session started with a lesson in traditional datacenter and application setup meaning the protecting of the datacenter network and having a traditional three tier application with e.g. web, application and a database. Todays deployments are (in many cases) as we all know in a more distributed fashion.
The session continued with a NSX overview and how we now want to precede not just the endpoint but each device to be able to classify the network as a secure network.
The Architecture Deep Dive portion was really good at least for me since I’m not working on a daily basis with NSX so catching up/refreshing some more advanced stuff was really good. Had forgot about the vsfwd/CPA 🙂
The below figure is borrowed from the document “Architecture and Design – VMware Validated Design 4.1”
The most interesting part was the talk and demo of the NSX firewall /micro segmentation where the L4 was made context aware. There were two show cases:
- Blocking of specific protocol versions where they made protocol version X allowed within the network but blocking version Y (or maybe it should be the opposite since Y is later than X but anyway)
- Blocking of traffic type over specific port. The showcase was to only allow http traffic over port 80 and not allow SSH, which is normally running on port 22, over port 80.
Two really good use cases and will take security to another level.