Sean O’DellAbhijit Sharma

MMC3066BE

#VMworld #MMC3066BE

How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

#MMC3066BE CONFIDENTIAL 2

VMworld 2017 Content: Not fo

r publication or distri

bution

Agenda

1 Moving to a Hybrid World

2 The micro-segmentation approach

3Visibility – Key to a successful

micro-segmentation strategy

4Step-by-Step demo: Securing an

application at its core and operating

a micro-segmented environment

#MMC3066BE CONFIDENTIAL 3

VMworld 2017 Content: Not fo

r publication or distri

bution

Consistent InfrastructureVM Infrastructure • Container Infrastructure

Consistent OperationsManagement and Operations • Across Clouds

VMware Cloud Infrastructure Public Cloud IaaS

VISIBILITY OPERATIONS AUTOMATION SECURITY GOVERNANCE

Cloud Management

VMware Cloud Services

Cloud Native AppsTime to market • Innovation • Scale • Differentiation

Existing AppsReduce Costs • Security • Reliability • Control

CONTAINERSVIRTUAL MACHINES

VMware CloudRun, Manage, Connect, Secure Any App on Any Cloud to Any Device

VMware Cloud on AWSfor VMware

VMworld 2017 Content: Not fo

r publication or distri

bution

VMware Cloud ServicesManage, Govern and Secure Public and Private Cloud Apps

7

Discovery

Cost Insight

NSX Cloud

Network Insight

AppDefense

Wavefront

ON PREMISES DATA CENTER

Visibility into apps and resources they consume. Analyze usage and utilization across clouds.

Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.

Secure networks with micro-segmentationCreate private networks within or across clouds.

Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.

Metrics-driven monitoring and real-time analytics.

Governance for running workloads.VMworld 2017 Content: Not fo

r publication or distri

bution

A shift towards SDDC and Hybrid Applications

• What are my apps? Where are they?

• How are they communicating?

• Who is talking to whom?

• What’s protected, what’s not?

• Is it changing?

#MMC3066BE CONFIDENTIAL 8

Public Cloud

East-West

>80%

North-South

DATA CENTER PERIMETER

VMworld 2017 Content: Not fo

r publication or distri

bution

Our security realitiesWhen threats breach the perimeter, it’s hard to stop lateral spread

#MMC3066BE CONFIDENTIAL 9

DATA CENTER

DATA CENTER PERIMETER

Low priority systems are often targeted first.

Attackers can move freely within the data center or VPC

Attackers then gather andexfiltrate the valuable data.

AWS

VMworld 2017 Content: Not fo

r publication or distri

bution

What if you could…Enforce security at the most granular level

#MMC3066BE CONFIDENTIAL 10

Every VM/Instance can have:

Individual security policies

Individual firewalls

Protect every piece of communication

AWS

DATA CENTER

DATA CENTER PERIMETER

VMworld 2017 Content: Not fo

r publication or distri

bution

What if you could…Apply that level of security across an entire application

#MMC3066BE CONFIDENTIAL 11

DB

Web

App

Granular threat containment

Logical policy grouping

Simplified security policy

AWS

VMworld 2017 Content: Not fo

r publication or distri

bution

Network InsightPervasive Visibility, Micro-segmentation Automation, Continuous Ops

#MMC3066BE CONFIDENTIAL 12

3600 Visibility & Analytics,

Problem Detection,

Change Tracking

Ensure Best Practices,

Health and Availability

of NSX

Analyze Application Behavior,

Plan Micro-segmentation,

Ensure Compliance

VMworld 2017 Content: Not fo

r publication or distri

bution

Built for Next Gen Visibility & Operations to SDDC & Cloud

#MMC3066BE CONFIDENTIAL 13

Continuous

Operations

Real-time Search

& Analytics

Converged

Visibility

SecurityFirewall Compute

NetworkWorkloads

Physical

Flows

Troubleshooting ComplianceAlertingPlanning Automation

Virtual Cloud

Network Insight Platform

Applications, Security Policies, Network Connectivity

VMworld 2017 Content: Not fo

r publication or distri

bution

VMware

Cloud on AWS

Getting ready for a hybrid world

#MMC3066BE CONFIDENTIAL 14

Private DC

AWS Direct

Connect

NSX

Customer’s

VMC/AWS Instance

VMware Cloud

on AWS

WebWeb

DB App

Flows & Triffic

NSX

Gateway • Connectivity• Bandwidth

• Firewall Rules

Private Cloud

App

Cloud Assessment / Migration Planning

• Discover On-Premise/Brown-field Apps -Network Dependencies and Flows

• Bandwidth Modeling - How much Traffic will Flow across WAN/Direct Connect Link

• Security Assessment - Firewall Ports that need to be opened for connectivity between VMC and On-Premise

VMworld 2017 Content: Not fo

r publication or distri

bution

Securing AWS Workloads

AWS (Native) Visibility and Security

• Discovery of VPCs, VMs, Tags, SG

• Dynamic Flow Analysis, security planning and micro-seg views for AWS workloads (using VPC Flow Logs). Who is talking to whom

• Security Troubleshooting & Operations – SG and firewall dashboards. Troubleshooting connectivity & misconfiguration of FW. Who can talk to whom

• Flow correlation back to on-premise vSphere/NSX. Hybrid topology views

Private Cloud AWS Cloud

Gateway

15#MMC3066BE CONFIDENTIAL 15

VMworld 2017 Content: Not fo

r publication or distri

bution

Network InsightDemo

VMworld 2017 Content: Not fo

r publication or distri

bution

“Stay Informed” @cloud.vmware.com

Sign up for the interest list, learn more and stay updated about when VMware Cloud services are coming to your region

VMworld 2017 Content: Not fo

r publication or distri

bution

18

Sessions, Booth and Theatre Presentations for VMware Cloud Services

All 3 Days

Solutions Exchange Talk to our experts and learn more about VMware Cloud Services

Hands On Labs Self services Experience: Try out VMware Cloud Services yourself

Tuesday

MMC1532BE Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads

MMC3164BE How Data Science is Transforming Operations: Introduction to Wavefront by VMware

Wednesday

MMC2888GE How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check

MMC3074BEThree Ways to Use New VMware Cross-Cloud Services to Efficiently Run Workloads Across AWS, Azure, and

vSphere: VMware and Customer Technical Session

Thursday

MMC2820BE Live Demo: 3 Best Practices for Deploying, Managing and Securing AWS EC2 Apps with VMware Cloud Services

MMC3066BEHow Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on

AWS, and AWS Native?

VMworld 2017 Content: Not fo

r publication or distri

bution

VMworld 2017 Content: Not fo

r publication or distri

bution

VMworld 2017 Content: Not fo

r publication or distri

bution