The ability to add context is something that practically all IT Practitioners pursue. When attempting to break an application down into its component parts, any additional contextual data is invaluable. NSX and the Service Composer assists with the contextualization of your applications.

In the instalment of the Getting More Out Of NSX series, we will explore the depths of what can be done with Service Composer to assist with the definition of micro-segmentation security policy. You will learn:

• Start mapping your applications
• Add context to your security policies
• Make effective use of NSX Service Composer

It is widely agreed that in security, limiting the scope to what an application or user requires to do their job is the best method to reduce risk. The challenge is often learning and defining what an application truly needs to work correctly. Most organizations find that this technical debt is rarely paid in full. One method to learn what an application needs to work correctly is to watch what it does and build a set of rules from that data. This is where vRNI comes in and helps this process.

In this instalment of Getting More Series we will dive deep into vRNI and its uses to assist with your micro-segmentation planning and implementation. You will learn:

• How to perform Plan Security around Applications
• How to build rule sets from vRNI recommendations
• How to verify rules compliance

Do you have a hard time visualizing PCI compliance of your datacenter? Are you using NSX for micro-segmentation? In this session, we will focus on VMware NSX as a framework protecting PCI assets in your VMware environment. Then we use vRealize Network Insight (vRNI) to provide the visualization and monitoring of those assets to validate compliance to specific PCI objectives.

In this installment of the Getting More Out Of NSX series, we will focus on how we can use vRNI to assess compliance for an NSX environment. You will learn:

• How to use the PCI dashboard to identify PCI objective compliance relating to networking and security
• How to ascertain the status of VMs, NSX security group associations, and firewall rules as well as relevant flows
• How to save PCI specific searches and pin them

Enforcing a whitelisted application policy, where zero trust architecture is the default, is the goal for most of us. However, getting even a single workflow identified and a ruleset created for it can be a real challenge. How do you get started? In this session, we will look at the built-in tool that VMware NSX provides to help simplify the process of micro-segmentation workflows by evaluating current applications and creating a whitelisted rule base for you to enforce. It is the easy button! The tool is called Application Rule Manager (ARM) and was introduced in VMware NSX version 6.3. ARM correlates specific user-defined and real-time flow information between a workload, so a security model can be built around it without making compromises or adding complexity in defining the actual communication. This quick targeted modeling of an application significantly reduced time to value and enables you to begin enforcing a whitelist policy in your data centers.

In this instalment of the Getting More Out Of NSX series, we will explore the ease of use to provide targeted modeling of an application based on live flows and the ability to apply specific rules to enable micro-segmentation.

You will learn:

• How to quickly identify real-time granular application flows
• How to use flow tables to create security groups, IP sets, services and firewall rules
• How to add context to your security policies