Network security architecture for modern data centers revolve around building a strong perimeter defense to prevent any threats from penetrating the data center. This approach doesn’t take into account the threats that do manage to get through the perimeter; once a threat breaks through, it then has unrestricted access to the entire network. Now more than ever companies need full visibility into their network and need to control traffic as it flows within the data center.
So what's the solution? VMware NSX, a software defined networking solution, can leverage Fortinet FortiGate, a next generation firewall, for better protection and automation of server-to-server traffic inside the data center. Keep reading to discover how Fortinet and VMware work together to help you build an impenetrable, best-in-class data center.
FortiGate deployments are fully automated, which means they are able to handle an elastic workload, and constantly change and resize ESXi clusters. In a constantly changing virtualized environment, FortiGate and VMWare work together to support the rebalancing of workloads depending on the current needs of your enterprise.
The VMware NSX enables policies to be applied at the virtual layer to intercept traffic at the hypervisor level, which means that all workloads are inspected. The NSX firewall is able to steer traffic selectively to FortiGate-VMX based on policy for advanced traffic inspection.
Micro-segmentation is easier than ever before with VMware NSX’s ability to provide network isolation and a “honeycomb” of trust zones. With this ability to micro-segment with VMware and FortiGate, IT can set boundaries for service functions and workload characteristics by designating proper security policies for app, web or data through asking questions like:
Micro-segmentation joins the characteristics and defines the inherited policy attributes as they are added to the security cluster. There is no longer a need to configure rules for the firewalls and create complex access control policies. This approach allows administrators to break up a single policy into sub-policies, and create a network segment to apply security rules. It also provides inter-VM traffic visibility in the SDDC.
VMware utilizes a logical routing function to create a single router instance across distributed switches to enable communication between web, app, and data tiers. In the NSX enabled security cluster, the distributed firewall module redirects traffic to a FortiGate-VMX firewall for threat inspection. Based on the workload segments, FortiGate-VMX Service Manager is able to enforce the security policies defined by IT, protecting your enterprise across the tiers.
FortiGate-Service Manager supports the use of multiple virtual domains (VDOMs) for effective segmentation between tenants while each one is still able to complete administrative autonomy over their specific segment. Using VDOMs, enterprises are able to apply stronger and more effective security policies through segmenting across different departments and application types. Your IT administrators can outline specific policies for each domain, which will also improve the overall performance of the system.
When used together, Fortinet FortiGate and VMware NSX are able provide an adaptable and secure software defined data center that meets the needs of your enterprise. As a leading partner for both Fortinet and VMware, contact the network security experts at WEI for an unbiased perspective to solving your enterprise security challenges.
NEXT STEPS: Looking for additional insight on how to ‘up your security game’ to meet the needs of your organization’s digital transformation initiatives? We invite you to check out the Fortinet Solution Guide, What to Look for When Addressing Digital Transformation Security Requirements. Read it today!