Thursday, October 11, 2018

Micro-Segmentation and its Pre-Requisite

“Micro-segmentation” has created a lot of buzz in the data center world, especially with the growth of platforms such as VMware NSX.

So, what is Micro-Segmentation?

In order to understand Micro-Segmentation better, it is important to understand the concept of VLAN’s. A VLAN defines which devices can talk to each other without physically having to install separate networks. For example, devices on VLAN 10 can only talk to other devices in VLAN 10 and not to devices in VLAN 20 or VLAN 30.

However, the problem with the VLAN’s are that since its on layer 2, and a problem with a single NIC or a corrupted frame can disrupt the entire network. This can affect a single VLAN or several if the switch ports are trunked. Therefore, VLANS’s may not be sufficient for a modern datacenter.

Moreover, software-defined networking has paved the way for micro-segmentation. Micro-segmentations are designed to segment the east-west network traffic between servers. It allows devices/servers to talk to communicate with one-another using logical routers without the need for centralized physical switches or routers. 

For example, consider a service like SharePoint, that would consist of multiple VM’s. ie. A load balancer, database file server, webserver, etc. These VM’s need to communicate with one another, but there is no reason for them to talk to anything else. Instead of creating separate “zones” such as DMZ, we can isolate these VM’s into their own virtual network using micro-segmentation.

Pre-Requisite for Microsegmentation

To create micro-segments, it is important to have a full understanding of application interactions, the server interdependencies, the server operating systems and what kind of data that can be transmitted between the different VM’s.

It is important to use tools that can provide automated application dependency maps, provide server interdependencies and the ports that need to be opened between different VM’s.

Uila has the capability to provide application dependency maps and export them into an excel sheet, so that you can plan to micro-segment your environment. 

Micro-segmentation is tedious to create, but once it’s done, it makes your environment a lot easier to secure and maintain.

Check out more information on micro-segmentation from the following links –

No comments:

Post a Comment

VMware NSX vs Cisco ACI and the need for Visibility

Over the past few years Cisco ACI and VMware NSX have been pitted against one another in the matchup for dominance within ...