Want to hear how a real-life NSXninja leverages NSX, vRealize Automation and Avi to deploy software networking and security services for a global provider? Look no further, as Dan Deane from DxC Technologies breaks down the walls of organizational process and explains how he obtains buy-in and builds consensus inside and amongst business groups to replace existing legacy services with software defined offerings.
An in-depth discussion of all aspects of the adoption, how to create and offer process improvements with some great ideas on how to accomplish the same in your organization.
Dan also presented at VMworld 2018 with Nimish Desai from the VMware NSBU and if you haven’t seen it, make sure to check that out in the show reference links listed below.
Do you like a good story? How about a story of a state municipality reaching out to a VMW team for help to enable 8,000 workers w/ #WFH access and how they worked together to build a simple, secure and scalable load balancing solution in days?
Listen in as we have special guests, Kevin Moats and Ralph Stoker to hear how they helped a client take a Horizon PoC environment leveraging the users existing physical desktops, into production using the NSX Advanced Load Balancer (AVI) to support the 8,000 users in 24 hours.
Host: Erik Hinderer
Co-host: Jim Streit
Special Guests: Ralph Stoker, Kevin Moats
Big shout out to the following people who helped in this project and acted selflessly, when a friend asked for assistance in a time of need. You are all truly EPIC2.
Matt Honigford – Identified the need and reached out to VMware resources
Bill Zulkosky – Sponsored the AVI technical assistance
Robert Miller – Assisted with the load balancing design and deployment
Ralph Stoker – Lead the network requirements / AVI setup and Horizon network link
Bob Johnston – Lead the design and implementation of the Horizon expansion and physical desktop agent deployment
Kevin Moats – Assisted with the network requirements / AVI setup and Horizon network link (Acted as project manager between Horizon and network teams)
In this episode of The NSXninjas Podcast, special guest Geoff Wilmington talks “Work from Home” use-cases for NSX security and how organizations can quickly implement these security postures without changes to the underlying infrastructure to provide simple, dynamic, scalable security for organizations of all sizes.
– Host: Erik Hinderer –
– Co-host: Jim Streit –
– Special Guest: Geoff Wilmington, NSX Technical Product Manager –
Securing VDI workloads with VMware NSX is incredibly easy and quick. In this post, I’ll demonstrate how to implement segmentation for VDI workloads to prevent undesirable and unintended VDI to VDI communications.
In most environments, there are more users than applications and the number of desktops greatly outnumbers servers. Thus, the attack surface for user compute workloads is much larger and poses a much greater risk to the majority of organizations. Being able to quickly and easily implement scalable and dynamic security to prevent VDI to VDI risks is key to any solution and VMware NSX does this without any changes to the user compute workloads or underlying network.
Let’s take a look at what we need to do to create VDI segmentation with VMware NSX for vSphere.
After logging into the vSphere web client, we click on Menu and navigate to Networking and Security. Click the Firewall menu item on the left to display the NSX Distributed Firewall interface. We add a firewall rule section named VDI and then create a blocking rule for VDI to VDI traffic, using NSX Security Groups with dynamic membership based on a string of characters in the VM name, such as “vdi”. We then create an allow rule above the block rule, for any intended VDI to VDI communications traffic, which is usually, Skype, Slack or the like.
That’s it folks. It’s that simple. A VDI to VDI block rule based on a string of characters in the name, which provides dynamic addition of any VDI desktops to the security policy, as they are created and destroyed.
Check out this video of the entire process and see how you can achieve VDI segmentation in Minutes with VMware NSX for vSphere:
There are a large number of VDI environments running NSX for vSphere, as it offered client endpoint antivirus protection integrations early on in SDN, that are massively beneficial from a standpoint of architecture and performance. These same capabilities are now available in NSX Data Center and any new VDI deployments are certainly taking advantage of the all the improvements in NSX-T.
With that said, after a bit of thought, it seemed logical to create this blog and demo video in NSX for vSphere. While the process for creating VDI segmentation in NSX Data Center (NSX-T) may vary by a few steps, the implementation is just as simple as NSX for vSphere. Anyone that’s using NSX Data Center can create the same rules in NSX-T. …and should.