Macro and Micro Segmentation using VMware NSX-T

00:00 Start
23:50 Demo
25:43 Jump to Application

One of the exciting new Security features with the NSX-T 3.1 release is the "Jump to Application" option for Environment Policy. This new feature will be the topic covered in this presentation. Working towards microsegmentation is a journey -- a voyage to the land of zero trust. As customers embark on their security adventure, they often do not know what policy is needed for each application. Even application owners are sometimes not aware of all requisite connections for the application. Tools like vRealize Network Insight and NSX Intelligence can help identify required flows and required security rules, but this takes time. So, most customers start creating policy around broader zones, like environments, sites, clusters, or pods -- we call this macro-segmentation. To continue with the journey motif, macro-segmentation is like establishing your cardinal directions -- East, West, North and South. Once you have a clear understanding of the "where" and the "what" of your environment, the journey can truly begin. Likewise, by isolating large chunks of the datacenter into these more manageable and secure zones, we can begin working to the more granular application-specific policy. In this presentation, we have distinct Harry Potter houses that represent designated zones. None of these houses should be talking to each other. So, we can macrosegment our environment by building policy around these large "houses." From there, we can use the "Jump to Application" action to ensure that our more precise policy is also applied.