Arraya Insights | April 1, 2019
Is VMC on AWS really worth the hype? Late last year, we posed that question to the members of Arraya’s Data Center team and they set out to answer it over the course of a series of blog posts, each looking at a different facet of the VMC on AWS platform. To date, we’ve covered how VMC on AWS can alleviate disaster recovery pain points and un-complicate hybrid cloud management. Both of these are sizeable issues, however, there is a proverbial elephant in the room we have yet to address. For many, it’s where cloud conversations begin and, unfortunately, can end.
More than three-quarters (77%) of technology pros say security is a challenge raised by the cloud – almost three-in-ten (29%) call it a significant one. That’s the case according to RightScale’s 2018 State of the Cloud Report. Security isn’t only a barrier to entry. It continues to be a challenge even as organizations move further along in their cloud journeys. A separate study, the State of Hybrid Cloud Security: 2019 conducted by Firemon, found 60% of IT pros struggling to keep up with the rapid movement of business services into the cloud. This may have exposed some of those workloads to attack.
Given that security is a critical part of every technology conversation, particularly those involving the cloud, we thought the time was right to tackle this subject in regard to VMC on AWS. To do so, we’ll need to take a trip back to last summer and revisit a significant VMware announcement.
Bringing NSX-T and microsegmentation to VMC on AWS
During the summer of 2018, VMware and Amazon brought the network and security management capabilities of NSX to workloads hosted on AWS by introducing support for NSX-T. As a result of this change, microsegmentation can now be a part of the VMC on AWS conversation moving forward. Admins can leverage NSX-T’s distributed firewall to deploy microsegmentation policies at the virtual machine-level. This is possible internally, within the same L2 network, or across multiple L3 networks.
However, microsegmentation isn’t the only new ability coming to the platform thanks to the introduction of NSX-T. Here are five other ways the NSX-T update is making VMC on AWS simpler, smarter and more secure:
- Security Groups – Admins can now group objects to ensure a more exact and consistent application of security policies. Groups can cover a variety of criteria, including IP address, VM instance, VM name or VM security tag. This promotes a greater security without increasing hands-on work.
- Streamlined Configuration – Segmentation, as well as VMC on AWS’s networking and security functions, can now be managed directly through the console itself. This makes it easier for admins to manage the flow of traffic within their network. Plus, they can do so without installing extra plug-ins as was previously the case.
- Automated Route Recognition – Admins can configure networks connecting in-house deployments and VMC on AWS so that they’re automatically recognizable by traffic. Beyond just simplifying the process, this can also help prevent errors caused by hands-on network management. Furthermore, NSX-T allows admins to add greater redundancy (and reliability) into their networks through the use of IPSec VPN and boarder gateway protocol (BGP) configuration.
- Increased Network Connectivity – NSX-T joins together the compute gateway and management gateway as an out-of-box feature, meaning there’s no need to deploy any additional VPN technology to achieve this interoperability. Admins can deploy a variety of functionality on the compute side and have it seamlessly interact with supporting infrastructure.
- Simplified Traffic Management – The NSX-T update doesn’t only reduce the need for supplementary VPN technology in terms of connectivity, it also, in some cases, can eliminate it. NSX-T redesigned traffic flow so most of it can traverse the AWS Direct Connect Virtual Interfaces instead of VPN. This includes all data traveling between onsite infrastructure and VMC on AWS.
Next Steps: Take the VMC on AWS discussion outside our blog
Have you been following along with our ongoing VMC on AWS series? Let’s turn this into a two-way conversation. Visit https://www.arrayasolutions.com/contact-us/ to engage with Arraya’s Data Center team today. Our experts can offer insights into whether VMC on AWS could bolster your cyber security efforts. They can help you analyze your business needs and determine if VMC on AWS really is the right fit.
Want to share your two cents on this topic? Leave us a comment on this or any of our blogs through social media. Arraya can be found on LinkedIn, Twitter, and Facebook. While you’re there, follow us to stay up to date with our industry insights and unique IT learning opportunities.