Page 11 - THE Journal, May/June 2018
P. 11

Get a Handle on Network Security
School districts can boost network security using the micro-segmentation capabilities of VMware NSX.
ITH THE PRESSING need to provide high-speed, secure, shared
networks across school districts, network security continues to be a
critical issue for educators. Shared com- puters in labs and other common areas are available to all students and students regularly connect
with myriad devices under BYOD policies. These situations keep network administrators up at night. With so many concentrated users expecting easy, anywhere access to the network, security continues to be an increasing challenge.
For that reason, many school districts have moved to
a virtual desktop infrastructure (VDI). Making this move can reduce operational costs in labs, libraries, and other shared areas. With a VDI, a centralized server in the data center hosts the desktop operating system, an image of which is then distributed to each user. VDI has caught on in the education realm because its efficiencies translate to dramatic reductions in infrastructure management and significant operational savings.
Industry leader in the VDI field, VMware now offers NSX, a network virtualization solution that works well with VDI. It’s especially effective at addressing security concerns, says Shinya Sakuta, a solutions architect
at AdvizeX, one of VMware’s elite partners. AdvizeX, a leader in virtualization, was named VMware’s 2017 Global Professional Services Firm.
Adding NSX to a virtual desktop infrastructure offers several benefits, says Sakuta, but security is the primary function school districts start using first after installing and configuring NSX on their VDI network. NSX gives educational institutions an easy way to add security, especially to VDI. To address the threat of an attack penetrating the network’s firewall, NSX uses what’s known as micro-segmentation.
This security safeguard is rapidly becoming a more common protocol. NSX’s Distributed Firewall is an object based firewall and allows for policies to be enforced even within the same L2 segment, thus preventing threats from moving laterally from one VM to another. This way, says Sakuta, NSX will only permit allowed traffic and prevent threats from spreading laterally. This helps school districts to isolate the threat and achieve higher security than it ever was possible before.
With identity-based firewalls in NSX, users are given different levels of access to different parts of the network. A student’s access is different from a teacher’s, which is different from a lab manager’s. Although security is often the issue districts address first with VMware NSX, says Sakuta, the technology conveys other benefits as well:
• Policy Based Security Management: Through NSX, network security experts can match security policies to dynamically defined object groups. This ensures firewall rules and other security policies are
“With identity-based firewalls in NSX, users are given different levels of access
to different parts of the network, based on their Active Directory user account.”
dynamically implemented. And when the workloads are decommissioned, the security policies will be decommissioned automatically.
• Network Virtualization: Besides micro-segmentation, says Sakuta, NSX enables network virtualization. Network virtualization can drastically improve routing efficiencies while enabling networking professionals to automate the provisioning and lifecycle management of the networks and the networking services. NSX can also be the bridge between the public and private cloud, or any VMware environment.
There are clearly tactical benefits to using NSX to boost network security in classrooms, labs, and other shared spaces, especially when combined with a VDI. VMware NSX, with its micro-segmentation capability, can give educational institutions an easy way to boost the security of their virtual networks.
For more information, go to:

   9   10   11   12   13