Is VMware’s hybrid cloud extension right for you?

I recently blogged about VMware’s integration with Amazon, which allows its NSX controls to be utilized on Amazon’s AWS public cloud platform.  The strategy enables VMware to position its already well-established management platform for the private cloud across the entire hybrid environment.

To further extend these capabilities, VMware recently announced its VMware’s Hybrid Cloud Extension for Private Cloud, which enables enterprises to migrate applications seamlessly between private cloud deployments and the public cloud, with little or no application downtime, in environments that span multiple private data center locations. As with the VMware for AWS integration announced last year, users of the new solution will be able to utilize NSX controls across their entire network estate, whether on-premise, in private cloud deployments and virtualized environments.

Ultimately these new services aim to provide a consistent set of tools and controls – for visibility, operations, automation, security and governance – within increasingly hybrid networks.  As such the purpose of these solutions is to help these enterprises simplify and enhance the manageability of their environments and enable consistent operations across the data center and public cloud through to the on-premise network. And, as organizations start adding more environments to their infrastructure, the theory is that they will continue to use the VMware’s NSX management platform across the entire hybrid environment. So rather than using multiple cloud vendors’ security controls (in addition to VMware’s controls in the private data center), they will have a single console for managing security across their entire hybrid environment

So how should you decide which is right for you?

What’s right for your organization will of course depend on your precise needs and infrastructure, taking into consideration both the cloud estates you are currently deploying and your cloud strategy for the future.

Of course, VMware has a very strong on-premise data center, private cloud and virtualization play, as they are already established in those markets.  So clearly if your organization has already successfully utilized NSX within your VMWare infrastructure, you may be inclined to standardize on using it to deliver security across your other cloud and virtualized environments.

NSX enables micro-segmentation, and a model for creating security policies that many organizations find useful.  And of course, for an organization that is adding a public cloud deployment to a large VMware estate already managed by NSX, it will be convenient to manage the entire cloud estate from a single management platform.

However, NSX is not the only way to secure private data centers or ensure security is consistently applied across virtualized environments.  An alternative option is for organizations to use virtualized firewalls that can be deployed within the private cloud itself, and their public-cloud siblings.  These virtualized devices run inside the data center, inspecting and protecting both traffic to and from internet (north-south) as well as the traffic between your virtual machines (east-west traffic).  These firewalls include advanced features such as application awareness, the ability to create hierarchical network object groups, and the ability to add comments and notes to rules.

As such, if you require a more sophisticated, granular approach to network and application security this may be a better option than relying (only) on VMware’s NSX private cloud extension.

Ensuring holistic security management

Regardless of how you secure your hybrid cloud environment, visibility, governance and automation must be a critical part of your security management processes. As organizations increasingly rely on complex hybrid infrastructures and incorporate more third-party security technologies, the task of manually managing all the security policies becomes impossible.

However, a network security policy management (NSPM) solution that can holistically manage private cloud and virtualized security alongside on-premise firewalls and public cloud security controls will enable you to take a unified approach to security across your virtualized environments – no matter which tools and technologies you end up deploying.