VMware NSXとSDN(Software Defined Network)のためのセキュリティポリシーの自動化
TufinがどのようにVMware NSX-TおよびNSX-vファイアウォールのセキュリティポリシー自動化のサポートを強化しているかをご紹介します。

Tufin Orchestration Suite for VMwareは、NSX-T、NSX-V、およびハイブリッド環境のネットワークセキュリティポリシーの統合管理と可視化を実現します。IT チームとセキュリティ チームは、すべての環境にマイクロセグメンテーションを自動的に適用、実施し、信頼できるトラフィック フローのみを許可することができます。
ファイアウォールのセキュリティ ポリシー違反は自動的に検出され、リアルタイムで警告されるため、迅速なミティゲーションが可能です。さらに、ネットワークの変更は、最も効率的でコンプライアンスに準拠したアクセス パスとして自動的に設計され、すべてのデバイスでプロビジョニングされ、検証され、監査に備えて追跡されます。
Tufinの統合により、VMware NSXのお客様は以下を実現:
- エンドツーエンドの可視化。NSX-T 環境とハイブリッド ネットワークの残りの部分で、ネットワーク セキュリティ ポリシーと構成の変更を表示および追跡
- マイクロセグメンテーション。NSX-T や NSX-V など、あらゆる環境でマイクロセグメンテーションを定義および管理
- ポリシーに基づく変更の自動化。企業ポリシーの遵守、潜在的なリスクの把握、および関連デバイスへの変更の適用を可能にしながら、ネットワークの変更を自動化
Transition applications to the SDN faster and safer, ensuring security policy remains intact and validate connectivity.
Design, deploy and manage microsegmentation across your on-prem network, the NSX SDN (either by IPs or Security Groups), and public clouds while ensuring business continuity.
Centralize management of security policies across all firewalls, routers, and switches throughout the entire data center via a single interface.
Automate network access changes, provisioning changes to the NSX Distributed Firewall and other NGFWs, legacy firewalls, and public cloud.




対応製品
- VMWare NSX-T
- VMWare vCenter
- VMWare NSX-v

FAQs
Improve your cybersecurity and internal workflows with VMware NSX. NSX service-defined, distributed firewalls (DFW) protect each virtual machine (VM) within a data center with its own firewall, which runs the entire set of security capabilities for any traffic going through the firewall. In helping to virtualize switching, firewalling, load balancing, and routing, NSX is helping organizations realize the full value of the software-defined data center.
Key benefits include:
-
Granular security that prevents threats for spreading laterally with micro-segmented security policies at workload level
-
Stateful, NSX distributed firewall embedded in hypervisor kernel and distributed across the entire environment
-
Improved operational efficiency and agility with by reducing provisioning time from days to seconds
-
Enhanced visibility with visualization of every network traffic flow
-
Configure and manage subnets for Kubernetes namespaces
-
Manage network and security controls and policies independent of physical network topology across data centers, public and private clouds, and application frameworks
-
Enable stateful firewalling up to Layer 7 across multi-cloud environments
-
Simplified security operations with faster time to discover, analyze and enforce segmentation policies
-
Detect threat movement on east-west traffic with distributed analysis
-
Run a security policy within the hypervisor level so that traffic that goes through any VM is inspected as soon as it hits a virtual wire
-
A full suite of logical networking and security capabilities, including logical switching, routing, firewalling, load balancing, VPN, and monitoring
-
Seamless connection between virtual and physical workloads with bridging between VLANs configured on NSX overlay networks and physical networks
-
Attain zero trust security for applications in private and public cloud environments
-
API integration with next-generation firewalls, intrusion prevention systems (IPS), agent-less antivirus, advanced security, and more
-
Create, configure, and monitor NSX components with NSX Manager, which supplies an aggregated system overview and allows you to activate the malware prevention feature
-
Eliminate the need for hairpinning east-west traffic with NSX’s distributed internal firewall
NSX is suitable for use cases related to network security, multi-cloud networking, automation, networking and security for cloud-native apps.
There are two types of NSX platforms. NSX for vSphere (NSX-v) is specific to vSphere hypervisor environments and requires installation of the VMware vCenter. VMware NSX-T (NSX-Transformers) can be used in cases when NSX-v does not apply. NSX-T supports SDN for VMware vSphere as well as network virtualization for Kubernetes, Docker, KVM, OpenStack, and AWS native workloads.