VMware Says Deploying NSX, AirWatch Together Is Best Way To Secure Data Centers
The "new" VMware is all about bundling multiple products into suites and selling customers on the benefits of using them in concert with each other, and now the vendor is applying this to data center security.
VMware said Wednesday that its NSX software-defined networking technology, deployed together with its AirWatch mobility management offering, can ensure that users accessing virtual desktops using mobile devices see only the content they're authorized to access.
Noah Wasmer, vice president of product management and chief technology officer of VMware's end-user computing business, said in an interview that the combination of NSX and AirWatch solves the enterprise problem of "overprovisioning," in which users get access to more apps and data that they need to do their jobs.
[Related: Sources Say Citrix Mulling Sale Or Spinoff Of Its Online Services Unit]
Overprovisioning is an issue because in some advanced attacks, hackers have piggybacked on legitimate users' connections to gain access to the data center, then moved laterally to access other resources once inside, according to Wasmer.
What's interesting about the proposed combination of NSX and AirWatch is that both technologies come from VMware's two largest acquisitions. VMware said in January that NSX and Airwatch were on a $200 million bookings run rate.
VMware, which gained NSX in its $1.2 billion acquisition of Nicira in 2012, has been touting it as a security technology to broaden its appeal to enterprises. NSX creates "microsegments," or compartmentalized portions of the network, which protect data traveling laterally between servers in a data center.
Ron Flax, vice president at August Schell, a Rockville, Md.-based VMware partner that's involved in several NSX projects, said security "is a great use case" for NSX.
"The ability to effectively have a firewall at the network interface for every single virtual machine is powerful," Flax said. "We're seeing more customers looking at NSX purely as a security play."
VMware paid $1.5 billion to acquire AirWatch last year to give it some much-needed credibility in the mobile space.
AirWatch ensures that users are getting access only to relevant apps, data and services. When used in conjunction with NSX, it mitigates the effects of attacks by limiting what attackers can access, said Wasmer.
Wasmer said one VMware customer, a financial services firm that was using virtual desktops for software development, used NSX and AirWatch to run a big development project with more than 1,000 developers working remotely.
The firm's developers needed to access virtual desktops running Visual Studio and tap into different back-end databases for application data. But the developers were segmented into different groups, each of which was authorized to access different databases, some of which housed sensitive data, he said.
Wasmer said the firm used VDI with NSX to solve the logistical challenges. Using one set of policies, the firm set up its virtual desktops so that each developer would log in and get access only to the virtual desktop and databases corresponding to his or her specific area of the project, Wasmer said.
VMware will give a demo of NSX working in conjunction with AirWatch next week at the RSA security conference in San Francisco.
PUBLISHED APRIL 15, 2015