Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

University of York improves security with VMware NSX software defined networking

Tamlin Magee | June 27, 2016
Micro segmentation keeps vital data under lock and key

This year, the University of York decided to move all of its primary workloads to VMWare NSX, the virtualisation platform for software-defined data centres.

Although it was already a VMware shop, at 85 percent of the organisation's server estate, the deployment was no small task - but necessary to reduce operational complexity and, importantly, bolster security. As with every organisation, universities are under increased risk of cyberattack. So NSX was appealing to York for that aspect too.

"We had a segmented environment where different applications were hosted on physically separate environments," explains Dr. Arthur Clunes, assistant director of IT services at York. "This made it time-consuming to manage - while the lack of internally networked restrictions or firewalling also reduced security."

Using the microsegmentation available in software defined networking allowed the university to be more flexible in how it stores and accesses its sensitive data. "This means our academics know their work is under lock and key - all student information and personal identification software will be completely secure, but we have operational flexibility in how this data is stored."

"With microsegmentation we have complete control over the individual workloads, and can automate specific security protocols at the hypervisor level - improving the traditional hard perimeter model of data centre security."

Network bottlenecks

Over 800 VMs support much of the university's critical operations - funding requests, file servers, timetabling, student records, database servers, virtual learning environments and more.

"Due to the growth of the university, the network had grown very rapidly over the last few years, and it was a good time to look at how we provided services and increase our efficiency substantially," says Clunes.

"Disparate networks meant it could be hard to deliver services quickly enough. As the organisation was speeding up, networking and security were becoming a bottleneck."

York is a research-intensive university with as many as 18,000 full time equivalent students, plus roughly 3,500 staff, and that number's growing, adds Clunes.

"We do research support, with some HPC support for researchers, but we also give researchers VMs that run on VMWare," Clunes explains. "In terms of managing for teaching, we have a Virtual Learning Environment that runs on VMware, and then all the admin support processes - finance, payroll, HR, student records, identity management - all those run on VMware as well."

"We are very heavily virtualised," Clunes adds. "Databases are moving onto VMware - we have SQL Server on VMWare - and we're just starting to put Oracle on VMWare as well."

To Clunes, success with this deployment looks like properly firewalled and properly segregated firewalls. The other measure is using all of the automation features that VMware products afford. "It's driving savings in cost with staff time, and it's also improving security," he says.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.