San Francisco -- VMware's NSX network virtualization platform, expected out by year end, will have a key security tool for deploying security software and services to VMware-based virtual machines.
NSX Service Composer, demoed it this week at VMworld, is a tool that will let administrators with responsibilities for VMware-based networks based on NSX set up a centralized way to deploy anti-malware, vulnerability management, firewall, data-loss prevention and intrusion detection and prevention (IDS/IPS) from third-party vendors. These vendors have to support specific NSX APIs, and be officially accepted into the VMware ecosphere. The security vendors active in NSX that were mentioned by VMware in its demo of NSX Service Composer at VMworld here this week include Rapid7, McAfee, Symantec, Trend Micro, and Palo Alto Networks. But several more are at work to support NSX, including Fortinet and Check Point.
"NSX Service Composer is a way to streamline deployment of third-party security solutions," said Azeem Feroz, VMware's senior manager in networking and security in his demo of it with Sachin Vaidya, VMware security architect.
VMware said the basic idea is to first "register" each security vendor's NSX-supporting product with NSX Service Composer in what is supposed to be a simple process that basically makes NSX Service Composer the central authorization point for decisions about what kind of security protection, such as anti-malware or IPS, will be applied to each NSX-based VM workload or cluster.
According to Feroz, this centralization of security software and services will also allow the administrator to automate how each will be provisioned. The VMware demonstration sought to show how Symantec antimalware would be deployed on just one virtual machine or many according to specific security policies.
During the demo, Vaidya said the NSX Service Composer is intended to be a tool for "orchestration" of security because it lets multiple security products be provisioned via a central management component rather than having to turn to do this through multiple vendor consoles.
NSX Security Composer can establish servers, VMs, data centers, the network and other assets as "security groups" that are supposed to receive certain security protections, including firewall rules. It will monitor "security posture" so if a malware outbreak is reported, for example, there's a way to move infected resources into a quarantine mode automatically. NSX Service Composer is expected to even allow user identity to be a security profile that might require specific security to be in place if the user logs into some resource controlled under NSX.
VMware has ambitious plans to eventually be able to "orchestrate" certain actions be taken on behalf of security between these NSX-supporting third-party security products through a system of "security tags."
Sign up for CIO Asia eNewsletters.