VMware is cooperating with Palo Alto to develop a virtualized next generation firewall (NGFW), which is closely combined with VMware’s NSX network virtualization software platform.
VMware and Palo Alto said that their goal is to improve the security and effectiveness of the virtualization process, which is mainly achieved in this way: making VM-300-HV, Palo Alto’s next-generation virtual machine based firewall, run under the management and security framework of NSX. NSX software can help enterprises establish an automated network control and security policy, including distributed firewalls and security policy oriented applications.
VMware and Palo Alto said they are tailoring the VM-300-HV of Palo Alto in NSX version, so that the virtual machine managers in the data center can “choose what they want”, and “security personnel define policies”. Danelle Au, director of solution marketing of Palo Alto, said that this is particularly useful in cloud computing deployment.
NSX was launched last August. It is the data plane software layer added to VMware’s ESX virtual machine software to automate network control and security policies in VMware centric data centers. VMware said that NSX has successfully helped several security vendors to enable third-party anti malware, vulnerability management or intrusion prevention products to run in the NSX control framework. But VMware’s partnership with Palo Alto represents VMware’s first close strategic NSX alliance.
Palo Alto has launched a next-generation firewall based on virtual machines. However, Au acknowledges that applying the next generation firewall to applications running in a virtual environment may have problems.
“Although virtual machines can be accessible in a few minutes, we need weeks or even months to deploy security for applications, whether on VM hypervisors or as physical firewalls,” Au said. It may take a long time to establish security policies for dynamic workloads, and still requires a lot of manual work.
Chris king, vice president of product marketing of VMware’s network and security business unit, said that NSX provides a way to generate a risk allocation “container” for virtual machines. In this way, no matter how the workload moves in a dynamic environment, the rules of risk and security configuration will follow it and be automatically applied. NSX also provides a way to create “traffic diversion rules”, and NSX is seen as a way to add a software defined network to a VMware based network.
There may be challenges in trying to integrate Palo Alto’s next-generation firewall (complex application aware firewall, which can establish identity based control and intrusion prevention) with VMware’s NSX (new network and security layer).
Au and king said their goal is to deploy security policies for Palo Alto’s next-generation firewall based on virtual machines. This next-generation firewall was initially configured by Palo Alto management console Panorama. The traffic diversion rules for this network will be configured by VMware’s NSX management console. The management products of the two companies need to share some information to achieve these goals, including “content” and machine inventory.
King said that the two companies have worked together for some time. They are very clear about their goals. The beta test has now begun and is expected to be launched in the first half of 2014. Although this is the first strategic partnership around NSX, VMware does not say it will be the only partner.
spotodumps .com