When workloads migrate between on-premises and cloud environments, the differing security postures for those different environments can cause a problem. You might secure a workload one way on-premises and a different way in the cloud. Those differences are a barrier to seamless portability —which is one of the reasons a cloud environment was so attractive as a complement to an on-premises data center in the first place.
In a traditional networking model, security is tied to IP addresses, ports, and local firewalls. When you move the workload from an on-premises environment to the cloud, it exists outside of those security constraints that are inside the enterprise firewall. The challenge is to maintain the same security parameters in the cloud that exist inside the on-premises firewall. But maintaining consistency across the two environments can be incredibly difficult, especially as the networking environment becomes more complex and the volume of workloads multiplies.
With NSX, you can protect the workload every place it moves. NSX can even help secure workloads on the same machine by preventing any sort of interaction between them-- controlling east-west traffic that can be otherwise difficult to monitor and manage. The networking and security policies associated with the workload become linked to the virtual machine and move with it. The security posture remains the same, whether the workload originated on-premises or in the cloud, and regardless of where it moves. The settings and policies stay consistent as the workload moves back and forth between on-premises and cloud environments.
To take advantage of this portability, the enterprise needs to ensure that the initial security posture established through NSX is rigorous and comprehensive from the outset. This is where a knowledgeable partner like Presidio can add value. They can help the business establish the appropriate protocols and policies for the workloads to ensure consistency across both the on-premises and cloud environments.
This portability is possible because NSX abstracts networking and security from physical hardware much the same way vSphere abstracts server workloads. The enterprise can define the security posture once, and apply that blueprint to other workloads. Once defined, the policies move with the virtual machine, even if that’s into the public cloud or another data center location.
To understand the value of this portability, consider the example of a business that has grown rapidly through multiple overlapping acquisitions. The integration of companies translates into a rapid pace of change in the data center. It’s an ongoing challenge to maintain current workloads and to predict the needed capacity for new workloads coming in. IT has to anticipate power, cooling, floorspace, and cabling needs with the knowledge that those needs will change with a new acquisition — and the planning process will begin again. The business could play a never ending guessing game, or it could look to VMware Cloud on AWS for the additional infrastructure it needs. Instead of adding servers to its existing data center and establishing new security policies and postures with each acquisition, the business can tap into the on-demand resources in the cloud — with the option of moving workloads back on-premises if and when needed. If the business is facing long lead times for a storage array or a server for on-premises, it can move the workload to the cloud until the hardware is ready and available.
In essence, the portability that NSX makes possible actually helps to future proof the business. With the flexibility to scale up or down and securely move workloads when needed, IT can deliver whatever capacity the business needs, whenever needed. Expand out to take advantage of a competitive opportunity, or to test out a new innovation, and speed time to market because the security and networking policies are already defined and easily applied.