Implementation of NSX security

“We have implemented NSX-T, but how should NSX-T control teams be used to microsegment our environment?”

How (the ITQ approach)

Microsegmentation is based on security in a cloud-enabled world moving more from a network-based security to application-based security, which also impacts the set-up of your organisation. Consider the existing (or new) roles, tasks and processes. The implementation of microsegmentation is approached as a project. An ITQ project manager supports the technical consultant and in particular your management and/or project organisation. If so desired, the project manager can also take on the management of the entire project.

Our starting point is that your organisation already avails of NSX, or a Software Defined Network (SDN). NSX is operational, with a base set of firewall rules, in accordance with the Security Framework. A test has also taken place in accordance with the VMware validation rules. ITQ then takes the next step with the control team: ensuring that your managers are also capable of using microsegmentation with the help of NSX. An experienced technical consultant from ITQ will hold workshops to teach your security and control teams how they can implement your security policy, security procedures and security requirements and set these down in the Security Framework, for example. Such workshops provide many insights. Examples include:

• The relationship between the company-specific security principles, such as white-listing (zero trust), application insulation, and tiering filtering.
• The creation of a compliance model that is supported and shared within the team, with each team managing its own tools and controls.
• The implementation of company-wide firewall rules for each (virtualised) server.
• Procedures in relation to monitoring and alerts whenever security risks occur, so that security teams can react directly to cyber-attacks.
• Specific help for training your security and control team to coordinate the Security Framework to your organisational requirements.
• The consolidation of roles, tasks and responsibilities from the NSX microsegmentation design.

A backlog is set up in consultation with your team. After this, working in small steps, your team takes up an item from the backlog and works on it in conjunction with ITQ. In doing so, we operate according to the principle “See one – Do one – Teach one”. We try to get your teams to do as much as possible themselves, and at certain points where this is not successful, we provide support. Our ultimate goal is to enable your team to execute all tasks themselves and get through as much of the backlog as possible. This allows you to determine the intensity or speed at which this takes place.

The project manager and technical consultant constantly check whether steps are being taken towards achieving the original objectives.  Once these objectives are achieved, your organisation is capable of working independently in the field of microsegmentation. Finally, a collective evaluation takes place, which might also contain subsequent steps or points of improvement to be taken. ​

What (result or added value):

• The management team can maintain the environment, and the organisation can be microsegmented by the control team.
• The NSX Security Framework – Micro Segmentation Design is provided and validated by ITQ.
• The NSX Security Framework – Operational Guidelines are provided and validated by ITQ.
• The NSX Security Framework – Work Instructions are provided and validated by ITQ.