Policy, Security, and Compliance
The agility and power of virtualization and cloud packages have brought new capabilities in automation, time to market, and IT flexibility. However, the same factors that contributed to this success also make the hypervisor a critical target for hackers and a prime candidate for enhanced security.
Outsider are not the only concern. With NSX, you need to keep insiders such as virtual administrators in their “swim lanes.” Role and asset-based access control help you define who can do what to which objects, with workflows supporting secondary approval for sensitive and high impact operations.
Audit and Logging
Comprehensive logs are indispensable for forensic. HIPAA and PCI-DSS require unique user IDs, source IP addresses, before/after states of reconfigured resources, and record of failed/denied operations. Entrust CloudControl captures these to help with compliance, forensics, and troubleshooting.
Entrust CloudControl identifies configuration errors in VMware vSphere hosts using pre-built assessment frameworks for PCI DSS, CIS Benchmark, VMware Best Practices, and custom user-defined templates. Using active remediation and proactive monitoring the solution also ensures ongoing compliance.
Virtualization has changed the world of IT forever.
We now have tremendous agility and the ability to spin up infrastructure in seconds, but these advances have not come without challenges.
In the past, storage, compute and networking were all managed via different interfaces owned by different groups in IT. VMware NSX enables everything to be managed by a single interface. Do you really want your server team making changes to the network? Do you really want your network guys rolling out servers?
Access Control for NSX allows you fine grained control over who can do what. Role-based access control, allows audit (and security best practices) friendly separation of duties and least privilege. Strong authentication including two factor authentication such as RSA SecurID and CA Authminder as well as RADIUS and TACACS+ support help ensure the right people have access to your admin console. Enhanced logging helps not only with compliance but also troubleshooting.
Access control is fine grained, with dozens of NSX specific permissions and six new NSX specific, predefined admin roles such as Network Engineer, Firewall Admin and Security Auditor. Better yet, all roles are customizable, ensuring that the tool adapts to meet your needs rather than you having to adapt to the software.