VMware Leverages NSX for Mobile, VDI Control
NSX can now be used to provide micro-segmentation for additional user security and control on mobile and virtual desktops.
VMware's NSX network virtualization technology platform isn't just about virtualizing the network for its own sake. This week, VMware announced a new integration for pairing NSX with VMware's AirWatch mobile device management product as well as Horizon, which provides desktop virtualization.
Noah Wasmer, VP of end user computing strategy at VMware, explained to Enterprise Networking Planet that AirWatch already had a per-app VPN capability to tunnel encrypted traffic back into a data center. The challenge, however, is that even with an encrypted tunnel, the user would just backend into an open network.
With the addition of NSX, a mobile user can now tunnel into the specific microsegment of the network they need. From a policy and access control perspective, the NSX microsegment can also limit the ability of a user to access restricted areas of a network when they haven't been authorized to enter them.
The same basic approach is now possible with Horizon, enabling a Virtual Desktop Infrastructure (VDI) user to be contained with a specific NSX network micro-segment, providing isolation, privacy and security control.
From a deployment perspective, for AirWatch or Horizon administrators, the path to configuring NSX microsegments is not direct. Wasmer said that traditionally, mobile, VDI and network administrators are different positions within an organization.
"What we have right now is the ability for the administrator on the mobile side to configure the application services that they want for AirWatch or Horizon," Wasmer said. "Then the organization would setup NSX through its own console."
Wasmer said that there isn't a unified configuration or setup tool currently, as that's not a need that VMware has heard from its customer base. That said, he noted that the current integration is just the first step, and the future direction might include a more integrated management approach.
In a non-NSX environment, mobile and VDI users potentially also could have been segmented and controlled through the use of traditional VLAN tagging. Chris King, vice president of product marketing at VMware, emphasized that NSX has more scale and control than a traditional VLAN. For example, a VLAN has a limit of 4,096 tags, while NSX has no such upper boundary.
From a technology perspective, the new approach to integrating AirWatch, Horizon and NSX works with the latest AirWatch 8, Horizion 6 and 6.1, and NSX 6.1 releases.
Looking forward, King said it's still early days for the integration, and there is more that will be done to expand capabilities in the future.
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.