This website uses cookies to ensure you get the best experience on our website. More info
Got It!
Close

Microsegmentation and its Prerequisite

October 16, 2018


“Microsegmentation” has created a lot of buzz in the data center world, especially with the growth of platforms such as VMware NSX.

So, what is Microsegmentation?
In order to understand Microsegmentation better, it is important to understand the concept of VLAN’s. A VLAN defines which devices can talk to each other without physically having to install separate networks. For example, devices on VLAN 10 can only talk to other devices in VLAN 10 and not to devices in VLAN 20 or VLAN 30.

However, the problem with the VLAN’s are that since its on layer 2, and a problem with a single NIC or a corrupted frame can disrupt the entire network. This can affect a single VLAN or several if the switch ports are trunked. Therefore, VLANS’s may not be sufficient for a modern datacenter.
Moreover, software-defined networking has paved the way for micro-segmentation. Micro-segmentations are designed to segment the east-west network traffic between servers. It allows devices/servers to talk to communicate with one-another using logical routers without the need for centralized physical switches or routers. 

For example, consider a service like SharePoint, that would consist of multiple VM’s. ie. A load balancer, database file server, webserver, etc. These VM’s need to communicate with one another, but there is no reason for them to talk to anything else. Instead of creating separate “zones” such as DMZ, we can isolate these VM’s into their own virtual network using micro-segmentation.

Prerequisite for Microsegmentation
To create micro-segments, it is important to have a full understanding of application interactions, the server interdependencies, the server operating systems and what kind of data that can be transmitted between the different VM’s.

It is important to use tools that can provide automated application dependency maps, provide server interdependencies and the ports that need to be opened between different VM’s.

Uila has the capability to provide application dependency maps and export them into an excel sheet, so that you can plan to micro-segment your environment. 




Microsegmentation is tedious to create, but once it’s done, it makes your environment a lot easier to secure and maintain.

Check out more information on micro-segmentation from the following links –
https://www.vmware.com/pdf/vmware-validated-design-30-microsegmentation-planning-preparation.pdf

Note: This article was witten by Aditya Krishnan, TME at Uila and published originally on his personal blog site http://www.dcdummy.com/. 
© 2024 Uila, Inc.  All rights reserved.