Simplifying Security Operations for Dell HCI Platforms with NSX
Thu, 08 Sep 2022 16:58:04 -0000|
Read Time: 0 minutes
Today, most technology companies in the IT space work to offer customers not only the best technology innovations but also those that help simplify their day-to-day lives.
One example of this is the new vCenter plug-in for NSX-T, introduced with vSphere 7.0 Update 3c and NSX-T 3.2. Through this new deployment method for NSX-T, management and operations users can now use NSX-T as a plug-in for vCenter, similar to how earlier versions of NSX were configured. Through wizard-assisted operations, security policies can easily be configured, deployed, and operated within vCenter.
Figure 1. The new vCenter plug-in for NSX-T simplifies security deployment and operations
For Dell HCI platforms such as VxRail, vSAN Ready Nodes, and PowerEdge servers hosting vSAN-based workloads, NSX becomes an optimal network and security engine.
Figure 2. Dell HCI platforms such as VxRail or vSAN Ready Nodes become the perfect targets for the new vCenter plug-in
The whole process is simple. It can be completed by following these steps:
- Install NSX-T Manager and provide a license key.
- Install the new method to configure and operate NSX security, the vCenter plugin for NSX.
- Configure the distributed firewall policies for the HCI cluster:
a. Define infrastructure services as needed (DNS, DHCP, custom…).
b. Create the environment to consume the defined infrastructure services.
- Define how the elements in the environment can communicate with each other.
- Define communication strategies for applications in the environment.
- Review and verify the defined security policies before they are published and effective.
Figure 3. Defined NSX security rules can be reviewed before going live
If you want to learn more about how simple security operations can become with the new vCenter plug-in for NSX, take a look at this video.
Author: Inigo Olcoz
- VxRail Info Hub
- vSAN Ready Nodes Info Hub
- HCI Security Simplified: Protecting Dell VxRail with VMware NSX Security
- Simplifying Security Deployment and Operations for Dell HCI Platforms
- Video: Simplifying HCI Security with the New vCenter Plug-in for NSX
Related Blog Posts
New VxRail Node Lets You Start Small with Greater Flexibility in Scaling and Additional Resiliency
Mon, 29 Aug 2022 19:00:25 -0000|
Read Time: 0 minutes
When deploying infrastructure, it is important to know two things: current resource needs and that those resource needs will grow. What we don’t always know is in what way the demands for resources will grow. Resource growth is rarely equal across all resources. Storage demands will grow more rapidly than compute, or vice-versa. At the end of the day, we can only make an educated guess, and time will tell if we guessed right. We can, however, make intelligent choices that increase the flexibility of our growth options and give us the ability to scale resources independently. Enter the single processor Dell VxRail P670F.
The availability of the P670F with only a single processor provides more growth flexibility for our customers who have smaller clusters. By choosing a less compute dense single processor node, the same compute workload will require more nodes. There are two benefits to this:
- More efficient storage: More nodes in the cluster opens the door to using the more capacity efficient erasure coding vSAN storage option. Erasure coding, also known as parity RAID, (such as RAID 5 and RAID 6) has a capacity overhead of 33% compared to the 100% overhead that mirroring requires. Erasure coding can deliver 50% more usable storage capacity while using the same amount of raw capacity. While this increase in storage does come with a write performance penalty, VxRail with vSAN has shown that the gap between erasure coding and mirroring has narrowed significantly, and provides significant storage performance capabilities.
- Reduced cluster overhead: Clusters are designed around N+1, where ‘N’ represents sufficient resources to run the preferred workload, and ‘+1’ are spare and unused resources held in reserve should a failure occur in the nodes that make up the N. As the number of nodes in N increases, the percentage of overall resources that are kept in reserve to provide the +1 for planned and unplanned downtime drops.
Figure 1: Single processor P670F disk group options
You may be wondering, “How does all of this deliver flexibility in the options for scaling?”
You can scale out the cluster by adding a node. Adding a node is the standard option and can be the right choice if you want to increase both compute and storage resources. However, if you want to grow storage, adding capacity drives will deliver that additional storage capacity. The single processor P670F has disk slots for up to 21 capacity drives with three cache drives, which can be populated one at a time, providing over 160TB of raw storage. (This is also a good time to review virtual machine storage policies: does that application really need mirrored storage?) The single processor P670F does not have a single socket motherboard. Instead, it has the same dual socket motherboard as the existing P670F—very much a platform designed for expanding CPU and memory in the future.
If you are starting small, even really small, as in a 2-node cluster (don’t worry, you can still scale out to 64 nodes), the single processor P670F has even more additional features that may be of interest to you. Our customers frequently deploy 2-node clusters outside of their core data center at the edge or at remote locations that can be difficult to access. In these situations, the additional data resiliency that provided by Nested Fault Domains in vSAN is attractive. To provide this additional resiliency on 2-node clusters requires at least three disk groups in each node, for which the single processor P670F is perfectly suited. For more information, see VMware’s Teodora Hristov blog post about Nested fault domain for 2 Node cluster deployments. She also posts related information and blog posts on Twitter.
It is impressive how a single change in configuration options can add so much more configuration flexibility, enabling you to optimize your VxRail nodes specifically to your use cases and needs. These configuration options impact your systems today and as you scale into the future.
Author: David Glynn, Sr. Principal Engineer, VxRail Technical Marketing
Latest Security Enhancements for VxRail– April 2022
Tue, 26 Apr 2022 15:59:16 -0000|
Read Time: 0 minutes
VxRail is the only co-engineered, fully integrated, pre-configured, and pre-tested VMware hyperconverged integrated system that is optimized for VMware vSAN. This has been the case since VxRail was launched over six years ago in February of 2016. VxRail is a truly remarkable “Better Together” story. It stands out as a testament to tight integration work, as no other vendor has gone as deep in their integration as VxRail has with vSAN.
VxRail’s simplicity, scalability, and performance, along with the ongoing rapid pace of innovation, make it a platform for data center modernization and more. One could say that VxRail helps future proof businesses. VxRail also provides a fast and straightforward path to this security transformation from Cloud to Core to Edge.
Dell Technologies created and, for years, has maintained the Dell VxRail: Comprehensive Security by Design white paper which provides an overview of VxRail security features, updates, and details about security options. Security on the VxRail is part of its DNA; it was in the foreground of the concept. Security is similar to the medical industry as it requires continuous learning, skills, and process updates. Keeping up with security demands requires users to follow these same practices, and there is always more that can be done.
The following links provide detailed information about VxRail. If you are not familiar with VxRail, use these two links to gain additional insight into the product.
- VxRail Interactive Journey — VxRail Interactive Journey provides a better way for technical buyers to get familiar with VxRail and quickly come away with what makes VxRail awesome through an immersive experience for consuming videos, podcasts, and interactive demos.
- Dell VxRail System TechBook — The TechBook is a conceptual and architectural review of the Dell VxRail, optimized for VMware vSAN. The TechBook describes how hyperconverged infrastructure drives digital transformation and focuses on the VxRail system as a leading hyperconverged technology solution.
The following list includes key security updates that are provided in the April 2022 version of the white paper:
- CloudIQ — Updates the CloudIQ section to include the rebranding from MyVxRail to CloudIQ. The switch to CloudIQ brings consistency while delivering the same quality of service across Dell Technologies solutions.
- Role Based Access Control (RBAC) — Adds the use of RBAC to keep customer data safe and with independent viewing so that customers can only view their own data.
- Ransomware — Provides new details, especially regarding the supply chain, focusing on the growth in the number of targeted attacks and business types.
- Snapshot recovery — Describes the shift to using vSAN snapshots as a means of recovery, specifically using point-in-time recovery snaps to create backups.
VxRail is the only HCI system on the market that fully integrates Dell PowerEdge Servers with VMware, vSphere, and vSAN. Because VxRail is built on our award-winning PowerEdge platform, we inherited security features native to our hardware. Additional information about security, such as these PowerEdge and VMware white papers, provides deeper and more specific security-related information about VxRail.
- Technical White Paper: Cyber Resilient Security in Dell PowerEdge Servers —The PowerEdge paper details the security features built into in the PowerEdge Cyber Resilient Platform, many enabled by the Dell Remote Access Controller (iDRAC9).
- VMware Product Security — VMware Product Security provides an overview of VMware's commitment to building trust with the customer.
This blog is a high-level overview of some information in the newly revised security features. There is a continuous effort to enhance VxRail security landscapes. This blog is to simplify the delivery of security information and to keep it relevant for our readers.
This white paper describes both integrated and optional security features, best practices, and proven techniques for securing your VxRail system from the Core to the Edge to the Cloud.
VxRail Interactive Journey provides a better way for technical buyers to get familiar with VxRail and quickly come away with what makes VxRail awesome through an immersive experience for consuming videos, podcasts, and interactive demos.
The TechBook is a conceptual and architectural review of the Dell VxRail, optimized for VMware vSAN. The TechBook describes how hyperconverged infrastructure drives digital transformation and focuses on the VxRail system as a leading hyperconverged technology solution.
The PowerEdge paper details the security features built into in the PowerEdge Cyber Resilient Platform, many enabled by the Dell Remote Access Controller (iDRAC9)
VMware Product Security provides an overview of VMware's commitment to building trust with the customer