Micro-segmentation is one of the breakthrough benefits of the VMware NSX™ network virtualization platform. NSX creates a virtual network that is independent of the underlying IP network hardware. Administrators can programmatically create, provision, snapshot, delete and restore complex networks all in software.
VMware describes micro-segmentation as the ability to “build security into your network’s DNA.” The best analogy is how plants can be engineered at the molecular or cellular levels to be pest and disease resistant.
Because hypervisors are already distributed throughout the data center, with VMware NSX you can create policies anywhere to protect anything, making security truly pervasive. In a sense, physical security is like using gloves to guard against germs. It’s external, limited protection (if someone sneezes in your face, you’re probably going to end up with a cold or flu). Micro-segmentation is like fortifying the immune system of the data center: germs (or malware) can’t get at it. Or, if something does, the system can shut it down before it spreads.
Policies are tied to virtual machines, with enforcement all the way down to the virtual network interface card, creating granularity that also isn’t possible with traditional hardware appliances.
You can also define security policies with flexible parameters, such as virtual machine name, workload type, and guest operating system type.