want Security??? then use Software Defined Networking [SDN]
- Virtual networks — a Isolated web of Machines. Only the Machines on this Web can talk to each other. Complete security for the Machines.
- Subnets within a Virtual Network are called “Microsegmentation”.
- Every App will have its own Virtual network and Subnets within the Virtual network.
- Create One Virtual network for One Application — private address space
- Create One Subnet for each Tier of App.
- Use private address space for NAT
- Only enable Load balancer to connect on Ports of the Client Server Apps
- Only enable outbound NAT on VM’s
- SDN Firewalls — works at VM — vSwitch level and not at Physical device — switches
- We can set Firewall rules at Virtual Switch level so we can do this automatically using API or Agents or Schedule this or set this on Alarms or Triggers.
- SDN Firewalls — please do not touch the Physical networking devices … enjoy the API automation and scripting, the easy way.
- Every Physical Host will have its own Virtual Switch — for multiple VM’s running on that Host.
- Configure Access Control List RULES at Subnet level, so that this will scale well across all VM’s running in that Subnet and if VM’s are running on Multiple Hosts these rules will work automatically.
- ACL can be reused across Subnets.
- Firewalls are enforced by Virtual switches.
- Firewall rule-> SRC & DEST ports, SRC & DEST address and Protocol
- By default all Inbound connections are Denied for all VM’s.
***Source: Microsoft Ignite session on SDN