Interview with Sjors Robroek on NSX and NEN7510 compliancy

Sjors RobroekThe year 2016 was great in many ways. Many awesome projects, new (happy) customers and some of our colleagues gained the highest certification available on VMware Technology: VMware Certified Design Expert (VCDX) on different focus areas (Data Center Virtualization, Desktop & Mobility and Network Virtualization). One of these colleagues is Sjors Robroek.

In a new item on our blog site, we are going to interview ITQ colleagues on their role, interesting projects or certification. This first edition it’s Sjors’ turn.

What is your role within ITQ?

As a Software-Defined Data Center (SDDC) consultant, my daily role consists of a mix of responsibilities on a variety of subjects in a variety of roles ranging from presales to a subject matter expert implementing or troubleshooting extremely technical in-depth systems. As a relatively small company niche player one does not have the luxury to focus on a single subject or role. As such – depending on the customer – I’ll be working with a large amount of products, both within as well as outside the VMware ecosystem. Earlier in my IT career I’ve done a lot of work on Cisco networking and security, and when VMware announced the acquisition of Nicira I’ve been following the development of both NSX for vSphere as well as NSX for Multi-Hypervisor (currently rebranded as NSX-T) and evangelising Software-Defined Networking (SDN) and Network Function Virtualisation (NFV). Having a head start in both networking and virtualisation helped me in getting the required experience to become a subject matter expert in NSX, culminating in becoming the first VCDX-NV in the Netherlands and the Benelux. With NSX maturing as a product, we have seen SDN and NFV technologies gain a significant amount of traction and VMware becoming a market leader in the field of networking and security.

You have been working on a project for a national hospital in the Netherlands. What was/were the driver(s) behind this project?

The main driving forces behind this project were two-fold: one was the simplified management and operations of their virtualised network, significantly reducing the lead time for changes and the amount of work required by multiple teams involved in IT operations, as well as allowing future automation projects for their SDDC infrastructure. The other main driving force was the desire to move towards a zero-trust security policy for systems containing sensitive data such as patient records and applications managing medical systems.

VMware NSX was one of the main components in the solution. Why did the customer choose NSX?
One of the main reasons to choose VMware NSX was due to the integration with their vSphere virtualisation platform. While the customer has Cisco ACI as their physical underlay, VMware NSX allows their virtualisation administrators to perform most of the day-to-day operations, changes and monitoring without requiring them to go through the network operations team. The distributed firewall functionality allows for on-demand policy enforcement based on a standardised security framework, while vRealize Log Insight allows for the auditing of traffic flows at the virtual machine level to comply with regulatory compliance.

What challenges did NSX solve for the customer?

As the customer was moving towards a Software-Defined Data Center, VMware NSX allows them to reduce the impact and complexity of network changes. In addition, the distributed firewalling significantly simplifies regulatory compliance for healthcare providers. NSX has significantly simplified the impact of the operational aspect of their virtualize infrastructure and reduced the amount of work for their network administrators.

Did you experience any problems along the way?

We did run into a few minor issues during the course of the project, though most were relatively minor and resolved quickly. As this project was the first experience with Cisco ACI as a physical underlay for the customer’s network operations team as well as the SDDC project team, this caused some delays during the implementation of the NSX solution due to knowledge and experience with classical network infrastructures not always being applicable to a Software-Defined Network infrastructure.

How did you migrate the workloads to the new infrastructure?

As the customer was open to multiple possibilities, depending on various factors such as cost, availability, rollback time and complexity of the procedure, we have proposed a number of scenarios, including lifting and shifting of physical hosts, migration through their Veeam backup solution and moving the virtual machines through vCenter registration. Ultimately we chose the method that unregisters the virtual machine from the source and registers it at the destination vCenter. This had the least impact on the virtual machine and was the easiest to manage. The actual migration was done overnight in only a few days, as the whole procedure had been automated with PowerCLI and PowerNSX, requiring operations teams to only fill out an excel sheet to manage the batch migration process from start to finish.

You have written a whitepaper about VMware NSX and the NEN 7510 security compliancy in healthcare. What are you hoping do you want to achieve with this whitepaper?

As Software-Defined Network is a relative newcomer in the field of networking and security, I believe that a significant amount of organizations are not fully aware of the added benefits compared to classical firewalling or might still be using methodologies designed for legacy security architectures. Through spreading knowledge on the added value and benefits of Software-Defined Network and Network Function Virtualization, I’m hoping to increase knowledge create awareness on the impact of SDN and NFV on existing network security frameworks, the way we think about network segmentation and the case for – previously unattainable – true Zero Trust security architectures.

More about Sjors can be found here or on his personal blog site.

The white paper about VMware NSX and the NEN7510 security compliancy can be downloaded here.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

*