BlogEndpoint SecurityData Center NetworkingNetwork SecurityNetworkingSecurity Transformation
Blog3 minute read

Primer Series: NSX Application Platform (NAPP)

NSX Application Platform (NAPP) is VMware NSX-T Data Center's latest security offering which provides a centralized management, security and analytics platform with advanced threat prevention capabilities via a micro-services architecture.

In this blog

 Features and capabilities

VMware's NSX Application Platform (NAPP) provides enhanced security features within NSX-T Data Center by adding malware prevention as well as network traffic analysis capabilities via VMware's cloud-based correlation engine. NAPP security polices are enforced at the workload level, providing fully distributed, scaleable protection at the virtual machine nic (vnic).

NAPP is built from the ground up on a micro-services architecture and is deployed via Kubernetes to create a distributed, highly scaleable deployment across multiple nodes. By VMware choosing Kubernetes as the deployment platform, resiliency and high availability is able to be offloaded to Kubernetes. As your NSX-T Data Center environment grows, NAPP can be scaled up and out with a few clicks within the NSX-T UI.

 Intelligence

VMware's NSX Intelligence provides a graphical user interface to visualize aggregated network traffic flows within your NSX-T environment. This data is organized to provide security policy recommendations to assist users with micro-segmentation policy creation at the application level. Policy recommendations are generated to enforce scalable, dynamic security polices by analyzing and correlating traffic patterns within your NSX-T environment.

 Network Detection and Response

Network Detection & Response (NDR) is a cloud-based correlation engine used to analyze abnormal or malicious events to defend against MITRE ATT&CK techniques within the NSX-T data center environment. Events can be viewed and managed within the Network Detection & Response UI. Events are categorized into campaigns. Campaigns are organized into a timeline, providing security analysts to view and triage.

 Malware prevention

Malware prevention detects and prevents malicious files from entering an NSX-T environment and from spreading laterally across the data center. Malware updates are updated regularly from the NSX Threat Prevention cloud service. Suspicious traffic is also uploaded to the cloud for further analysis.

 Deployment considerations

NAPP was developed from the ground up to be deployed within pods via Kubernetes. Any Kubernetes orchestration platform or vanilla Kubernetes is supported. Within the Kubernetes cluster an available load balancer is also required for the NSX-T manager cluster to access application resources. In addition to requiring a Kubernetes cluster, a repository such as Harbor is required to store all the images and helm charts required for the initial deployment as well as upgrades. The benefit to moving away from a monolithic appliance like the previous NSX Intelligence OVA is scalability. By deploying NAPP via a micro-services architecture the applications can scale as needed across multiple Kubernetes worker nodes to accommodate environments of various sizes.

 What problem is NAPP trying to solve?

VMware's NSX Application Platform is the latest evolution within NSX-T Data Center's security product offering; creating a security suite centered around protecting workloads in a fully distributed, highly scaleable fashion. By offering these additional capabilities, end customers can leverage the same familiar NSX-T web UI with all the benefits of an SDDC product like NSX-T Data Center has to offer. WWT can help you walk through the best solution/feature set to suit your needs.