In two separate collaborations, Arista Networks is working with VMware and Zscaler to bring more consistent security policy to its customers. Arista is working with VMware to bring common security policy enforcement to virtual and physical workloads. And with Zscaler, it’s working to bring that company’s north-south traffic security together with Arista’s own east-west traffic security.
VMware’s NSX network virtualization platform has a security policy engine to control access between virtual machines (VMs) and the workloads on those VMs. This is known as microsegmentation. Now, Arista is leveraging NSX’s microsegmentation ability to bring the same security to physical machines that might be in the data center environment along with the VMs.
“We’re bringing the physical to VMware, that it wouldn’t otherwise see, into their security domain,” said Jeff Raymond, Arista’s VP of EOS products and services. “The security policy is coming from VMware and being used by Arista switches. Most networks might not be 100 percent virtualized. This is common policy across the entire data center, which includes physical and virtual.”
One of the challenges with security, in general, is that every place in the network tends to have its own security solution. “If you have a policy in your data center network and policy in your cloud network and campus network, it’s pretty complicated to manage all those security policies,” said Raymond.
Rather than creating another set of policies, Arista is leveraging VMware’s NSX microsegmentation policy and sharing that via open APIs to Arista’s CloudVision software, which has full visibility of the physical network.
vEOS and Zscaler
Last September, Arista announced its vEOS Router, which uses the same Extensible Operating System (EOS) that runs across the Arista switching family, except that the vEOS Router runs as a hypervisor package.
Today, Arista unveiled a new capability of its vEOS Router — Zone Segmentation Security. It provides segmentation for inter- and intra-cloud network traffic (east-west traffic) via stateful policy enforcement. vEOS Router can provide common segmentation functionality across any public cloud platform where the vEOS Router is supported, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform.
Of Arista’s Zone Segmentation Security, Raymond said it’s “a simplified way of configuring security interfaces.” He added, “The context is relative to a traditional access control list. This is an advanced access control list that allows you to apply policies to zones.”
In addition, Arista will use Zscaler’s Private Access for securing connections between internal applications and authorized users. Zscaler’s Private Access integrates with the Arista vEOS Router, extending the security approach across multiple cloud platforms. The combination brings together Arista’s secure control of east-west traffic with Zscaler’s zero-trust access for all north-south application traffic.
Raymond said, “Zone segmentation is commonly used in the public cloud environment to segment traffic that is east-west. Arista can handle east-west traffic with the vEOS router and zone segmentation feature. Zscaler provides a complementary segmentation that is focused on north-south traffic from campus or branch to cloud workloads.”