Physical Versus Virtualized Firewalls in the Data Center

Over the last several weeks, I have been writing about security in virtualized data center environments, as part of a series of articles for Security Week. In part one, I wrote about how important it is to ensure security solutions are integrated with orchestration systems so that security does not slow down the dynamic nature of virtualization and cloud environments. In part two, I continued the discussion on security requirements beyond automation and orchestration, addressing the question: what stays the same and what changes as you move towards virtualization and cloud?

In this week’s final installment of this series for Security Week, I discuss the choice between physical and virtualized firewalls and which form factor is ideal depending on your environment. There is an assumption that just because your environment is virtualized, that your network security offering has to be virtualized too. I think there are a number of factors to consider. The choice between physical and virtual form factor is based on your needs in the data center – i.e. if you are designing your architecture such that your application trust levels are never mixed on your virtualized server, or you need really high throughput inspection for your data center, then physical firewalls may be appropriate. If you are mixing your application trust levels, it is far more efficient to safely enable applications via a virtualized firewall rather than horse-shoeing the traffic to a physical firewall.

But there are requirements such as performance, and features that you need to consider in a virtualized form factor. A virtualized firewall isn’t just a checkbox for security, it actually has to tackle modern threats and the new application landscape. The virtualized firewall also needs to support the dynamic nature of virtual machine movement and creation. Read the article for more details.