VMWare White Paper: Network Segmentation for Virtualized Environments



As virtualization becomes the standard infrastructure for server deployments, a growing number of organizations want to consolidate servers that belong to different trust zones. A trust zone is loosely defined as a network segment within which data flows relatively freely, whereas data flowing in and out of the trust zone is subject to stronger restrictions.
Examples of trust zones include:

  • Demilitarized zones (DMZs)
  • Payment card industry (PCI) cardholder data environment
  • Site-specific zones, such as segmentation according to department or function
  • Application-defined zones, such as the three tiers of a Web application

The introduction of virtual technology does not have to significantly change the network topology. As with other parts of the network, virtual technology merely enables server consolidation by replacing physical servers with virtual servers that function exactly the same way — and need to be configured in much the same way — as their physical equivalents. You can consolidate servers using virtual technology without mixing trust zones and continue to rely on your existing security infrastructure.

Additional information