How CACI Network Services used NSX to deliver a vDMZ solution to a major Telecoms group
When a major telecommunications company approached us to lead the architecture, design & implementation of a network virtualisation project for them, we knew the task wouldn’t be easy given the importance of their network.
A hosting solution for critical Operational Support System (OSS) Workloads
The aim of the project was to deliver a vDMZ hosting solution for the company’s critical OSS workloads while complying with the strict security policies they have in place – they carry a truly huge amount of mobile traffic so, as you’d expect, security is extremely important.
We were also tasked with enforcing micro-segmentation and isolation within the environment. Lastly, they requested a solution that avoided the additional hardware & support costs that are normally associated with the switching, routing & firewall functions.
“It was pretty clear that it would take all the skills and experience of our network virtualisation consultants to get this project completed on time and on budget” explains Yordan Yanev, Lead Virtualisation Consultant at CACI Network Services. “Also the software choice for the project would be key – For me, VMWare was the obvious choice given the superior security on their NSX product.”
A challenging situation
As the company runs a significant RAN & transmission network with thousands of devices in place, support operations of the network were not simple.
For this project, there was the need to supply the Network Management Systems needed in an isolated environment with access to all the devices so that they can be monitored with significantly improved security compared to what they had already.
What’s more, there was a much greater need for flexibility for changes to be made which was proving difficult given the current set up.
"CACI’s network knowledge impressed straight away. Their experience architecting virtualised network Solutions & VMware NSX allowed the new data centre network architecture to be produced very efficiently"
Looking at the challenge with his colleagues, Yordan came to the following conclusion: “Looking at the problem, we thought that a fully collapsed vDMZ solution based on VMware NSX-T would fit best. Our proposed solution complied with all the requirements while providing the flexibility and agility to the network that the client needs.”
Extended virtualisation thanks to VMware
Yordan & his team set about fleshing out the details of the solution – including provisioning the hardware & software licenses needed. The solution delivered was a vDMZ based on the NSX-V Centralised Edge’s micro-segmentation and security use case, as well as the excellent firewalling capabilities of the platform.
The decision to go with VMware meant the SDDC architecture extended the virtualisation technologies across the entire physical data centre infrastructure. “NSX for vSphere is a key network virtualisation product in the SDDC architecture.” states Yordan. “It delivers the complete set of Layer 2 through Layer 7 networking and security services in the software that were essential in this project.”
"As well as having excellent technical knowledge, CACI were able to understand our business challenge and articulate this into a technical solution"
Results we’re proud of
Having delivered the solution, both the client and ourselves were very pleased with the results. “We were able to reduce the TCO for the DMZ platform by leveraging the network & security services in the NSX-T software” Yordan explains. “The client was given complete control and management of the relevant network traffic flows. They can now effectively define and control traffic flow & patterns for maximum granularity and scalability.”
The virtual network was set up so that all the traffic entering or leaving (I.E. North – South) passed through the perimeter ESG. And all traffic passing internally within the solution (I.E. East – West) is protected by the in-kernel distributed firewall. That meant that the network was effectively prevented from being attacked.
The solution allowed total visibility & control which meant that new security services could be provisioned very quickly, and new applications could be migrated instantly.
Lastly, we made sure that a Zero-Trust security model could be easily implemented by leveraging the traffic flow analytics and endpoint monitoring in NSX.
“All the CACI architects and consultants working on the project made best use of our resources and ensured that the delivered solution was produced to a very high quality.”
Client Technology Strategist
Need help? Talk to the virtualisation experts
CACI - Network Services has a wealth of experience helping companies of all sizes understand the virtualisation opportunity using VMware NSX. We help our customers plan and execute complex virtualisation projects with ease.
How CACI Network Services used NSX to deliver a vDMZ solution to a major Telecoms group