* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Events](https://www2.paloaltonetworks.com/blog/category/events/)
* Streamlining Security Pol...

# Streamlining Security Policy Management within the Software-Defined Data Center

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F08%2Fvmworld-sddc%2F)  
[](https://twitter.com/share?text=Streamlining+Security+Policy+Management+within+the+Software-Defined+Data+Center&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F08%2Fvmworld-sddc%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2016%2F08%2Fvmworld-sddc%2F&title=Streamlining+Security+Policy+Management+within+the+Software-Defined+Data+Center&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2016/08/vmworld-sddc/&ts=markdown)  
\[\](mailto:?subject=Streamlining Security Policy Management within the Software-Defined Data Center)  
Link copied  
By [Sai Balabhadrapatruni](https://www.paloaltonetworks.com/blog/author/sbalabhadrapatruni/?ts=markdown "Posts by Sai Balabhadrapatruni")  
Aug 29, 2016  
3 minutes  
[Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown)  
[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)  
[SDDC](https://www.paloaltonetworks.com/blog/tag/sddc/?ts=markdown)  
[security](https://www.paloaltonetworks.com/blog/tag/security/?ts=markdown)  
[Tufin](https://www.paloaltonetworks.com/blog/tag/tufin/?ts=markdown)  
[VMware](https://www.paloaltonetworks.com/blog/tag/vmware/?ts=markdown)  
[VMworld](https://www.paloaltonetworks.com/blog/tag/vmworld/?ts=markdown)

Data center security policy definition, deployment and management has traditionally remained a manual process, which is error-prone and tends to limit the effectiveness of the defined security posture. The security posture is weakened with the usage of rudimentary network domain specific layer-2/layer-3 primitives such as IP addresses, VLANs, ports and protocols that do not detect or prevent sophisticated attacks from finding a way around layer-2/layer-3 based policies.

The challenge of defining a uniform, automatable security policy is further exacerbated when sources of security policy are spread across multiple point products such as legacy firewalls, IPS, IDS and web security services. Each of these policy sources may have competing objectives and is subject to policy changes of varying frequency. Each also tends to have inconsistent automation capabilities and have little to no policy interaction with other data center services.

In other words, this is a lot to manage. Manual security policy management is not sustainable in today's dynamic IT environments, especially in software-defined data centers (SDDC). There is also a need for expressive security domain-specific policy language that provides rich primitives for building a uniform security policy across your SDDC -- and is extensible to public cloud environments.

### **An automated security policy for SDDC**

The joint integration between VMware NSX and Palo Alto Networks VM-Series virtualized next-generation firewalls solves the problem of automating security policies across the SDDC. Infrastructure configuration changes and application mobility information are translated into security policy compliance without error. The process is automated using API interfaces between the VMware NSX manager and Panorama, our network security management platform.

Palo Alto Networks security policy language provides expressive primitives such as dynamic address groups that can translate policy primitives from other data center services such as security tags from VMWare NSX manager. The 'security profiles' construct provides extensive layer-7 primitives for in-depth matching of content. Together, these security domain specific constructs extend the expressiveness of the policy beyond the limitations of port/protocol primitives.

Data center policy governance is dependent on multiple sources of policy across different network infrastructure elements. Panorama provides a cohesive security policy management of your physical and virtual next-generation firewalls, and it's made that much more powerful when integrated with partners such as Tufin. Tufin's security orchestration suite, integrated with Panorama, ensures that the interactions across data center network policies and security policies happen in a streamlined manner.

Learn more about how [SDDC policy orchestration by Tufin](https://www.tufin.com/blog/vmworld-realizing-the-full-potential-of-sdn/)can help with security policy management within SDDC. Palo Alto Networks, VMWare and Tufin integration provides streamlined security policy management and meets the organizational compliance mandates of your SDDC.

Visit us at VMworld US 2016 (booth #1423) to learn more about how we protect applications, prevent threats, and automate security within SDDC environments. And while you're here at VMworld, [make sure you see and hear our other sessions, too.](https://www.paloaltonetworks.com/blog/2016/08/meet-palo-alto-networks-experts-at-vmworld-2016/)

*** ** * ** ***

## Related Blogs

### [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Mobile World Congress Recap: The Convergence of SASE and 5G](https://www2.paloaltonetworks.com/blog/sase/mwc-recap-sase-and-5g-convergence/)

### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### CYBERFORCE Hero Profile: Unlocking Customer Value](https://www2.paloaltonetworks.com/blog/2019/03/cyberforce-series-unlocking-value-customers/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Visit Us at VMworld 2018 USA](https://www2.paloaltonetworks.com/blog/2018/08/visit-us-vmworld-2018-usa/)

### [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Q4 FY18 Global Partner Webinar Recap](https://www2.paloaltonetworks.com/blog/2018/07/partner-q4-fy18-global-partner-webinar-recap/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown)

[#### Come Learn About Touchless Deployment of Secure Developer VPCs on Amazon Web Services](https://www2.paloaltonetworks.com/blog/2017/10/come-learn-touchless-deployment-secure-developer-vpcs-amazon-web-services/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Congratulations Global Partner Award Winners: 7 Partners Recognized for Superior Performance](https://www2.paloaltonetworks.com/blog/2016/09/congratulations-global-partner-award-winners-7-partners-recognized-for-superior-performance/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language