Webinar Description
Key Takeaways
- Explores practical strategies for migrating security policies from VMware NSX Distributed Firewall (DFW) to Calico in Kubernetes environments
- Demonstrates how NSX DFW’s distributed enforcement and tiered governance map to Calico’s capabilities
- Details the translation of NSX tags and security groups to Kubernetes labels and Calico selectors
- Highlights incremental migration approaches to minimize risk and avoid disruptive cutovers
- Focuses on cloud-native security challenges for organizations moving from vSphere/NSX to Kubernetes
The session “NSX DFW to Calico: Migrating Security Policy Without Starting Over” addresses a pressing challenge for enterprises transitioning from VMware NSX to Kubernetes: how to preserve years of carefully crafted security policy work without starting from scratch. As organizations accelerate their adoption of Kubernetes, the need to translate established network security models into cloud-native constructs has become a critical operational concern.
Industry Context: Security Policy Migration in the Cloud-Native Era
Enterprises with significant investments in NSX DFW often face a daunting task when moving workloads to Kubernetes. The networking and security paradigms between vSphere-based environments and Kubernetes differ fundamentally, making direct policy replication complex. This event situates itself at the intersection of legacy infrastructure and modern cloud-native platforms, offering a roadmap for organizations seeking continuity and compliance during migration.
Translating NSX DFW to Calico: Core Themes
The session provides a detailed walkthrough of the NSX DFW model, illustrating how its core principles—distributed enforcement, policy portability, and attribute-based identity—can be mapped directly to Calico’s network policy framework. Attendees are guided through the process of translating NSX tags and security groups into Kubernetes labels and Calico selectors, ensuring that security intent is preserved as workloads shift to new environments.
Incremental Migration, Not a Big-Bang Cutover
One of the session’s central messages is the value of incremental migration. Rather than forcing a disruptive, all-at-once transition, the approach leverages Calico flow logs and Kubernetes-native constructs to replicate NSX’s security posture step by step. This reduces operational risk and allows teams to validate policy effectiveness throughout the migration process.
Operationalizing Kubernetes-Native Security
Beyond technical translation, the event explores how Kubernetes-native RBAC and governance models can be used to maintain compliance and control. The discussion extends to practical implications for security engineers, platform teams, and IT leaders responsible for safeguarding workloads in dynamic, cloud-native environments.
Who Should Attend
The session is tailored for security engineers, architects, platform and cloud infrastructure teams, DevOps and SRE professionals, and IT leaders overseeing cloud migration initiatives. It is particularly relevant for organizations with established NSX DFW policies on vSphere that are planning or executing a move to Kubernetes.
Technologies and Sponsors
The event is hosted by Tigera and centers on Calico as the network policy platform of choice for Kubernetes environments. VMware NSX DFW, Kubernetes labels, NetworkSets, and RBAC are among the key technologies discussed. The session is delivered in a virtual, hands-on format by a technical marketing manager from Tigera, emphasizing practical demonstration and real-world applicability.
Why This Topic Matters Now
As enterprises accelerate their cloud-native journeys, the ability to migrate security policies without disruption is more than a technical challenge—it’s a business imperative. The session’s focus on translation rather than wholesale rebuilds reflects a broader industry trend toward operational continuity and risk mitigation during digital transformation.