Transcript Security Solution 4 Cloud Virtualization By Vmware

Vshield Suite-Vmware
Security Solution for Cloud / Virtualization
By
)
(
1394
94/03/20
94/04/10
1.0
1.1
1
2
Vshield Suite
vCloud Networking and Security ( VCNS )
NSX
• VMware® vShield is a suite of security virtual appliances built
for protecting virtualized datacenters from attacks and misuse
• vShield Components
–
–
–
–
–
vShield Manager
vShield Zones*
vShield App
vShield Edge
vShield End Point ( Data Security )
• vShield Manager
– The vShield Manager is the centralized network
management component of vShield suite and is
installed from OVA as a virtual machine by using
the vSphere Client.
– Using the vShield Manager user interface,
administrators install, configure, and maintain
vShield components
• vShield Zones
• vShield Zones, included with the vShield Manager, provides firewall protection for
traffic between virtual machines
• vShield App
•
vShield App is an interior, vNIC‐level firewall that allows you to create access
control policies regardless of network topology. A vShield App monitors all traffic in
and out of an ESX host, including between virtual machines in the same port group.
vShield App includes traffic analysis and container‐based policy creation.
• vShield Edge
•
•
vShield Edge provides network edge security and gateway services to isolate the
virtual machines in a port group, vDS port group, or Cisco® Nexus 1000V.
Common deployments of vShield Edge include in the DMZ, VPN Extranets, and
multi‐tenant Cloud environments where the vShield Edge provides perimeter
security for Virtual Datacenters (VDCs).
• vShield End Point
•
vShield Endpoint delivers an introspection‐based antivirus solution. vShield
Endpoint uses the hypervisor to scan guest virtual machines from the outside
without a bulky agent
vShield Zones
Firewall Rules
vShield App
• vShield App is an interior, vNIClevel firewall
that allows you to create access control
policies regardless of network topology. A
vShield App monitors all traffic in and out of
an ESX host, including between virtual
machines in the same port group. vShield App
includes traffic analysis and container‐based
policy creation.
vShield App
• VMware vShield App, part of the VMware vShield
family of virtualization security products, protects
as applications in the virtual datacenter from
network based threats. vShield App gives
organizations deep visibility into network
communications between virtual machines and
enables granular policy enforcement with
security groups. The solution also eliminates the
hardware and policy sprawl associated through
traditional measures, resulting in a cost-effective
solution that helps customers to go beyond the
limitations of physical security.
Key Benfits
• Increase visibility and control over network
communications between virtual machines.
• Eliminate the need for dedicated hardware
• and VLANs to separate security groups from one
another.
• Optimize hardware resource utilization while
maintaining strong security.
• Simplify compliance with comprehensive logging
of all virtual machine network activity.
Vshield App enables Granular Policy Enforcement Using
Security Groups
vShield Edge
• vShield Edge provides network edge security
and gateway services to isolate the virtual
machines in a port group, vDS port group, or
Cisco® Nexus 1000V.
• Common deployments of vShield Edge include
in the DMZ, VPN Extranets, and multi‐tenant
Cloud environments where the vShield Edge
provides perimeter security for Virtual
Datacenters (VDCs).
Consolidate edge security
hardware:
Provision edge security services,
including firewall and VPN, using
existing vSphere resources,
eliminating the need for hardwarebased solutions.
Ensure performance and availability
of web services:
Efficiently manage inbound web
traffic across virtual machine
clusters with web load balancing
capabilities
Accelerate IT compliance:
Get increased visibility and control
over security at the network edge,
with the logging and auditing
controls you need to demonstrate
compliance with internal policies
and external regulatory
requirements
vShield End Point
• vShield Endpoint delivers an introspection‐based antivirus
solution. vShield Endpoint uses the hypervisor to scan guest
virtual machines from the outside without a bulky agent
Streamline antivirus and antimalware deployment:
Deploy enterprise antivirus engine
and signature file to a single security
virtual machine instead of each and
every individual virtual machine on a
vSphere host
• Improve virtual machine performance:
Securely achieve higher consolidation ratios
by the same offload mechanism as described
above
• Prevent antivirus storms and bottlenecks:
Prevent antivirus storms and bottlenecks
associated with multiple simultaneous
antivirus and anti-malware scans and updates
• Protect antivirus security software from
attack: Deploy and run the antivirus and antimalware client software in a hardened
security virtual machine to prevent targeted
attacks
Best Regards,
Alireza Ghahrood
Pm: Security Products Manager
( Security Solution Provider : Cyber Space |BigData |Cloud |Virtualization )
Sarv Co
Email: [email protected]
Tel : +98 ( 21) 88027364 Ext.136 | Cell :+98 (912) 1964383 |