SlideShare uma empresa Scribd logo

VMware-vShield-Presentation-pp-en-Dec10.pptx

Transferir como PPTX, PDF
A
Abasse KPEGOUNI

Présentation de vmware

Engenharia
1 de 34
© 2009 VMware Inc. All rights reserved VMware vShield – Foundation for the Most Secure Cloud Deployments
2 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use Cases  Summary
3 Confidential Security Market Overview Market Size in 2012 Endpoint Security Antivirus Market Growth Rate Market Size($M) in 2009 $27B Worldwide in 2009 Anti-Virus $4,096 (7%) Application Security $2,987 (15%) Security Operations Identity Mgmt $3,565(20%) Network Security $9,136 (8%) Data Security $3,258 (19%) Endpoint Security $3,001 (2%) $713 (8%) Source: FORRESTER, 2009 Network Security Identity Management Others Segments We Address
4 Confidential Security and Compliance are the Primary Concerns with Cloud Internal IT Public Cloud  Rate Card  Hands-off  Self-service ? Control ? Security ? Compliance Virtualization forms the foundation for building private clouds. Security must change to support both. – Gartner, 2010
5 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use Cases
6 Confidential • VLAN sprawl • Gap between policy and enforcement • Manual re-implementation of security policies • Heightened risk exposures • Limited control and visibility • Organizational confusion (VI, security, network) • Hindered IT compliance • Slow provisioning • Heightened risk exposures Security Challenges Traditional Security Expensive • Specialized hardware appliances • Multiple point solutions Rigid • Policy directly tied to implementation • Not virtualization and change- aware Effect Complex • Spaghetti of different rules and policies • Security “rationing” • Heightened risk exposures
7 Confidential The vShield Advantage: Increased Security Traditional Security vShield Cost Effective • Single virtual appliance with breadth of functionality • Single framework for comprehensive protection Simple • No sprawl in rules, VLANs, agents • Relevant visibility for VI Admins, network and security teams • Simplified compliance Adaptive • Virtualization and change aware • Program once, execute everywhere • Rapid remediation Expensive • Specialized hardware appliances • Multiple point solutions Rigid • Policy directly tied to implementation • Not virtualization and change- aware Complex • Spaghetti of different rules and policies Deployments on VMware are more secure than physical
8 Confidential VMware Transforms Security from Expensive to Cost Effective Load balancer firewall VPN Load balancer Firewall VPN Etc… vShield Virtual Appliance vShield eliminates the need for multiple special purpose hardware appliances – 3-5x Savings Capex, Opex
9 Confidential VMware Transforms Security from Complex… VLAN’s agent Complex • Policies, rules implementation - no clear separation of duties; organizational confusion • Many steps – configure network, firewall and vSphere • Spaghetti of VLANs, Sprawl - Firewall rules, agents Policies, Rules Network admin Security admin VI admin Overlapping Roles / Responsibilities Many steps. Configure •Network •Firewall •vSphere Define, Implement , Monitor, Refine, agent agent agent agent agent agent agent
10 Confidential … To Disruptively Simple Few steps: Configure vShield Simple • Clear separation of duties • Few steps – configure vShield • Eliminate VLAN sprawl – vNIC firewalls • Eliminate firewall rules, agents sprawl Network admin Security admin VI admin Clear separation of Roles / Responsibilities Define, Monitor, Refine, Implement
11 Confidential VMware Turns Security from Rigid…  BEFORE vShield • Security groups tied to physical servers • “Air gaps”, i.e. physical isolation, between security groups • VMs in a security group cannot be vMotioned to other hosts DMZ PCI compliant “Air gap”
12 Confidential PCI Compliant DMZ DMZ DMZ PCI Compliant ….to Adaptive  AFTER vShield • Security groups becomes a VM construct rather than physical server construct • Security groups enforced with VM movement • Mix VMs from different groups on the same host
13 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use cases  Summary
14 Confidential Why VMware vShield is a Security Enabler ? 1. Unique introspection 2. Policy abstraction Cost Effective • Single virtual appliance with breadth of functionality • Single framework for comprehensive protection Simple • No sprawl in rules, VLANs, agents • Relevant visibility for VI Admins, network and security teams • Simplified compliance Adaptive • Virtualization and change aware • Program once, execute everywhere • Rapid remediation
15 Confidential Security Enabler: Unique Introspection Introspect detailed VM state and VM-to-VM communications vSphere + vShield Processor memory Network Benefits • Comprehensive host and VM protection • Reduced configuration errors • Quick problem identification • Reduced complexity – no security agents per VM required
16 Confidential Security Enabler: Policy Abstraction Before vShield Policy tied to the physical host; lost during vMotion Policy tied to logical attributes After vShield Benefits • Create and enforce security policies with live migration, automated VM load balancing and automated VM restart • Rapid provisioning of security policies • Easier compliance with continuous monitoring and comprehensive logging Separate the policy definition from the policy implementation Policy tied to logical attributes; follow virtual machine
17 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use cases  Summary
18 Confidential 2010 – Introducing vShield Products Securing the Private Cloud End to End: from the Edge to the Endpoint Edge vShield Edge 1.0 Secure the edge of the virtual datacenter Security Zone vShield App 1.0 and Zones Application protection from network based threats Endpoint = VM vShield Endpoint 1.0 Enables offloaded anti-virus Virtual Datacenter 1 Virtual Datacenter 2 DMZ PCI compliant HIPAA compliant Web View VMware vShield VMware vShield VMware vShield Manager
19 Confidential • Multiple edge security services in one appliance • Stateful inspection firewall • Network Address Translation (NAT) • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN (IPsec) • Web Load Balancer • Network isolation(edge port group isolation) • Detailed network flow statistics for chargebacks, etc • Policy management through UI or REST APIs • Logging and auditing based on industry standard syslog format vShield Edge Secure the Edge of the Virtual Data Center Features Benefits • Lower cost and complexity by eliminating multiple special purpose appliances • Ensure policy enforcement with network isolation • Simplify management with vCenter integration and programmable interfaces • Easier scalability with one edge per org/tenant • Rapid provisioning of edge security services • Simplify IT compliance with detailed logging Tenant A Tenant C Tenant X VMware vShield Edge VMware vShield Edge VMware vShield Edge VPN Load balancer Firewall Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance
20 Confidential vShield Lowers Cost of Security Significantly Cost per Mbps 50$ 45$ 40$ 35$ 30$ 25$ 20$ 15$ 10$ 5$ 0$ .5Gbps 1Gbps 10Gbps 100Gbps Throughput Network edge security solution (Firewall + VPN + Load balancer) vShield Edge Security appliances >5x Assumptions • 100 VM per edge • vSphere & server costs • High availability Mbps = Megabits/sec Gbps = Gigabits/sec
21 Confidential vShield App Application Protection for Network Based Threats Features • Hypervisor-level firewall • Inbound, outbound connection control applied at vNIC level • Elastic security groups - “stretch” as virtual machines migrate to new hosts • Robust flow monitoring • Policy Management • Simple and business-relevant policies • Managed through UI or REST APIs • Logging and auditing based on industry standard syslog format
22 Confidential PCI Compliant DMZ DMZ DMZ PCI Compliant vShield App Provides Adaptive Security with Policy Abstraction Security groups enforced with VM movement Policies based on logical attributes
23 Confidential vShield App Application Protection for Network Based Threats Features • Hypervisor-level firewall • Inbound, outbound connection control applied at vNIC level • Elastic security groups - “stretch” as virtual machines migrate to new hosts • Robust flow monitoring • Policy Management • Simple and business-relevant policies • Managed through UI or REST APIs • Logging and auditing based on industry standard syslog format Benefits • Increase visibility for inter-VM communications • Eliminate dedicated hardware and VLANs for different security groups • Optimize resource utilization while maintaining strict security • Simplified compliance with comprehensive logging of inter VM activity
24 Confidential vShield Endpoint Offload Anti-virus Processing for Endpoints Benefits • Improve performance by offloading anti-virus functions in tandem with AV partners • Improve VM performance by eliminating anti-virus storms • Reduce risk by eliminating agents susceptible to attacks and enforced remediation • Satisfy audit requirements with detailed logging of AV tasks Features • Eliminate anti-virus agents in each VM; anti-virus off- loaded to a security VM delivered by AV partners • Enforce remediation using driver in VM • Policy and configuration Management: through UI or REST APIs • Logging and auditing
25 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization - Key Security Enabler  vShield Products  Use cases  Summary
26 Confidential Service Provider - Offering Multi-Tenant Hosting Service Company A Company B Company A Company B Company C Company C Solution – vShield Edge, VMware Cloud Director • Guarantee full confidentiality and protection of tenant apps and data with built-in firewall and VPN • Use enterprise directory services for security policies • Accelerate compliance by logging all traffic information on per-tenant basis • Lower cost of security by 100+% by eliminating purpose built appliances and by increasing utilization and VM density Requirements • Host potentially hundreds or thousands of tenants in shared infrastructure with: • Traffic Isolation between the tenants • Complete protection and confidentiality of tenant apps and data • Integration with enterprise directory services (e.g. Active Directory) • Complying with various audit requirements Cisco VPN Juniper VPN Checkpoint VPN Vmware vCloud Director vShield Edge
27 Confidential Enterprise - Securing Business Critical Applications DMZ Finance Finance Development Development Solution - vShield App + Edge • Protect data and applications with hypervisor level firewall • Create and enforce security policies with virtual machine migration • Facilitate compliance by monitoring all application traffic • Improve performance and scalability with load balancer and software based solution Requirements • Deploy production and development applications in a shared infrastructure with: • Traffic segmentation between applications • Authorized access to applications • Strict monitoring and enforcement of rules on inter- VM communications • Ability to maintain security policies with VM movement • Compliance to various audit requirements VMware vShield App
28 Confidential Enterprise - Secure View Deployments Solution - vShield Endpoint+App+Edge • Improve performance by offloading AV processing • Reduce costs by freeing up virtual machine resources and eliminating agents • Improve security by streamlining AV functions to a hardened security virtual machine(SVM) • Protect View application servers from threats • Demonstrate compliance and satisfy audit requirements with detailed logging of offloaded AV tasks Requirements • Support thousands of internal and external View users with: • Comprehensive security for View servers • Anti virus agents to protect client data and applications • Optimal performance and scalability DMZ View Desktops Remote User Local User Public Network Private Network VMware vShield App
29 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use cases  Summary
30 Confidential vShield Edge 1.0 vs. vShield Zones 4.1 vs. vShield App 1.0
31 Confidential vShield Products 31 Product SKUs List/VM SnS vShield Edge 1.0 $150 Standard Basic, Production vShield Endpoint 1.0 $50 Standard Basic, Production vShield Zones for vSphere 4.1 (Included in vSphere Advanced and above) NA vSphere SnS applies vShield App 1.0 (includes Endpoint and Zones) $150 Standard Basic, Production Upgrade to full vShield Edge 1.0 from VMware Cloud Director $110 Standard Basic, Production Upgrade to vShield App 1.0 from vShield Endpoint 1.0 $110 Standard Basic, Production Notes •VMware Cloud Director – Includes vShield Edge subset(Firewall, DHCP, NAT) •vShield App – Includes vShield Endpoint •VMware View 4.5 Premier SKUs – Include vShield Endpoint 1.0 •All SKUs – Min 25-VM purchase
32 Confidential vShield Wins Best of VMworld 2010 “VMware vShield marks a major improvement in security. It includes many essential features for virtualization security, and the ability to isolate traffic for different port groups is a highlight”
33 Confidential Quotes  “Definitely, the integration of vShield, offering application, network and end point security for the cloud, is a big step..” – CloudAve, Krishnan Subramanian  “The vision of moving legacy and new applications between public and private clouds necessitates a virtual security approach that surpasses static edge filtering commonly found in AV, IPS and firewalls.” – ComputerWorld, Eric Ogren  “You’ve got to hand it to VMware …..this week’s VMworld, the company announced the VMware vShield family of security products.” – Enterprise Strategy Group, Jon Oltsik  “vShield should help IT managers ensure that VMs can be protected and isolated in the virtual network with technology that is baked into the virtualization infrastructure.” – eWEEK, Cameron Sturdevant  “VMware has finally taken virtual machine security and added it through the entire virtualization stack.. The dark horse feature of this product? Load balancing. I tried it in the lab – it takes 30 seconds to set up load balancing. No more need for expensive F5’s – this could be a real game changer.” – Brandon Hahn
© 2009 VMware Inc. All rights reserved Thank You

Recomendados

VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - OverviewIrsandi Hasan
 
VMware overview presentation by alamgir hossain
VMware overview presentation by alamgir hossainVMware overview presentation by alamgir hossain
VMware overview presentation by alamgir hossainALAMGIR HOSSAIN
 
What’s new in VMware vShield 5 - Customer Presentation
What’s new in VMware vShield 5 - Customer PresentationWhat’s new in VMware vShield 5 - Customer Presentation
What’s new in VMware vShield 5 - Customer PresentationSuministros Obras y Sistemas
 
VMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution OverviewCisco Service Provider
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 

Recomendados

VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - OverviewIrsandi Hasan
 
VMware overview presentation by alamgir hossain
VMware overview presentation by alamgir hossainVMware overview presentation by alamgir hossain
VMware overview presentation by alamgir hossainALAMGIR HOSSAIN
 
What’s new in VMware vShield 5 - Customer Presentation
What’s new in VMware vShield 5 - Customer PresentationWhat’s new in VMware vShield 5 - Customer Presentation
What’s new in VMware vShield 5 - Customer PresentationSuministros Obras y Sistemas
 
VMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld 2015: Introducing Application Self service with Networking and Security
VMworld 2015: Introducing Application Self service with Networking and SecurityVMworld
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution OverviewCisco Service Provider
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware
 
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...Cisco DevNet
 
Check Point: Security in virtual environment
Check Point: Security in virtual environmentCheck Point: Security in virtual environment
Check Point: Security in virtual environmentASBIS SK
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0Ploynatcha Akkaraputtipat
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik FergusonCloudExpoEurope
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...solarisyourep
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...xKinAnx
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming SecurityPCM
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMwareAngel Villar Garea
 
Deploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingDeploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingAvi Networks
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
Gigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX DeploymentsGigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX DeploymentsAngel Villar Garea
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 

Mais conteúdo relacionado

Semelhante a VMware-vShield-Presentation-pp-en-Dec10.pptx

Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021VMware Tanzu
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware
 
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...Cisco DevNet
 
Check Point: Security in virtual environment
Check Point: Security in virtual environmentCheck Point: Security in virtual environment
Check Point: Security in virtual environmentASBIS SK
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO a.s.
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinarAlgoSec
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...solarisyourep
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...xKinAnx
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming SecurityPCM
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...AlgoSec
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMwareAngel Villar Garea
 
Deploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingDeploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingAvi Networks
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...NETSCOUT
 
Gigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX DeploymentsGigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX DeploymentsAngel Villar Garea
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataGreat Wide Open
 

Semelhante a VMware-vShield-Presentation-pp-en-Dec10.pptx (20)

Data Center Server security
Data Center Server securityData Center Server security
Data Center Server security
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process Overview
 
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
DEVNET-1009 Cisco Intercloud Fabric for Business (ICFB), Helping Enterprises...
 
Check Point: Security in virtual environment
Check Point: Security in virtual environmentCheck Point: Security in virtual environment
Check Point: Security in virtual environment
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar2021 01-27 reducing risk of ransomware webinar
2021 01-27 reducing risk of ransomware webinar
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...
 
Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...Presentation cloud infrastructure and management – from v sphere to vcloud ...
Presentation cloud infrastructure and management – from v sphere to vcloud ...
 
#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security#PCMVision: VMware NSX - Transforming Security
#PCMVision: VMware NSX - Transforming Security
 
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
2021 02-17 v mware-algo-sec securely accelerate your digital transformation w...
 
Business Agility and Security with VMware
Business Agility and Security with VMwareBusiness Agility and Security with VMware
Business Agility and Security with VMware
 
Deploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load BalancingDeploying Elastic Self-Service Load Balancing
Deploying Elastic Self-Service Load Balancing
 
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...End to End Application Visibility and Troubleshooting Across the Virtual Clou...
End to End Application Visibility and Troubleshooting Across the Virtual Clou...
 
Gigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX DeploymentsGigamon Pervasive Visibility into SDDC/NSX Deployments
Gigamon Pervasive Visibility into SDDC/NSX Deployments
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
Secure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your DataSecure Cloud Hosting: Real Requirements to Protect your Data
Secure Cloud Hosting: Real Requirements to Protect your Data
 

Último

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 

Último (20)

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 

VMware-vShield-Presentation-pp-en-Dec10.pptx

  • 1. © 2009 VMware Inc. All rights reserved VMware vShield – Foundation for the Most Secure Cloud Deployments
  • 2. 2 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use Cases  Summary
  • 3. 3 Confidential Security Market Overview Market Size in 2012 Endpoint Security Antivirus Market Growth Rate Market Size($M) in 2009 $27B Worldwide in 2009 Anti-Virus $4,096 (7%) Application Security $2,987 (15%) Security Operations Identity Mgmt $3,565(20%) Network Security $9,136 (8%) Data Security $3,258 (19%) Endpoint Security $3,001 (2%) $713 (8%) Source: FORRESTER, 2009 Network Security Identity Management Others Segments We Address
  • 4. 4 Confidential Security and Compliance are the Primary Concerns with Cloud Internal IT Public Cloud  Rate Card  Hands-off  Self-service ? Control ? Security ? Compliance Virtualization forms the foundation for building private clouds. Security must change to support both. – Gartner, 2010
  • 5. 5 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use Cases
  • 6. 6 Confidential • VLAN sprawl • Gap between policy and enforcement • Manual re-implementation of security policies • Heightened risk exposures • Limited control and visibility • Organizational confusion (VI, security, network) • Hindered IT compliance • Slow provisioning • Heightened risk exposures Security Challenges Traditional Security Expensive • Specialized hardware appliances • Multiple point solutions Rigid • Policy directly tied to implementation • Not virtualization and change- aware Effect Complex • Spaghetti of different rules and policies • Security “rationing” • Heightened risk exposures
  • 7. 7 Confidential The vShield Advantage: Increased Security Traditional Security vShield Cost Effective • Single virtual appliance with breadth of functionality • Single framework for comprehensive protection Simple • No sprawl in rules, VLANs, agents • Relevant visibility for VI Admins, network and security teams • Simplified compliance Adaptive • Virtualization and change aware • Program once, execute everywhere • Rapid remediation Expensive • Specialized hardware appliances • Multiple point solutions Rigid • Policy directly tied to implementation • Not virtualization and change- aware Complex • Spaghetti of different rules and policies Deployments on VMware are more secure than physical
  • 8. 8 Confidential VMware Transforms Security from Expensive to Cost Effective Load balancer firewall VPN Load balancer Firewall VPN Etc… vShield Virtual Appliance vShield eliminates the need for multiple special purpose hardware appliances – 3-5x Savings Capex, Opex
  • 9. 9 Confidential VMware Transforms Security from Complex… VLAN’s agent Complex • Policies, rules implementation - no clear separation of duties; organizational confusion • Many steps – configure network, firewall and vSphere • Spaghetti of VLANs, Sprawl - Firewall rules, agents Policies, Rules Network admin Security admin VI admin Overlapping Roles / Responsibilities Many steps. Configure •Network •Firewall •vSphere Define, Implement , Monitor, Refine, agent agent agent agent agent agent agent
  • 10. 10 Confidential … To Disruptively Simple Few steps: Configure vShield Simple • Clear separation of duties • Few steps – configure vShield • Eliminate VLAN sprawl – vNIC firewalls • Eliminate firewall rules, agents sprawl Network admin Security admin VI admin Clear separation of Roles / Responsibilities Define, Monitor, Refine, Implement
  • 11. 11 Confidential VMware Turns Security from Rigid…  BEFORE vShield • Security groups tied to physical servers • “Air gaps”, i.e. physical isolation, between security groups • VMs in a security group cannot be vMotioned to other hosts DMZ PCI compliant “Air gap”
  • 12. 12 Confidential PCI Compliant DMZ DMZ DMZ PCI Compliant ….to Adaptive  AFTER vShield • Security groups becomes a VM construct rather than physical server construct • Security groups enforced with VM movement • Mix VMs from different groups on the same host
  • 13. 13 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use cases  Summary
  • 14. 14 Confidential Why VMware vShield is a Security Enabler ? 1. Unique introspection 2. Policy abstraction Cost Effective • Single virtual appliance with breadth of functionality • Single framework for comprehensive protection Simple • No sprawl in rules, VLANs, agents • Relevant visibility for VI Admins, network and security teams • Simplified compliance Adaptive • Virtualization and change aware • Program once, execute everywhere • Rapid remediation
  • 15. 15 Confidential Security Enabler: Unique Introspection Introspect detailed VM state and VM-to-VM communications vSphere + vShield Processor memory Network Benefits • Comprehensive host and VM protection • Reduced configuration errors • Quick problem identification • Reduced complexity – no security agents per VM required
  • 16. 16 Confidential Security Enabler: Policy Abstraction Before vShield Policy tied to the physical host; lost during vMotion Policy tied to logical attributes After vShield Benefits • Create and enforce security policies with live migration, automated VM load balancing and automated VM restart • Rapid provisioning of security policies • Easier compliance with continuous monitoring and comprehensive logging Separate the policy definition from the policy implementation Policy tied to logical attributes; follow virtual machine
  • 17. 17 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use cases  Summary
  • 18. 18 Confidential 2010 – Introducing vShield Products Securing the Private Cloud End to End: from the Edge to the Endpoint Edge vShield Edge 1.0 Secure the edge of the virtual datacenter Security Zone vShield App 1.0 and Zones Application protection from network based threats Endpoint = VM vShield Endpoint 1.0 Enables offloaded anti-virus Virtual Datacenter 1 Virtual Datacenter 2 DMZ PCI compliant HIPAA compliant Web View VMware vShield VMware vShield VMware vShield Manager
  • 19. 19 Confidential • Multiple edge security services in one appliance • Stateful inspection firewall • Network Address Translation (NAT) • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN (IPsec) • Web Load Balancer • Network isolation(edge port group isolation) • Detailed network flow statistics for chargebacks, etc • Policy management through UI or REST APIs • Logging and auditing based on industry standard syslog format vShield Edge Secure the Edge of the Virtual Data Center Features Benefits • Lower cost and complexity by eliminating multiple special purpose appliances • Ensure policy enforcement with network isolation • Simplify management with vCenter integration and programmable interfaces • Easier scalability with one edge per org/tenant • Rapid provisioning of edge security services • Simplify IT compliance with detailed logging Tenant A Tenant C Tenant X VMware vShield Edge VMware vShield Edge VMware vShield Edge VPN Load balancer Firewall Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance
  • 20. 20 Confidential vShield Lowers Cost of Security Significantly Cost per Mbps 50$ 45$ 40$ 35$ 30$ 25$ 20$ 15$ 10$ 5$ 0$ .5Gbps 1Gbps 10Gbps 100Gbps Throughput Network edge security solution (Firewall + VPN + Load balancer) vShield Edge Security appliances >5x Assumptions • 100 VM per edge • vSphere & server costs • High availability Mbps = Megabits/sec Gbps = Gigabits/sec
  • 21. 21 Confidential vShield App Application Protection for Network Based Threats Features • Hypervisor-level firewall • Inbound, outbound connection control applied at vNIC level • Elastic security groups - “stretch” as virtual machines migrate to new hosts • Robust flow monitoring • Policy Management • Simple and business-relevant policies • Managed through UI or REST APIs • Logging and auditing based on industry standard syslog format
  • 22. 22 Confidential PCI Compliant DMZ DMZ DMZ PCI Compliant vShield App Provides Adaptive Security with Policy Abstraction Security groups enforced with VM movement Policies based on logical attributes
  • 23. 23 Confidential vShield App Application Protection for Network Based Threats Features • Hypervisor-level firewall • Inbound, outbound connection control applied at vNIC level • Elastic security groups - “stretch” as virtual machines migrate to new hosts • Robust flow monitoring • Policy Management • Simple and business-relevant policies • Managed through UI or REST APIs • Logging and auditing based on industry standard syslog format Benefits • Increase visibility for inter-VM communications • Eliminate dedicated hardware and VLANs for different security groups • Optimize resource utilization while maintaining strict security • Simplified compliance with comprehensive logging of inter VM activity
  • 24. 24 Confidential vShield Endpoint Offload Anti-virus Processing for Endpoints Benefits • Improve performance by offloading anti-virus functions in tandem with AV partners • Improve VM performance by eliminating anti-virus storms • Reduce risk by eliminating agents susceptible to attacks and enforced remediation • Satisfy audit requirements with detailed logging of AV tasks Features • Eliminate anti-virus agents in each VM; anti-virus off- loaded to a security VM delivered by AV partners • Enforce remediation using driver in VM • Policy and configuration Management: through UI or REST APIs • Logging and auditing
  • 25. 25 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization - Key Security Enabler  vShield Products  Use cases  Summary
  • 26. 26 Confidential Service Provider - Offering Multi-Tenant Hosting Service Company A Company B Company A Company B Company C Company C Solution – vShield Edge, VMware Cloud Director • Guarantee full confidentiality and protection of tenant apps and data with built-in firewall and VPN • Use enterprise directory services for security policies • Accelerate compliance by logging all traffic information on per-tenant basis • Lower cost of security by 100+% by eliminating purpose built appliances and by increasing utilization and VM density Requirements • Host potentially hundreds or thousands of tenants in shared infrastructure with: • Traffic Isolation between the tenants • Complete protection and confidentiality of tenant apps and data • Integration with enterprise directory services (e.g. Active Directory) • Complying with various audit requirements Cisco VPN Juniper VPN Checkpoint VPN Vmware vCloud Director vShield Edge
  • 27. 27 Confidential Enterprise - Securing Business Critical Applications DMZ Finance Finance Development Development Solution - vShield App + Edge • Protect data and applications with hypervisor level firewall • Create and enforce security policies with virtual machine migration • Facilitate compliance by monitoring all application traffic • Improve performance and scalability with load balancer and software based solution Requirements • Deploy production and development applications in a shared infrastructure with: • Traffic segmentation between applications • Authorized access to applications • Strict monitoring and enforcement of rules on inter- VM communications • Ability to maintain security policies with VM movement • Compliance to various audit requirements VMware vShield App
  • 28. 28 Confidential Enterprise - Secure View Deployments Solution - vShield Endpoint+App+Edge • Improve performance by offloading AV processing • Reduce costs by freeing up virtual machine resources and eliminating agents • Improve security by streamlining AV functions to a hardened security virtual machine(SVM) • Protect View application servers from threats • Demonstrate compliance and satisfy audit requirements with detailed logging of offloaded AV tasks Requirements • Support thousands of internal and external View users with: • Comprehensive security for View servers • Anti virus agents to protect client data and applications • Optimal performance and scalability DMZ View Desktops Remote User Local User Public Network Private Network VMware vShield App
  • 29. 29 Confidential Agenda  Cloud Computing & Security  Security – State of the Market  Virtualization – Key Security Enabler  vShield Products  Use cases  Summary
  • 30. 30 Confidential vShield Edge 1.0 vs. vShield Zones 4.1 vs. vShield App 1.0
  • 31. 31 Confidential vShield Products 31 Product SKUs List/VM SnS vShield Edge 1.0 $150 Standard Basic, Production vShield Endpoint 1.0 $50 Standard Basic, Production vShield Zones for vSphere 4.1 (Included in vSphere Advanced and above) NA vSphere SnS applies vShield App 1.0 (includes Endpoint and Zones) $150 Standard Basic, Production Upgrade to full vShield Edge 1.0 from VMware Cloud Director $110 Standard Basic, Production Upgrade to vShield App 1.0 from vShield Endpoint 1.0 $110 Standard Basic, Production Notes •VMware Cloud Director – Includes vShield Edge subset(Firewall, DHCP, NAT) •vShield App – Includes vShield Endpoint •VMware View 4.5 Premier SKUs – Include vShield Endpoint 1.0 •All SKUs – Min 25-VM purchase
  • 32. 32 Confidential vShield Wins Best of VMworld 2010 “VMware vShield marks a major improvement in security. It includes many essential features for virtualization security, and the ability to isolate traffic for different port groups is a highlight”
  • 33. 33 Confidential Quotes  “Definitely, the integration of vShield, offering application, network and end point security for the cloud, is a big step..” – CloudAve, Krishnan Subramanian  “The vision of moving legacy and new applications between public and private clouds necessitates a virtual security approach that surpasses static edge filtering commonly found in AV, IPS and firewalls.” – ComputerWorld, Eric Ogren  “You’ve got to hand it to VMware …..this week’s VMworld, the company announced the VMware vShield family of security products.” – Enterprise Strategy Group, Jon Oltsik  “vShield should help IT managers ensure that VMs can be protected and isolated in the virtual network with technology that is baked into the virtualization infrastructure.” – eWEEK, Cameron Sturdevant  “VMware has finally taken virtual machine security and added it through the entire virtualization stack.. The dark horse feature of this product? Load balancing. I tried it in the lab – it takes 30 seconds to set up load balancing. No more need for expensive F5’s – this could be a real game changer.” – Brandon Hahn
  • 34. © 2009 VMware Inc. All rights reserved Thank You