• Like
  • Save
What’s new in vShield 5
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

What’s new in vShield 5

  • 15,919 views
Published

Advanced Grouping capabilities in vShield App allow even more sophisticated policies to be managed with ease …

Advanced Grouping capabilities in vShield App allow even more sophisticated policies to be managed with ease
Layer 2 protection coupled with APIs enable automatic quarantining of compromised VMs
vShield Data Security provides knowledge of protected data across cloud environments and lowers cost of compliance by helping define scope
Enterprise roles in vShield Manager provides the separation of duties required by security and compliance standards

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Would be nice if this could be downloaded.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
15,919
On SlideShare
0
From Embeds
0
Number of Embeds
6

Actions

Shares
Downloads
0
Comments
1
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. What’s new in vShield 5
  • 2. Enterprise Security today – not virtualized, not cloud ready Enterprise VDC Users DMZ Web Servers Apps / DB Tier Sites Perimeter/DMZ Interior security Endpoint security - Firewall, VPN - VLAN or subnet based - AV, DLP agent based - Load balancers policies security Challenges Challenges Challenges - Sprawl: hardware, FW - Sprawl: VLANs, - Sprawl: agents in all VMs rules, VLANs hardware, FW rules – drain resources - Blind spots: inter-VM - Risk: agents in guest traffic VMs – not hardened
  • 3. vShield 5.0 Securing the Private Cloud End to End: from the Edge to the Endpoint vShield App with Data vShield Edge Security vShield Endpoint Edge Endpoint = VM Security Zone Secure the edge of Offload anti-virus processing the virtual datacenter • Create segmentation between silos of workloads • Sensitive Data Discovery DMZ vShield Manager Application 1 Application 2 Endpoint = VM Centralized Management
  • 4. vShield Edge 5.0 Overview vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Provides common edge security services around a virtual datacenter. Example uses: • Extranets Secure Secure • Multi-tenant cloud environments Secure Virtual Virtual Virtual Appliance Appliance Appliance Firewall Load balancer VPN4
  • 5. vShield Edge 5.0 vShield vShield vShield Primary functionality Edge Edge Edge • Stateful inspection firewall Tenant A Tenant C Tenant X • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN • (NEW) Static Routing Secure Secure Secure Virtual Appliance Virtual Appliance Virtual Appliance Management features • REST APIs for scripting • Logging of activity Firewall Load balancer VPN5
  • 6. vShield Edge 5.0 Benefits vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Reduce cost and complexity • Centralized management for all protected environments • Eliminates need for multiple special-purpose appliances Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance • Increased agility for cloud environments • Enables rapid provisioning edge services • Ability to automate and integrate into overall provisioning and management workflow Firewall Load balancer VPN6
  • 7. vShield App 5.0 Overview • vShield App: virtualization- built firewall featuring • VM-level enforcement • Intuitive business language policy • Robust flow monitoring • Logging and auditing • REST API
  • 8. vShield App Design  Hypervisor-Level vShield vShield App Firewall App • Inbound/outbound connection control enforced at the virtual NIC level vSphere vSphere • Dynamic protection as virtual machines migrate • Protects at Layer 3 and Layer 2 vShield ESXi Host ESXi Host Manager vSphere vCenter Client Server
  • 9. vShield App Group-based Policies MAC Internet Set Resource Security Pools Groups Finance HR Marketing Web Group Web Web Web IP Set DB Group Database Database Database
  • 10. vShield App 5.0 Benefits • Complete visibility and control to the Inter VM traffic • Enables multiple trust zones on same ESX cluster. • Ability to audit traffic for compliance and security • Fewer misconfiguration mistakes, lower operating overhead by eliminating • VLAN trunking • Complex rules management • Ability to automate and integrate into overall provisioning and management workflow
  • 11. vShield Data Security (vSDS) Overview • Discover and report sensitive data across virtual machines • Scans occur continuously, transparent to the virtual machine ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
  • 12. vShield Data Security (vSDS) Select from many industry, local, and international policies
  • 13. vShield Data Security (vSDS) View report of policy matches per VM
  • 14. vShield Data Security (vSDS) Benefits • Reduces risk of non-compliance with automated scans, rapid assessment and reporting • Improve performance by offloading data discovery functions to a virtual appliance ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
  • 15. vShield Manager Roles Clear separation of Responsibilities and Authority Security Define, Monitor admin vShield Implement admin Security Auditor Verify Policies
  • 16. vShield Endpoint Overview • Offload file activity to Security VM • Enforce Remediation using driver in VM • Security VM provided by best-of- breed AV partners: Trend Micro, others Benefits • Improve VM performance by eliminating anti-virus storms • Reduce risk by eliminating agents susceptible to attacks