Federal VMUG - March - Reflex VMC Overview


Published on

Federal VMUG - March 2011
"Reflex VMC Overview"
- Mike Wronski, VP, Product

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Federal VMUG - March - Reflex VMC Overview

  1. 1. Reflex VMC: Overview Mike Wronski, CISSP VP, Product Management mike@reflexsystems.com©2010 Reflex Systems LLC
  2. 2. Virtualization Challenges Visibility and Transparency Challenges Change Management Operational Network Management & Security Security / Firewall Goals Desktop Virtualization
  3. 3. Solution Overview Automate, Integrate and Correlate Virtual & Cloud Monitoring & Analysis Network Security Configuration Mgmt. / Audit Infrastructure (vWatch) (vTrust) (vProfile)Virtual Center Asset / InventoryESX Host Virtual Firewall Access Control Segmentation Performance Automation Compliance Compliance Virtual DPI Capacity ProfilesGuest (VM)NetworkStorage Virtualization Management Center (VMC)  Discovery/Mapping  Policy Automation  vCMDB  Visualization  Scripting  VQL  Central Alerting  Event Correlation  Cloud API  Event Correlation  Central Reporting  3rd Party interface 3
  4. 4. Reflex: vWatch  Fully integrated component of the Reflex VMC platform  Monitoring and analysis module which provides a comprehensive overview of the state of the virtual environment at any given time  Through real-time and historical visual reporting, configuration change monitoring, and extensive correlation, vWatch provides administrators with the visibility they need  The ability to visualize both the virtual and underlying hardware infrastructure has become mission critical for IT administrators Functions: Virtual Flow Data Historical tracking Physical-to-Virtual Configuration Compliance Audit Root-cause Analysis
  5. 5. Visibility and Transparency
  6. 6. Virtual Networking Visibility H i s to r i c a l t ra c k i n g P hys i c a l - to - V i r t u a l C o n f i g u ra t i o n Compliance Ro o t - c a u s e A n a l ys i s
  7. 7. Reflex: vProfile  vProfile provides an API that enables service providers and enterprises to provision and manage security and compliance without the dependency on expensive external hardware  vProfile configuration management is the only solution on the market today that provides ‘difference visualization’, and plots VM configuration changes according to a graphical, easy to understand "heat map" interface Functions: Apply Baseline Profile Configuration Heat map and Customized Pivot Tables Ad-Hoc and Scheduled Remediation VQL Configuration Queries Tiered Configuration Profiles Historical Profile Definition Batch Modification IP Pool Allocation
  8. 8. Reflex: vTrust Segmentation & Security  Fully integrated component of the Reflex VMC platform  Designed to be integrated directly with the VMware VMsafe platform technology  Provides dynamic policy enforcement for virtual environments deployed locally and in external cloud environments  Operating at the hypervisor kernel level, vTrust leverages the tightly integrated VMsafe component of VMware vSphere™ 4  Facilitates adaptive, extensible policies that allow administrators to address complex business, information security and compliance requirements within the virtual environment Functions: Virtual Segmentation Virtual Quarantine Networking Policy Stateful Inspection Agentless 8
  9. 9. VMware VMsafe Integration• Low-Level Enforcement Policy• Part of the Hypervisor VM ACLs• VM Network Segmentation/Firewall VMsafe• Multi-Virtual Center Aware• vMotion Aware• Policy Mobility vmSafe Kernel Module (d)vSwitch ESX Hypervisor
  10. 10. Software Asset Management •No Agents to Install •Independent of State •Power •Templates •Policy Criteria •NAC •Posture Checking •Maintain Compliance
  11. 11. Automation: Policy and EnforcementPolicy Types Enforcement Points •Segmentation (Firewall) Network •Quarantine (NAC, Posture) Network •Redirection (IDP, Capture) • Reflex VMsafe •Configuration (VLAN, QoS) • 3rd Party (TippingPoint) • VI API •Storage •Network Connection Guest •Software (OS, App, Patch) Infrastructure •Authorization • VI API •Access Control • 3rd Party API/DB/CLI •Authorization vCenter •Resource Pools Generic •Storage • Generic Programmable (Python) Device •Chassis (UCS, Blade Ctr) • Element Managers •Switch •Security Device • Orchestration / Provisioning Config • Notification 11
  12. 12. Continuous ComplianceSoftware Asset (OS, App Version, Patch) Storage Mapping (Data Classification) Security Controls Enabled (Firewall, IPS) Provisioning User Authorization Compliant VM Authorized
  13. 13. Thank You!Mike Wronski, VP Product ManagementEmail: mike@reflexsystems.comWeb: http://www.reflexsystems.com