4. 4 Confidential
VMware Product Type:
Data Center and Cloud Infrastructure
Desktop and Application Virtualization
Personal Desktop
Application and Data Platform
Data Center and Cloud Management
Internet of Things (IoT)
5. 5 Confidential
Product of Data Center and Cloud
Infrastructure:
VMware vSphere: vSphere is a server virtualization
platform that delivers essential services for the modern
hybrid cloud such as ESXi & vCenter.
VMware vSAN: VMware vSAN uses a software-
defined approach that creates shared storage for virtual
machines
VMware NSX: The network virtualization platform that
enables the implementation of virtual networks on your
physical network and within virtual server infrastructure.
6. 6 Confidential
Desktop and Application Virtualization:
VMware Horizon 7
VMware Horizon Cloud
VMware Workspace ONE UEM
VMware vRealize Operations for Horizon and
Published Applications
VMware ThinApp
VMware App Volumes
VMware User Environment Manager
7. 7 Confidential
Data Center and Cloud Management:
VMware vRealize Automation
VMware vRealize Operations
VMware vRealize Log Insight
VMware vRealize Code Stream
VMware Site Recovery Manager
VMware Integrated OpenStack
VMware vRealize Business for Cloud
8. 8 Confidential
Application and Data Platform:
Pivotal App Suite
Pivotal TC Server
Pivotal GemFire
Pivotal RabbitMQ
9. 9 Confidential
Internet of Things (IoT):
VMware Pulse IoT Center: A secure, enterprise-grade
IoT device management platform that improves the
reliability & security of your IoT infrastructure.
10. 10 Confidential
Personal Desktop:
VMware Workstation Pro
VMware Fusion
VMware Fusion Pro
VMware Workstation Player (formerly Player Pro)
26. 26 Confidential
• VLAN sprawl
• Gap between policy and
enforcement
• Manual re-implementation of
security policies
• Heightened risk exposures
• Limited control and visibility
• Organizational confusion (VI,
security, network)
• Hindered IT compliance
• Slow provisioning
• Heightened risk exposures
Security Challenges
Traditional Security
Expensive
• Specialized hardware
appliances
• Multiple point solutions
Rigid
• Policy directly tied to
implementation
• Not virtualization and change-
aware
Effect
Complex
• Spaghetti of different rules and
policies
• Security “rationing”
• Heightened risk exposures
27. 27 Confidential
The vShield Advantage: Increased Security
Traditional Security vShield
Cost Effective
• Single virtual appliance with
breadth of functionality
• Single framework for
comprehensive protection
Simple
• No sprawl in rules, VLANs, agents
• Relevant visibility for VI Admins,
network and security teams
• Simplified compliance
Adaptive
• Virtualization and change aware
• Program once, execute everywhere
• Rapid remediation
Expensive
• Specialized hardware
appliances
• Multiple point solutions
Rigid
• Policy directly tied to
implementation
• Not virtualization and change-
aware
Complex
• Spaghetti of different rules and
policies
Deployments on VMware are more secure than physical
29. 29 Confidential
VMware Transforms Security from Complex…
VLAN’s
agent
Complex
• Policies, rules implementation - no clear separation of duties;
organizational confusion
• Many steps – configure network, firewall and vSphere
• Spaghetti of VLANs, Sprawl - Firewall rules, agents
Policies,
Rules
Network
admin
Security
admin
VI admin
Overlapping
Roles /
Responsibilities
Many steps.
Configure
•Network
•Firewall
•vSphere
Define, Implement ,
Monitor, Refine,
agent agent agent agent agent agent agent
30. 30 Confidential
VMware Turns Security from Rigid…
BEFORE vShield
• Security groups tied to
physical servers
• “Air gaps”, i.e. physical
isolation, between security
groups
• VMs in a security group
cannot be vMotioned to other
hosts
DMZ PCI compliant
“Air gap”
31. 31 Confidential
… To Disruptively Simple
Few steps:
Configure
vShield
Simple
• Clear separation of duties
• Few steps – configure vShield
• Eliminate VLAN sprawl – vNIC firewalls
• Eliminate firewall rules, agents sprawl
Network
admin
Security
admin
VI admin
Clear separation
of Roles /
Responsibilities
Define, Monitor, Refine,
Implement
32. 32 Confidential
PCI CompliantDMZDMZDMZ PCI Compliant
….to Adaptive
AFTER vShield
• Security groups becomes a
VM construct rather than
physical server construct
• Security groups enforced with
VM movement
• Mix VMs from different
groups on the same host
33. 33 Confidential
Why VMware vShield is a Security Enabler ?
1. Unique introspection
2. Policy abstraction
Cost Effective
• Single virtual appliance with breadth
of functionality
• Single framework for comprehensive
protection
Simple
• No sprawl in rules, VLANs, agents
• Relevant visibility for VI Admins,
network and security teams
• Simplified compliance
Adaptive
• Virtualization and change aware
• Program once, execute everywhere
• Rapid remediation
34. 34 Confidential
Security Enabler: Unique Introspection
Introspect detailed VM state and VM-to-VM
communications
vSphere + vShield
Processor
memory
Network
Benefits
• Comprehensive host and VM
protection
• Reduced configuration errors
• Quick problem identification
• Reduced complexity – no security
agents per VM required
35. 35 Confidential
Security Enabler: Policy Abstraction
Before
vShield
Policy tied to the
physical host;
lost during
vMotion
Policy tied to
logical
attributes
After
vShield
Benefits
• Create and enforce security
policies with live migration,
automated VM load balancing
and automated VM restart
• Rapid provisioning of security
policies
• Easier compliance with
continuous monitoring and
comprehensive logging
Separate the policy definition from the policy
implementation
Policy tied to
logical attributes;
follow virtual
machine