What’s new in vShield 5
Enterprise Security today – not virtualized, not cloud ready                                         Enterprise VDC  Users...
vShield 5.0 Securing the Private Cloud End to End: from the Edge to the Endpoint                                      vShi...
vShield Edge 5.0                                                                                           Overview       ...
vShield Edge 5.0                vShield                  vShield                    vShield                               ...
vShield Edge 5.0                                                                                           Benefits       ...
vShield App 5.0                            Overview                  • vShield App: virtualization-                   buil...
vShield App Design                                               Hypervisor-Level                vShield             vShi...
vShield App Group-based Policies                                                       MAC                   Internet     ...
vShield App 5.0                               Benefits                  • Complete visibility and                   contro...
vShield Data Security (vSDS)                                                               Overview                       ...
vShield Data Security (vSDS) Select from many industry, local, and international policies
vShield Data Security (vSDS) View report of policy matches per VM
vShield Data Security (vSDS)                                                                  Benefits                    ...
vShield Manager Roles Clear separation of Responsibilities and Authority         Security   Define, Monitor         admin...
vShield Endpoint                                 Overview                   • Offload file activity to Security VM        ...
Upcoming SlideShare
Loading in …5
×

What’s new in vShield 5

16,848 views

Published on

Advanced Grouping capabilities in vShield App allow even more sophisticated policies to be managed with ease
Layer 2 protection coupled with APIs enable automatic quarantining of compromised VMs
vShield Data Security provides knowledge of protected data across cloud environments and lowers cost of compliance by helping define scope
Enterprise roles in vShield Manager provides the separation of duties required by security and compliance standards

Published in: Technology
  • Would be nice if this could be downloaded.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

What’s new in vShield 5

  1. 1. What’s new in vShield 5
  2. 2. Enterprise Security today – not virtualized, not cloud ready Enterprise VDC Users DMZ Web Servers Apps / DB Tier Sites Perimeter/DMZ Interior security Endpoint security - Firewall, VPN - VLAN or subnet based - AV, DLP agent based - Load balancers policies security Challenges Challenges Challenges - Sprawl: hardware, FW - Sprawl: VLANs, - Sprawl: agents in all VMs rules, VLANs hardware, FW rules – drain resources - Blind spots: inter-VM - Risk: agents in guest traffic VMs – not hardened
  3. 3. vShield 5.0 Securing the Private Cloud End to End: from the Edge to the Endpoint vShield App with Data vShield Edge Security vShield Endpoint Edge Endpoint = VM Security Zone Secure the edge of Offload anti-virus processing the virtual datacenter • Create segmentation between silos of workloads • Sensitive Data Discovery DMZ vShield Manager Application 1 Application 2 Endpoint = VM Centralized Management
  4. 4. vShield Edge 5.0 Overview vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Provides common edge security services around a virtual datacenter. Example uses: • Extranets Secure Secure • Multi-tenant cloud environments Secure Virtual Virtual Virtual Appliance Appliance Appliance Firewall Load balancer VPN4
  5. 5. vShield Edge 5.0 vShield vShield vShield Primary functionality Edge Edge Edge • Stateful inspection firewall Tenant A Tenant C Tenant X • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN • (NEW) Static Routing Secure Secure Secure Virtual Appliance Virtual Appliance Virtual Appliance Management features • REST APIs for scripting • Logging of activity Firewall Load balancer VPN5
  6. 6. vShield Edge 5.0 Benefits vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Reduce cost and complexity • Centralized management for all protected environments • Eliminates need for multiple special-purpose appliances Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance • Increased agility for cloud environments • Enables rapid provisioning edge services • Ability to automate and integrate into overall provisioning and management workflow Firewall Load balancer VPN6
  7. 7. vShield App 5.0 Overview • vShield App: virtualization- built firewall featuring • VM-level enforcement • Intuitive business language policy • Robust flow monitoring • Logging and auditing • REST API
  8. 8. vShield App Design  Hypervisor-Level vShield vShield App Firewall App • Inbound/outbound connection control enforced at the virtual NIC level vSphere vSphere • Dynamic protection as virtual machines migrate • Protects at Layer 3 and Layer 2 vShield ESXi Host ESXi Host Manager vSphere vCenter Client Server
  9. 9. vShield App Group-based Policies MAC Internet Set Resource Security Pools Groups Finance HR Marketing Web Group Web Web Web IP Set DB Group Database Database Database
  10. 10. vShield App 5.0 Benefits • Complete visibility and control to the Inter VM traffic • Enables multiple trust zones on same ESX cluster. • Ability to audit traffic for compliance and security • Fewer misconfiguration mistakes, lower operating overhead by eliminating • VLAN trunking • Complex rules management • Ability to automate and integrate into overall provisioning and management workflow
  11. 11. vShield Data Security (vSDS) Overview • Discover and report sensitive data across virtual machines • Scans occur continuously, transparent to the virtual machine ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
  12. 12. vShield Data Security (vSDS) Select from many industry, local, and international policies
  13. 13. vShield Data Security (vSDS) View report of policy matches per VM
  14. 14. vShield Data Security (vSDS) Benefits • Reduces risk of non-compliance with automated scans, rapid assessment and reporting • Improve performance by offloading data discovery functions to a virtual appliance ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
  15. 15. vShield Manager Roles Clear separation of Responsibilities and Authority Security Define, Monitor admin vShield Implement admin Security Auditor Verify Policies
  16. 16. vShield Endpoint Overview • Offload file activity to Security VM • Enforce Remediation using driver in VM • Security VM provided by best-of- breed AV partners: Trend Micro, others Benefits • Improve VM performance by eliminating anti-virus storms • Reduce risk by eliminating agents susceptible to attacks

×