Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuVirtSGR
Cisco Virtual Security Gateway (VSG) provides security policies and controls for virtual machine to virtual machine traffic. It analyzes VM attributes and context to dynamically apply access controls. VSG inserts transparently without relying on VLANs to protect intra-segment communication. It also supports multi-tenant environments through security domain separation and granular policy assignment.
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
The document discusses security and compliance requirements for cloud computing. It provides an overview of key compliance standards and regulations that affect customers. It then discusses some of the unique security challenges that virtualized and cloud environments can present compared to traditional IT environments. Specifically, it notes that system boundaries are less clear in virtual systems and that more components and complexity are involved. Finally, it outlines some of the foundations that VMware and its partners are providing to help address these challenges, such as security hardening guides, virtual trust zones, and network segmentation controls.
Material de la Charla del Evento de Virtualizacion del 10 de setiembre del 2009 en FUNDATEC.
http://ecastrom.blogspot.com
http://comunidadwindows.org
ecastro@grupoasesor.net
Ing. Eduardo Castro Martinez, PhD
Microsoft SQL Server MVP
http://ecastrom.blogspot.com
http://mswindowscr.org
http://comunidadwindows.org
VMware ESXi 3.5 update 2 is a next generation, thin hypervisor that is available for free. It partitions servers to create robust virtual machine environments with improved security, reliability and simplified management compared to previous versions. The free version provides many of the features of VMware Infrastructure 3, including support for virtual appliances and virtual machines. It has received positive feedback from customers for its plug-and-play installation and configuration capabilities.
The document discusses Cisco Nexus 1000V and the Nexus 1010 appliance. It provides an overview of the Nexus 1000V architecture, comparing it to a physical modular switch. It describes how the Nexus 1000V uses Virtual Supervisor Modules (VSMs) and Virtual Ethernet Modules (VEMs) to replace the functionality of physical linecards and supervisors. It also discusses how the Nexus 1010 appliance allows hosting of VSMs on a physical device for improved performance and redundancy.
Kemari is a virtual machine synchronization technique that allows fault tolerance by keeping a primary and secondary VM identical. It uses DomT, a para-virtualized domain, to efficiently synchronize state between VMs by tapping event channels and only transferring updated memory pages. Evaluation shows the secondary VM can continue transparently and with acceptable performance during network, storage and file I/O workloads when the primary hardware fails.
Our presenter, Ran Nahmias, Net Optics Director of Cloud and Virtualization Solutions, provides an overview of practical challenges to conducting Lawful Intercepts within converged (physical & virtual) or homogenous virtual network environments.
Virtualization in the Data Center, More Than a Trend!
Virtualization has provided network architects with a new level of flexibility and cost-savings in their server deployments. At the same time, that new level of flexibility has created new opportunities for potentially unlawful activity to be concealed or easily moved across legal jurisdictions to avoid prosecution. View this informative webinar to learn about:
Unique enforcement challenges inherent to Virtualization
Compliance challenges created by Virtualized environments
Methods for thwarting virtual machine jurisdiction ‘hopping’
At this year's FOSE 2011 conference, Government Computer News (GCN) awarded Phantom Virtual Tap the Best of FOSE / Best Networking Product for Government award. The Tap delivers unprecedented total visibility into formerly murky traffic passing between VMs on hypervisor stacks. With its ability to tap traffic between virtual servers (VMs) on a physical server, the Phantom Virtual Tap heralds a new era of network compliance, management, and security for virtualized data centers.
Presented by Net Optics' Senior Solutions Engineer, David Pham, this webinar will briefly introduce you to the Phantom Virtual Tap as well as provide insight into some of the security and compliance challenges created by data center virtualiztion. Additionally:
Advantages of gaining visibility into your virtualized network infrastructure
How to eliminate visibility challenges in the virtual network
Provide attendees the opportunity to learn more about this new technology
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuVirtSGR
Cisco Virtual Security Gateway (VSG) provides security policies and controls for virtual machine to virtual machine traffic. It analyzes VM attributes and context to dynamically apply access controls. VSG inserts transparently without relying on VLANs to protect intra-segment communication. It also supports multi-tenant environments through security domain separation and granular policy assignment.
Vmware Seminar Security & Compliance for the cloud with Trend MicroGraeme Wood
The document discusses security and compliance requirements for cloud computing. It provides an overview of key compliance standards and regulations that affect customers. It then discusses some of the unique security challenges that virtualized and cloud environments can present compared to traditional IT environments. Specifically, it notes that system boundaries are less clear in virtual systems and that more components and complexity are involved. Finally, it outlines some of the foundations that VMware and its partners are providing to help address these challenges, such as security hardening guides, virtual trust zones, and network segmentation controls.
Material de la Charla del Evento de Virtualizacion del 10 de setiembre del 2009 en FUNDATEC.
http://ecastrom.blogspot.com
http://comunidadwindows.org
ecastro@grupoasesor.net
Ing. Eduardo Castro Martinez, PhD
Microsoft SQL Server MVP
http://ecastrom.blogspot.com
http://mswindowscr.org
http://comunidadwindows.org
VMware ESXi 3.5 update 2 is a next generation, thin hypervisor that is available for free. It partitions servers to create robust virtual machine environments with improved security, reliability and simplified management compared to previous versions. The free version provides many of the features of VMware Infrastructure 3, including support for virtual appliances and virtual machines. It has received positive feedback from customers for its plug-and-play installation and configuration capabilities.
The document discusses Cisco Nexus 1000V and the Nexus 1010 appliance. It provides an overview of the Nexus 1000V architecture, comparing it to a physical modular switch. It describes how the Nexus 1000V uses Virtual Supervisor Modules (VSMs) and Virtual Ethernet Modules (VEMs) to replace the functionality of physical linecards and supervisors. It also discusses how the Nexus 1010 appliance allows hosting of VSMs on a physical device for improved performance and redundancy.
Kemari is a virtual machine synchronization technique that allows fault tolerance by keeping a primary and secondary VM identical. It uses DomT, a para-virtualized domain, to efficiently synchronize state between VMs by tapping event channels and only transferring updated memory pages. Evaluation shows the secondary VM can continue transparently and with acceptable performance during network, storage and file I/O workloads when the primary hardware fails.
Our presenter, Ran Nahmias, Net Optics Director of Cloud and Virtualization Solutions, provides an overview of practical challenges to conducting Lawful Intercepts within converged (physical & virtual) or homogenous virtual network environments.
Virtualization in the Data Center, More Than a Trend!
Virtualization has provided network architects with a new level of flexibility and cost-savings in their server deployments. At the same time, that new level of flexibility has created new opportunities for potentially unlawful activity to be concealed or easily moved across legal jurisdictions to avoid prosecution. View this informative webinar to learn about:
Unique enforcement challenges inherent to Virtualization
Compliance challenges created by Virtualized environments
Methods for thwarting virtual machine jurisdiction ‘hopping’
At this year's FOSE 2011 conference, Government Computer News (GCN) awarded Phantom Virtual Tap the Best of FOSE / Best Networking Product for Government award. The Tap delivers unprecedented total visibility into formerly murky traffic passing between VMs on hypervisor stacks. With its ability to tap traffic between virtual servers (VMs) on a physical server, the Phantom Virtual Tap heralds a new era of network compliance, management, and security for virtualized data centers.
Presented by Net Optics' Senior Solutions Engineer, David Pham, this webinar will briefly introduce you to the Phantom Virtual Tap as well as provide insight into some of the security and compliance challenges created by data center virtualiztion. Additionally:
Advantages of gaining visibility into your virtualized network infrastructure
How to eliminate visibility challenges in the virtual network
Provide attendees the opportunity to learn more about this new technology
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Damir Bersinic
This is the second of a 2-part series delivered at Prairie DevCon in Calgry on March 15. 2012. The sessions provided a quick overview of the new features of Hyper-V in Windows Server "8" Beta and how these compare to VMware vSphere 5.
Advanced Grouping capabilities in vShield App allow even more sophisticated policies to be managed with ease
Layer 2 protection coupled with APIs enable automatic quarantining of compromised VMs
vShield Data Security provides knowledge of protected data across cloud environments and lowers cost of compliance by helping define scope
Enterprise roles in vShield Manager provides the separation of duties required by security and compliance standards
The document discusses business continuity strategies using VMware virtual infrastructure. It covers high availability through redundancy, clustering, and VMotion to reduce planned and unplanned downtime. It also discusses disaster recovery using backup, replication, and recovery capabilities enabled by virtual infrastructure.
z/VM version 6.2 introduced new capabilities for virtualization including Single System Image (SSI) clustering and Live Guest Relocation (LGR). SSI allows up to four z/VM systems to be managed as a single cluster, while LGR allows virtual machines to be moved between systems without disruption. Developing these features required addressing challenges like maintaining system architecture accuracy and flexibility across different hardware. Relocation domains were introduced to control where guests can move and the architecture features exposed. Overall, z/VM 6.2 significantly expanded the possibilities for virtualization on the IBM mainframe.
Xen Project is an open source hypervisor that was started in 2002 and has since become the standard used in many large virtualization deployments. It supports x86, IA64 and ARM architectures and has over 50 company and 20 university contributors. Xen allows for improved security, availability, reliability and efficient use of resources. It is used widely in cloud, enterprise and embedded applications. Future projects focus on areas like fault tolerance, client virtualization and cloud services.
This document discusses IBM's proposal for an open-source library and tools to support the Open Virtualization Format (OVF) standard. It aims to provide complete support for creating, using, and maintaining OVF appliances. This will help establish OVF as the de-facto standard toolkit for working with virtual appliances and enable widespread adoption of OVF. Key areas of focus include providing primitive OVF support, adding environment support to allow appliances to be portable across hypervisors, and implementing guest and workload enlightenment. The project plans to use Python for initial development with the ability to optimize performance-critical components in C later on.
The document discusses two novel applications of the Xen virtualization platform: CYDEST, a virtual training environment for cyber defense, and EXAMIN, a malware testing environment. CYDEST allows trainees to interact with multiple virtual machines through a web-based management interface and automated assessment. EXAMIN aims to provide a testing platform for analyzing malware through a virtual network of Linux and Windows machines that can be configured and monitored. Both projects utilize Xen's virtualization capabilities while seeking to address challenges around guest isolation, documentation of changing APIs, and management interfaces.
This document discusses the Cisco Nexus 1000V virtual switch, which provides virtual machine-level network visibility and policy enforcement within VMware vSphere environments. The Nexus 1000V replaces the hypervisor virtual switch with Cisco's modular software switch. It extends the network to each virtual machine and allows consistent network and security policies to follow VMs during live migration. The Nexus 1000V integrates tightly with VMware vCenter and leverages Cisco's NX-OS operating system, providing familiar CLI management of the virtual switch.
This document discusses enabling NUMA support for Xen guests. It outlines the importance of NUMA awareness for performance, and describes how to construct the SRAT and SLIT tables to provide NUMA information to guests. It also covers guest NUMA configuration options like memory allocation strategies and considerations for live migration. The current status includes upstream host NUMA APIs and planned rebasing of patches, with next steps involving further performance analysis and supporting I/O and live migration across NUMA nodes.
This document provides a history and overview of Xen virtualization technology. It discusses how Xen originated from university research in 1999 and was released as open source in 2004. It gained widespread adoption by 2005. The document outlines Xen's goals of being the standard open source hypervisor and maintaining performance, stability, and security. It discusses the benefits of virtualization for server consolidation, manageability, deployment, and high availability. Finally, it covers topics like paravirtualization, hardware virtualization, network and device virtualization, security, and future directions like client and mobile virtualization and cloud computing.
This paper is a technology preview that describes a new hardware-based capability known as Intel® Virtual Machine Control Structure (Intel® VMCS) Shadowing, which will be available with 4th generation Intel® CoreTM vProTM processor and describes the hardware-assisted security provided by XenClient, Deep Defender. Intel VMCS Shadowing can enable faster performance for multi-VMM usage models. Both Citrix and McAfee are evaluating this capability for inclusion in future product releases.
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamSymantec
Virtualization in enterprises has been a growing trend for years, offering attractive opportunities for scaling, efficiency, and flexibility. According to Forrester Research1, over 70 percent of organizations are planning to use server virtualization by the end of 2015.
Often, companies delay implementing virtualization due to security concerns or adopt virtualization before deploying advanced security measures. However, virtual machines and their hosting servers are not immune to attack. Introducing virtualization technology to a business creates new attack vectors that need to be addressed, such as monitoring the virtual networks between virtual machines. We have seen malware specifically designed to compromise virtual machines and have observed attackers directly targeting hosting servers. Around 18 percent of malware detects virtual machines and stops executing if it arrives on one.
Virtual systems are increasingly being used to automatically analyze and detect malware. Symantec has noticed that attackers are creating new methods to avoid this analysis. For example, some Trojans will wait for multiple left mouse clicks to occur before they decrypt themselves and start their payload. This can make it difficult or impossible for an automated system to come to an accurate conclusion about the malware in a short timeframe. Attackers are clearly not ignoring virtual environments in their plans, so these systems need to be protected as well.
This document summarizes a presentation on the Trusted Virtual Machine Infrastructure (TVMI) project. The project aims to develop a mechanism for uniquely identifying and authenticating virtual machines using virtual Trusted Platform Modules (vTPMs). This would allow virtual machines to be assigned strong cryptographic identities, enhancing security and manageability in environments that require tracking of information flow, such as virtual community networks.
• Overview and Introduction to Virtualisation
• Security Risks in Virtualised Environments
• Controls in Virtualised Environments
• Summary and Conclusions
VMware and Trend Micro, partnering to revolutionise virtualised securityArrow ECS UK
VMware and Trend Micro have teamed up to deliver the first and only agentless anti-virus solution built for VMware virtualised desktops and data centres, the industry's first VDI-optimised endpoint security solution and the first product to successfully complete all test cases in the VMsafe appliance certification testing.
The document discusses security issues related to cloud computing including traditional problems like data loss and downtime as well as new issues introduced by cloud architectures like lack of a security perimeter, increased attack surface from virtualization, and challenges around data confidentiality, integrity and availability when data is stored, processed and transmitted remotely in the cloud. Virtualization introduces additional security risks around hypervisor vulnerabilities, VM isolation, and state restoration that could allow compromised VMs to persist.
Virtual Server 2005 provides virtualization capabilities that allow consolidating servers to reduce costs. It offers key benefits like increased hardware utilization, single point of management, and test environments. Customers are seeing savings of millions of dollars by deploying hundreds to thousands of virtual machines. The architecture isolates guest operating systems and applications from physical hardware through virtual devices and resource management. This enables easy migration of workloads between physical and virtual servers with minimal downtime.
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
This document discusses securing virtualized and cloud environments. It notes that virtualization is becoming a common architecture for clouds, but security is a top concern for adoption. The challenges of securing virtualized environments are described, such as lack of visibility and difficulty with continuous enforcement. The goal is to enable secure clouds while retaining control. The ideal solution is described as using a hypervisor-based security architecture, with an engine embedded in the hypervisor, to provide granular security while minimizing overhead. Traditional validation approaches are discussed along with a proposed approach using BreakingPoint to effectively stress infrastructure and validate security under high load conditions.
Security Best Practices For Hyper V And Server Virtualizationrsnarayanan
The document summarizes information about Hyper-V virtualization. It provides an overview of Hyper-V architecture, including that the hypervisor partitions the hardware and manages guest partitions through the virtualization stack. It also discusses Hyper-V security, noting that guests are isolated from each other and the root to prevent attacks, and that delegated administration and role-based access control can be used to manage virtual machine access.
CSA Presentation 26th May Virtualization securityv2vivekbhat
Bryan Nairn discusses security considerations for virtualization. Virtual machines are increasingly common but over 40% will be less secure than physical servers by 2014. Key risks include compromised host machines which could then control VMs, and unpatched guest operating systems. Defenses include hardening host servers, protecting virtual machine files, isolating guest networks, and using access control lists to manage permissions for VMs. Securing the virtualization platform requires attention to both host and guest security.
Vss Security And Compliance For The CloudGraeme Wood
The document discusses security and compliance requirements for cloud computing. It provides an overview of compliance versus security standards and regulations that affect customers. It then discusses some of the unique challenges around security and compliance in virtual environments, such as unclear system boundaries and the increased complexity introduced by virtualization. The rest of the document outlines how VMware and its partners are helping to address these challenges through virtual security foundations like secure deployment guides, virtual trust zones, and virtual security appliances that provide network controls, access management, and vulnerability management for virtual machines.
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Damir Bersinic
This is the second of a 2-part series delivered at Prairie DevCon in Calgry on March 15. 2012. The sessions provided a quick overview of the new features of Hyper-V in Windows Server "8" Beta and how these compare to VMware vSphere 5.
Advanced Grouping capabilities in vShield App allow even more sophisticated policies to be managed with ease
Layer 2 protection coupled with APIs enable automatic quarantining of compromised VMs
vShield Data Security provides knowledge of protected data across cloud environments and lowers cost of compliance by helping define scope
Enterprise roles in vShield Manager provides the separation of duties required by security and compliance standards
The document discusses business continuity strategies using VMware virtual infrastructure. It covers high availability through redundancy, clustering, and VMotion to reduce planned and unplanned downtime. It also discusses disaster recovery using backup, replication, and recovery capabilities enabled by virtual infrastructure.
z/VM version 6.2 introduced new capabilities for virtualization including Single System Image (SSI) clustering and Live Guest Relocation (LGR). SSI allows up to four z/VM systems to be managed as a single cluster, while LGR allows virtual machines to be moved between systems without disruption. Developing these features required addressing challenges like maintaining system architecture accuracy and flexibility across different hardware. Relocation domains were introduced to control where guests can move and the architecture features exposed. Overall, z/VM 6.2 significantly expanded the possibilities for virtualization on the IBM mainframe.
Xen Project is an open source hypervisor that was started in 2002 and has since become the standard used in many large virtualization deployments. It supports x86, IA64 and ARM architectures and has over 50 company and 20 university contributors. Xen allows for improved security, availability, reliability and efficient use of resources. It is used widely in cloud, enterprise and embedded applications. Future projects focus on areas like fault tolerance, client virtualization and cloud services.
This document discusses IBM's proposal for an open-source library and tools to support the Open Virtualization Format (OVF) standard. It aims to provide complete support for creating, using, and maintaining OVF appliances. This will help establish OVF as the de-facto standard toolkit for working with virtual appliances and enable widespread adoption of OVF. Key areas of focus include providing primitive OVF support, adding environment support to allow appliances to be portable across hypervisors, and implementing guest and workload enlightenment. The project plans to use Python for initial development with the ability to optimize performance-critical components in C later on.
The document discusses two novel applications of the Xen virtualization platform: CYDEST, a virtual training environment for cyber defense, and EXAMIN, a malware testing environment. CYDEST allows trainees to interact with multiple virtual machines through a web-based management interface and automated assessment. EXAMIN aims to provide a testing platform for analyzing malware through a virtual network of Linux and Windows machines that can be configured and monitored. Both projects utilize Xen's virtualization capabilities while seeking to address challenges around guest isolation, documentation of changing APIs, and management interfaces.
This document discusses the Cisco Nexus 1000V virtual switch, which provides virtual machine-level network visibility and policy enforcement within VMware vSphere environments. The Nexus 1000V replaces the hypervisor virtual switch with Cisco's modular software switch. It extends the network to each virtual machine and allows consistent network and security policies to follow VMs during live migration. The Nexus 1000V integrates tightly with VMware vCenter and leverages Cisco's NX-OS operating system, providing familiar CLI management of the virtual switch.
This document discusses enabling NUMA support for Xen guests. It outlines the importance of NUMA awareness for performance, and describes how to construct the SRAT and SLIT tables to provide NUMA information to guests. It also covers guest NUMA configuration options like memory allocation strategies and considerations for live migration. The current status includes upstream host NUMA APIs and planned rebasing of patches, with next steps involving further performance analysis and supporting I/O and live migration across NUMA nodes.
This document provides a history and overview of Xen virtualization technology. It discusses how Xen originated from university research in 1999 and was released as open source in 2004. It gained widespread adoption by 2005. The document outlines Xen's goals of being the standard open source hypervisor and maintaining performance, stability, and security. It discusses the benefits of virtualization for server consolidation, manageability, deployment, and high availability. Finally, it covers topics like paravirtualization, hardware virtualization, network and device virtualization, security, and future directions like client and mobile virtualization and cloud computing.
This paper is a technology preview that describes a new hardware-based capability known as Intel® Virtual Machine Control Structure (Intel® VMCS) Shadowing, which will be available with 4th generation Intel® CoreTM vProTM processor and describes the hardware-assisted security provided by XenClient, Deep Defender. Intel VMCS Shadowing can enable faster performance for multi-VMM usage models. Both Citrix and McAfee are evaluating this capability for inclusion in future product releases.
WHITE PAPER: Threats to Virtual Environments - Symantec Security Response TeamSymantec
Virtualization in enterprises has been a growing trend for years, offering attractive opportunities for scaling, efficiency, and flexibility. According to Forrester Research1, over 70 percent of organizations are planning to use server virtualization by the end of 2015.
Often, companies delay implementing virtualization due to security concerns or adopt virtualization before deploying advanced security measures. However, virtual machines and their hosting servers are not immune to attack. Introducing virtualization technology to a business creates new attack vectors that need to be addressed, such as monitoring the virtual networks between virtual machines. We have seen malware specifically designed to compromise virtual machines and have observed attackers directly targeting hosting servers. Around 18 percent of malware detects virtual machines and stops executing if it arrives on one.
Virtual systems are increasingly being used to automatically analyze and detect malware. Symantec has noticed that attackers are creating new methods to avoid this analysis. For example, some Trojans will wait for multiple left mouse clicks to occur before they decrypt themselves and start their payload. This can make it difficult or impossible for an automated system to come to an accurate conclusion about the malware in a short timeframe. Attackers are clearly not ignoring virtual environments in their plans, so these systems need to be protected as well.
This document summarizes a presentation on the Trusted Virtual Machine Infrastructure (TVMI) project. The project aims to develop a mechanism for uniquely identifying and authenticating virtual machines using virtual Trusted Platform Modules (vTPMs). This would allow virtual machines to be assigned strong cryptographic identities, enhancing security and manageability in environments that require tracking of information flow, such as virtual community networks.
• Overview and Introduction to Virtualisation
• Security Risks in Virtualised Environments
• Controls in Virtualised Environments
• Summary and Conclusions
VMware and Trend Micro, partnering to revolutionise virtualised securityArrow ECS UK
VMware and Trend Micro have teamed up to deliver the first and only agentless anti-virus solution built for VMware virtualised desktops and data centres, the industry's first VDI-optimised endpoint security solution and the first product to successfully complete all test cases in the VMsafe appliance certification testing.
The document discusses security issues related to cloud computing including traditional problems like data loss and downtime as well as new issues introduced by cloud architectures like lack of a security perimeter, increased attack surface from virtualization, and challenges around data confidentiality, integrity and availability when data is stored, processed and transmitted remotely in the cloud. Virtualization introduces additional security risks around hypervisor vulnerabilities, VM isolation, and state restoration that could allow compromised VMs to persist.
Virtual Server 2005 provides virtualization capabilities that allow consolidating servers to reduce costs. It offers key benefits like increased hardware utilization, single point of management, and test environments. Customers are seeing savings of millions of dollars by deploying hundreds to thousands of virtual machines. The architecture isolates guest operating systems and applications from physical hardware through virtual devices and resource management. This enables easy migration of workloads between physical and virtual servers with minimal downtime.
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
This document discusses securing virtualized and cloud environments. It notes that virtualization is becoming a common architecture for clouds, but security is a top concern for adoption. The challenges of securing virtualized environments are described, such as lack of visibility and difficulty with continuous enforcement. The goal is to enable secure clouds while retaining control. The ideal solution is described as using a hypervisor-based security architecture, with an engine embedded in the hypervisor, to provide granular security while minimizing overhead. Traditional validation approaches are discussed along with a proposed approach using BreakingPoint to effectively stress infrastructure and validate security under high load conditions.
Security Best Practices For Hyper V And Server Virtualizationrsnarayanan
The document summarizes information about Hyper-V virtualization. It provides an overview of Hyper-V architecture, including that the hypervisor partitions the hardware and manages guest partitions through the virtualization stack. It also discusses Hyper-V security, noting that guests are isolated from each other and the root to prevent attacks, and that delegated administration and role-based access control can be used to manage virtual machine access.
CSA Presentation 26th May Virtualization securityv2vivekbhat
Bryan Nairn discusses security considerations for virtualization. Virtual machines are increasingly common but over 40% will be less secure than physical servers by 2014. Key risks include compromised host machines which could then control VMs, and unpatched guest operating systems. Defenses include hardening host servers, protecting virtual machine files, isolating guest networks, and using access control lists to manage permissions for VMs. Securing the virtualization platform requires attention to both host and guest security.
Vss Security And Compliance For The CloudGraeme Wood
The document discusses security and compliance requirements for cloud computing. It provides an overview of compliance versus security standards and regulations that affect customers. It then discusses some of the unique challenges around security and compliance in virtual environments, such as unclear system boundaries and the increased complexity introduced by virtualization. The rest of the document outlines how VMware and its partners are helping to address these challenges through virtual security foundations like secure deployment guides, virtual trust zones, and virtual security appliances that provide network controls, access management, and vulnerability management for virtual machines.
Bryan Nairn discusses security considerations for virtualization. He notes that over 40% of virtual machines will be less secure than physical machines by 2014. The document outlines common virtualization security myths and describes the hypervisor architecture. It discusses isolation between virtual machines and the hypervisor's security goals of protecting data confidentiality and integrity. The document also covers common attack vectors and provides potential solutions for securing the host system and virtual machines.
The document discusses the evolution of Hosting.com's approach to virtual infrastructure security from Virtual Mentality 1.0 to 2.0. Virtual Mentality 1.0 adapted physical security models which complicated the network topology. Virtual Mentality 2.0 leverages the hypervisor to provide security independent of network topology through purpose-built virtual firewalls, allowing simpler provisioning and management of security policies. The new approach provides customers an easy user experience to group VMs and create security policies within 15 clicks.
At VMworld 2012, Symantec announced new solutions and technical integrations with VMware across its entire product portfolio to ensure higher levels of protection for virtualized environments. Together, Symantec and VMware enable SMBs and enterprises to use the benefits of virtualization without compromising protection.
Virtualization allows multiple operating systems to run on a single physical system by sharing hardware resources. It provides isolation between virtual machines using a virtual machine monitor. Virtualization provides benefits like server consolidation, running legacy applications, sandboxing, and business continuity. However, it also presents risks if not properly secured, such as increased attack channels, insecure communications between virtual machines, and virtual machine sprawl consuming excess resources. Security measures are needed at the hypervisor, host, virtual machine, and network layers to harden the virtualization environment against threats.
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
Virtually Secure: Uncovering the risks of virtualization
Organizations have been quickly leveraging the benefits of virtualized platforms in their datacenters, often unknowingly increasing the exposure of their most prized assets.
Michael will highlight the key concerns around virtualization technologies including the answers to questions such as are virtualized servers PCI compliant and what minimum controls must exist to protect the hypervisor? He will walk the audience through the latest technical threats and shed light on the solutions and controls available to secure your virtual environments.
The document discusses the history and capabilities of the Xen virtualization platform. It outlines how Xen has been adopted by many organizations and embedded in various hardware platforms. The document also explores how virtualization enables benefits like server consolidation, manageability, security and unlocking new hardware features. It discusses how Xen is powering large-scale cloud computing platforms and envisions virtualization becoming ubiquitous across all devices.
VMware ESXi is a compact hypervisor architecture that operates independently without a general-purpose operating system. It comprises the VMkernel operating system, which manages hardware resources and runs processes like the virtual machine monitor. ESXi eliminates the need for a service console through new remote command line interfaces and adherence to management standards. The streamlined design focuses on rapid deployment and simplified management of virtual infrastructure.
The world of computing is moving to the cloud – shared infrastructures, shared systems, instant provisioning and pay-as-you-go services. And users can enjoy anytime, anywhere access to services and their data. But how secure is your data in the cloud and do conventional security products offer the optimal approach to securing your virtualised environments?
In this presentation we examine security and performance concerns along your journey to the cloud and explore new technologies from VMware and Trend Micro. These innovations are all ready helping thousands of businesses to address the security challenges with Physical, Virtual and cloud platforms.
Citrix XenDesktop on vSphere - Virsto Launch May 9, 2012Virsto Software
Virsto Storage Hypervisor Adds Support for Citrix XenDesktop--
Virsto® Software, an innovative provider of VM-centric storage hypervisor software, today announced that it is deepening its commitment to Citrix desktop virtualization solutions with the release of a beta program for Citrix® XenDesktop® on vSphere. The integration of Virsto’s purpose-built storage hypervisor for virtual machines (VMs) with Citrix XenDesktop delivers dramatic savings on storage in virtual desktop deployments with accelerated provisioning and simplified management of thousands of virtual desktops.
Hyper-V is Microsoft's server virtualization technology that is included with Windows Server 2008. It allows multiple virtual machines to run on a single physical machine. Key capabilities of Hyper-V include support for large memory virtual machines up to 64GB, live migration of virtual machines between physical servers, and integration with the Windows hypervisor for security and isolation of virtual machines. System Center Virtual Machine Manager 2008 provides centralized management of virtualized and physical infrastructure across Hyper-V, Virtual Server and VMware environments.
What is ProtectV and how can it help your organization? Here's a concise overview of SafeNet's cloud encryption solution for Amazon Web Services or VMware, as presented at VMworld.
Integrate 3rd party security solution into CloudStackmice_xia
The document discusses integrating a security product called ElasterShield with the Cloudstack platform. It proposes developing a Cloudstack plugin to manage the integration. The plugin would leverage Cloudstack's framework to deploy and manage ElasterShield Security Virtual Appliances (ESVAs) across hypervisors. It would also interface with ElasterShield's management system to assign security profiles to virtual machines based on their lifecycle events in Cloudstack. This would provide security as a service through Cloudstack in a multi-tenant way.
The document discusses VMware's product direction and focus on the future. It outlines VMware's vision of a "Virtual Datacenter OS" that will deliver an internal cloud through technologies like vCompute, vStorage, vNetwork and management solutions. It also discusses initiatives around vCloud to federate internal and external clouds, and addressing the "desktop dilemma" through solutions like VMware View that deliver virtual desktops to follow the user across devices.
Similar to Juniper and VMware: Taking Data Centre Networks to the Next Level (20)
Why Juniper, Driven by Mist AI, Leads the MarketJuniper Networks
The document discusses why Juniper Networks' Mist AI solution leads the market for AIOps. It summarizes the key capabilities of Mist AI, including its use of advanced natural language processing through its virtual assistant Marvis to identify network issues. It then compares Mist AI favorably to competitors' solutions, noting Mist AI's modern cloud architecture, ability to provide end-to-end visibility across the network from client to cloud using a single pane of glass, and how it simplifies operations and improves total cost of ownership versus other solutions.
Experiences are everything and Juniper knows this. From when a user engages with an app on their smartphone to when a workload is generated in the cloud to pick up the request, we know that every point of contact along the way impacts the user’s experience, from client to cloud. Learn more about what Juniper has recently announced in this SlideShare!
As much the workforce continues to work remotely, The COVID-19 Pandemic has taught us that the WAN is more important than ever, and troubleshooting it couldn’t be more difficult. Learn how MARVIS & Mist AI simplify the burdensome process of troubleshooting the WAN.
Real AI. Real Results. Mist AI Customer Testimonials.Juniper Networks
Mist customers reported significant benefits from using Mist's AI-driven wireless solutions, including reduced costs and staff time. One customer said Mist reduced the need for site visits by 90% and automated AP rollout. Others mentioned reduced troubleshooting time, faster deployment of new sites, and insights that helped issues be addressed proactively. Customers also stated that Mist simplified management and support of wireless networks.
Juniper Networks is introducing the fourth expansion of the AI-driven enterprise to bring artificial intelligence to the LAN, WLAN and now WAN for end-to-end optimization of user experiences and proactive troubleshooting driven by Mist AI.
With the new Juniper Mist WAN Assurance service, customers will receive even better automation and insight in branch locations with AI-driven service level expectations, client-to-cloud event correlation for rapid fault resolution, anomaly detection, and proactive support.
Are you able to deliver reliable experiences for connected devicesJuniper Networks
Here are 5 things you can do with Mist Wired Assurance. With Wired Assurance, you can leverage Juniper EX switch telemetry to enable simpler operations, shorter mean time to repair, and better visibility into end-user experiences for your connected devices, including access points, servers, and IoT endpoints.
It's time to scale way back on those support tickets from your branch users. Security shouldn’t come at the cost of performance. Register now to attend a live demo. You may be eligible to receive a free SRX!
https://www.juniper.net/sdwan-thursdays
Securing IoT at Scale Requires a Holistic ApproachJuniper Networks
Enterprises are moving from small IoT pilots to large-scale
implementations. What are the biggest security
concerns, and how can you overcome them?
Juniper partnered with the IoT Institute to find out. We surveyed 176 technology decision makers and
influencers who have been personally involved in their IoT security strategy and implementations. Here's what the survey found:
We recently conducted a 16-country survey to gauge the appetite for Digital Cohesion. The results suggest business and consumer users see Digital Cohesion as an inevitable, positive societal development.
SDN and NFV: Transforming the Service Provider OrganizationJuniper Networks
As competition increases, service providers must be able to respond quickly to competitive pressures and rapidly evolving customer demands. Learn how NFV and SDN allows service providers to embrace a holistic approach to their business transformation and maximize existing capabilities: http://juni.pr/1JQZYOl
Navigating the Uncertain World Facing Service Providers - Juniper's PerspectiveJuniper Networks
Service providers are facing more and more pressure as customers demand immediacy. Learn how adopting a carrier-grade, open network platform closes the innovation gap to create value for your network. http://juni.pr/1JQZYOl
Hybrid IT and cloud environments present new security risks that traditional physical firewalls do not address. A virtual security appliance adds layers of perimeter security and advanced security services to protect virtual environments from these new threats. As data centers evolve into hybrid environments combining physical and virtual resources, security challenges will become more complex. It is important to use a unified policy management across physical and virtual systems.
Network service providers—those with access networks like DSL, cable, or mobile—continue
to face a dual threat: rising operating expenses associated with explosive bandwidth growth
and declining revenues driven by commoditization. A true Telco cloud, featuring automation
and dynamic scalability, becomes a comprehensive delivery platform enabling network service
providers to offer differentiated services that solve their customer’s business demands.
With mobile subscriptions expected to reach 8.5 billion users by the end of 2016, mobile attack surfaces are growing at an alarming rate. Juniper’s SRX5800 is primed for this increase - with speeds up to 2 Tbps the SRX5800 enables customers to inspect more traffic faster. Mobile has met its match. http://juni.pr/1MKBQDu
Juniper Networks provides powerful and effective network security that stops attacks faster than other solutions. Testing showed the Juniper SRX family stopped the most attacks in tests using real threats, with the SRX blocking over 3,000 unique attacks in one test, 2,400 in another, and nearly 2,000 in a third. Juniper security delivers industry-leading speed and reliability in protecting networks from today's growing cyber threats.
High performance data center computing using manageable distributed computingJuniper Networks
Terrapin Trading Show Chicago, Thursday, June 4
Andy Bach, FSI Architect, Juniper Networks
Distributed computing concepts (QFX5100-AA)
Scale and performance enhancements (QFX10000 Series)
Automation capabilities (tie in QFX-PFA)
Larry Van Deusen, Director of the Network Integration Business Unit, Dimension Data
Automation
Value Added Partner Services
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
4. Market Dynamics
Cloud Computing Services, Virtualization Top CIO 2011 Priorities
–Gartner, CIO Survey, January 2011
Virtualization 2.0 includes a host of new use cases that range from high
availability and DR to hosted clients and true utility computing
–IDS, Worldwide Virtual Machine Software Forecast, August 2011
91% of respondents told Forrester that they are using virtual servers for
production workloads. That’s up dramatically from 78% in 2010
–Forrester, Storage Choices for Virtual Server Environments, March 2011
The top 3 drivers for deploying new security solutions for virtualized
environments are preventing new threats specific to virtual environments,
preventing inter-VM threats, and maintaining secure server configurations
–Infonetics, Security for Virtualized Infrastructure, April 2011
“Data sprawl” was rated as a top security issue by the IT professionals
surveyed on their opinions about server virtualization
–Kuppinger Cole, Virtualization Security Trends & Insights Surveys, November 2010
4
5. Security implication of virtualization
Physical Network Virtual Network
VM1 VM2 VM3
ESX/ESXi Host
Virtual
Switch
HYPERVISOR
Firewall/IDS Sees/Protects Physical Security Is “Blind” to
All Traffic between Servers Traffic between Virtual Machines
5
6. THE ISOLATION CHALLENGE IN THE VSWITCH
VM Isolation Challenge
• vSwitches provide only basic
connectivity
• VMs plugged into the same vSwitch
have direct access via the
hypervisor
• Port groups that are assigned
VLAN IDs need a layer 3 device for
routing
• Distributed vSwitches don’t
realistically address security
• VM admins can assign vNICs to
any network (even accidentally)
6
7. APPROACHES TO SECURING VIRTUAL NETWORKS
VLANs & Physical Traditional Security Integrated
1 Segmentation 2 Agents 3 Virtual Security
VM1 VM2 VM3 VM1 VM2 VM3 VM1 VM2 VM3
ESX/ESXi Host
ESX/ESXi Host
ESX/ESXi Host
VS VS
Virtual Security Layer
VS
HYPERVISOR HYPERVISOR
HYPERVISOR
Regular Thick Agent for FW & AV
7
9. INDUSTRY RECOGNITION OF VGW
Distinction
• 1st purpose-built virtual firewall
• Widely recognized innovation leader
Most Innovative Company
RSA® Conference 2010
9
10. THE VGW PURPOSE-BUILT APPROACH
Service Provider & Enterprise Grade
• Three Tiered Model
1
• VMware Certified (signed binaries!)
Virtual Security 2
Design
• Protects each VM and the hypervisor
Center for vGW VM
VM1 VM2 VM3
• Fault-tolerant architecture (i.e., HA)
ESX or ESXi Host
Virtualization-aware
Partner Server
(IDS, SIM,
Syslog, Netflow)
• “Secure VMotion” scales to
3
1,000+ hosts THE vGW ENGINE
Packet Data
VMware Kernel
• “Auto Secure” detects/protects
VMWARE API’s
Any vSwitch
new VMs
(Standard, DVS, 3rd Party)
Granular, Tiered Defense
HYPERVISOR
• Stateful firewall, integrated IDS,
and AV
• Flexible Policy Enforcement – zone,
VM group, VM, individual vNIC
10
11. vGW Security Design VM Architecture
vGW Security Design Firewall
vGW Security Design Management Install VMware VI-API
Connector
VM Inventory
Admin/User Web UI & Status
XML – RPC vCenter Server
Time Server
Provisioning server
Connector
(NTP)
Certificate
Authority
Management
Connector
Admin/User (vGW Security VM)
Netflow
Policy Connector Netflow Collector
VM Ownership Flow Statistics Reporting
Processor
Processor Engine Engine
Engine
Syslog
Connector
SEIM/Syslog
Collector
Caching & DB Optimization Engine
VMWARE VSWITCH OR
CISCO 1000V
Alerting SMTP
Engine
Policy DB Netflow &
Firewall Log DB
SNMP
11
12. vGW Svm and kernel Architecture
ESX/ESX(i) Host
vGW Security VM
Management
Connector Netflow
Connector
Netflow
vGW Security Design Collector
Policy Engine AV & IDS Log
(XML) Signatures Distribution
Syslog
Control Connector
Connector
SEIM/Syslog
Collector
ESX/ESX(i) Kernel
vGW VMsafe FastPath Control Span
Connector Connector
IDS/IPS
Connection Server
Table
Connection
Table
VM-Firewall Engines
VM-Firewall Engines
Wireshark
Packet Packet Endpoint
VMWARE VSWITCH OR Ingress Egress
CISCO 1000V
VMware DvFilter
Virtual Switch: VMware vSwitch, VMware dvSwitch, or 3rd Party
12
13. VGW - PERFORMANCE
TCP Throughput Test (Standard 1500 Byte packet size). See slide notes for details
13
14. VGW – MANAGEMENT SCALABILITY & FLEXIBILITY
Multi-Center allows
linking of
configuration
information for
Select which objects
multiple Security you want to sync
Design vGW VM’s with delegate
centers
(‘linked-mode’)
Split-Center allows
you to divide one
vCenter into separate
logical entities for Complete isolation
of data centers
different Security
Design vGW VMs.
14
16. vGW modules
Main Firewall AntiVirus Compliance
Dashboard view of Firewall policy Full AV protection Out-of-box and
the virtual system management for VMs custom rules engine
threats (including and logs alerts on VM/host
VM quarantine view) config changes
Network IDS Introspection Reports
Visibility of Centralized view Centralized VM Automated reports
inter-VM traffic flows of IDS alerts and view (includes OS, for all functional
ability to drill-down apps, hot fixes, modules
on attacks etc.)
16
17. VGW – NETWORK VISIBILITY
All VM traffic flows stored in database and available for analysis
Benefits:
• Visibility to all VM communications
• Ability to spot design issues with security policies
Connections
• Single click to more detail on VMs tab shows open
traffic flow
Custom time
Left-hand tree interval for
selection troubleshooting
navigates
right-hand
pane
17
18. VGW – FIREWALL
Complete firewall protection for any network traffic to or from a VM
Benefits:
• Extremely flexible protection down to the vNIC
• Ability to automatically assign policies to VMs
• Ability to quarantine VMs for immediate isolation
• Kernel implementation isolates connection table and rule base
Define a
quarantine
policy for use
on AV,
Compliance or
Image Enforcer
violations
18
19. VGW – IDS
Send selectable traffic flows to internal IDS engine for deep-packet
analysis against dynamic signature set.
Security rule filters what is
IDS inspected
Review IDS
Alerts by Targets
and Sources
Click on Alert Change “Time
Type to get Interval” to
further details expand time slot
about the or set “Custom
Signature that Time Period” to
triggered the review historical
Alert data
19
20. VGW – ANTIVIRUS
AntiVirus components controlled centrally (scanner config, alert viewing,
infected file remediation)
On-Demand
and On-
Access Scan
Configurations
AV Dashboard for quick
status understanding
File Quarantine
20
21. VGW ANTIVIRUS PERFORMANCE
% Performance Degradation
1 (30 VMs – MS Office On-Access Execution Time)
2
On-Demand File Scans
Run at ~5MB/second!!
3 VM Memory Usage (MB) 4 VM Disk Usage (MB)
21
22. VGW – INTROSPECTION
Introspection is the agent-less ability to scan a VM’s virtual disk contents to understand what’s
installed – OS, SP, Applications, Registry Values
Benefits:
• Know exactly what’s installed in a VM and automatically attach relevant security policy!
• Categorize discovered values and easily determine install states (Application and VM views)
• Use Image Enforcer to define a ‘”gold” image (template or VM) then discover how VMs deviate from this across time
• Works for Windows and Linux
22
23. VGW – COMPLIANCE
The compliance module includes pre-defined rules based on virtual security best
practices and an engine so customers can define their own rules.
Benefits:
• Define rules on any VM or VM group (alerts and reports for compliance rule violations)
• Automatically quarantine VMs into an isolated network if they violate a rule
• Rules relevant to both VM and host configuration Classifications
of checks
(VMware best
• Enhanced rule editor for intuitive manipulation of attributes
practices, etc.)
Easily
see rule
violations
23
24. VGW – REPORTS
Pre-defined and customizable reports covering all of solution
modules
Benefits:
• Generate reports in PDF or CSV formats
• Automatically send scheduled reports via email or store directly in vGW
management center
• Scoping mechanism isolates contents (Customer/Dept A’s VMs never
show up in Customer/Dept B’s report)
AntiVirus
Reports
Report on Image
Enforcer profiles
24
26. AUTOMATION - SMART GROUPS
Smart Groups allow for the use of attributes to create dynamic system
associations.
Benefits:
• Tie vGW product discoveries to Smart Group definitions.
• Tie vCenter and VM config attributes to Smart Group definitions
• Attributes are read real time so if a VM changes in vCenter, it’s instantly
updated in vGW
Smart Groups help
capability allows
administrator to see
name, description
and values of
attributes
Priority and precedence level can
be defined to Tier Groups easily
26
27. xerox implementation
Customer
Goals Develop a multi-tenant virtualized data hosting cloud on VMware
Ability to secure each guest VM in a mixed workload environment
Utilize custom portal for customers (long term)
Resolved firewall complexity and increased network visibility
Why Juniper?
vGW was selected because of the tight integration with
vCenter, ability to dynamically apply policy to new VMs
(Smart Groups) and robust firewall feature set.
vGW enables complete control and compliance in the cloud
27
28. AUTOMATION - VGW CLOUD SECURITY SDK
Policy Automation of security
policy controls
• Security integration into VM
provisioning process
• Policy delegation to group admins or
end-users
• Multi-Tenant Policy Management
XML-RPC based API
• Programmatically control VM policy
configuration
• APIs for all functions done within UI
Cloud SDK Download Location:
https://www.juniper.net/support/products/vgw/#sw SDK Contains
• XML-RPC API Documentation
• Python scripts implementing APIs
• Web portal application – PoC user
28
delegated policy controls
31. Integrated with Juniper data center Security
VM1 VM2 VM3 ALTOR
vGW
Central Policy Management
vGW
VMware vSphere
Firewall Event Syslogs
Netflow for Inter-VM Traffic
Zone Synchronization
& Traffic Mirroring STRM
Network
Juniper SRX Juniper IDP
31
32. SRX AND VGW – MICRO-SEGMENTATION
ESX-1 BLUE VMs BELONG TO
CUSTOMER “A” IN CREATE A SRX ZONE “A” FOR
ZONE 1 = VLAN 221 1 CUSTOMER “A” WITH VLAN 221
VGW
CREATE A SRX ZONE POLICY
2 SRC
ANY
DST
ZONE “A”
ACTION
REJECT
Data Center
ESX-2 Switching
SRX5800
VGW
TELL VGW ABOUT SRX AND REFINE “SMART GROUPS” WITH
3 CUSTOMER “A” 4 CUSTOMER “A” VM INFORMATION
CREATE VGW POLICY TO
5 SEGMENT WITHIN CUSTOMER “A”
VMs
32
33. CONCLUSION
vGW enables virtualization and clouds
• Purpose-built approach maximizes throughput, capacity and scale
• Industry benchmark for administrative ease and scale
• Innovation makes enforcement granular and dynamic
• Complete suite of security and visibility tools for virtual environments
vGW as part of Juniper data center security
• Comprehensive protection for all workloads
• Extended security through several points of integration
33