Reflex VMC provides a virtualization management platform with integrated modules for monitoring, security, and configuration management. It offers visibility into virtual and cloud infrastructures through real-time reporting and historical data analysis. The platform automates policy enforcement across network segmentation, firewalls, and other security functions. Reflex VMC helps ensure continuous virtual environment compliance.

1. Reflex VMC: Overview
Mike Wronski, CISSP
VP, Product Management
mike@reflexsystems.com
©2010 Reflex Systems LLC

2. Virtualization Challenges
Visibility and Transparency
Challenges
Change Management
Operational
Network Management
&
Security
Security / Firewall Goals
Desktop Virtualization

3. Solution Overview
Automate, Integrate and Correlate
Virtual & Cloud Monitoring & Analysis Network Security Configuration Mgmt. / Audit
Infrastructure (vWatch) (vTrust) (vProfile)
Virtual Center
Asset / Inventory
ESX Host
Virtual Firewall
Access Control
Segmentation
Performance
Automation
Compliance
Compliance
Virtual DPI
Capacity
Profiles
Guest (VM)
Network
Storage
Virtualization Management Center (VMC)
 Discovery/Mapping  Policy Automation  vCMDB
 Visualization  Scripting  VQL
 Central Alerting  Event Correlation  Cloud API
 Event Correlation  Central Reporting  3rd Party interface
3

4. Reflex: vWatch
 Fully integrated component of the Reflex VMC platform
 Monitoring and analysis module which provides a comprehensive overview of the state of the virtual
environment at any given time
 Through real-time and historical visual reporting, configuration change monitoring, and extensive
correlation, vWatch provides administrators with the visibility they need
 The ability to visualize both the virtual and underlying hardware infrastructure has become mission critical
for IT administrators
Functions:
Virtual Flow Data
Historical tracking
Physical-to-Virtual
Configuration
Compliance Audit
Root-cause Analysis

5. Visibility and Transparency

6. Virtual Networking Visibility
H i s to r i c a l t ra c k i n g
P hys i c a l - to - V i r t u a l
C o n f i g u ra t i o n
Compliance
Ro o t - c a u s e A n a l ys i s

7. Reflex: vProfile
 vProfile provides an API that enables service providers and enterprises to provision and
manage security and compliance without the dependency on expensive external hardware
 vProfile configuration management is the only solution on the market today that provides
‘difference visualization’, and plots VM configuration changes according to a graphical, easy
to understand "heat map" interface
Functions:
Apply Baseline Profile
Configuration
Heat map and Customized
Pivot Tables
Ad-Hoc and
Scheduled Remediation
VQL Configuration Queries
Tiered Configuration Profiles
Historical Profile Definition
Batch Modification
IP Pool Allocation

8. Reflex: vTrust Segmentation & Security
 Fully integrated component of the Reflex VMC platform
 Designed to be integrated directly with the VMware VMsafe platform technology
 Provides dynamic policy enforcement for virtual environments deployed locally and in external cloud
environments
 Operating at the hypervisor kernel level, vTrust leverages the tightly integrated VMsafe component of
VMware vSphere™ 4
 Facilitates adaptive, extensible policies that allow administrators to address complex business,
information security and compliance requirements within the virtual environment
Functions:
Virtual Segmentation
Virtual Quarantine
Networking Policy
Stateful Inspection
Agentless
8

9. VMware VMsafe Integration
• Low-Level Enforcement Policy
• Part of the Hypervisor VM
ACLs
• VM Network Segmentation/Firewall
VMsafe
• Multi-Virtual Center Aware
• vMotion Aware
• Policy Mobility
vmSafe Kernel Module
(d)vSwitch
ESX Hypervisor

10. Software Asset Management
•No Agents to Install
•Independent of State
•Power
•Templates
•Policy Criteria
•NAC
•Posture Checking
•Maintain Compliance

11. Automation: Policy and Enforcement
Policy Types Enforcement Points
•Segmentation (Firewall) Network
•Quarantine (NAC, Posture)
Network •Redirection (IDP, Capture) • Reflex VMsafe
•Configuration (VLAN, QoS)
• 3rd Party (TippingPoint)
• VI API
•Storage
•Network Connection
Guest •Software (OS, App, Patch) Infrastructure
•Authorization
• VI API
•Access Control
• 3rd Party API/DB/CLI
•Authorization
vCenter •Resource Pools
Generic
•Storage
• Generic Programmable (Python)
Device •Chassis (UCS, Blade Ctr) • Element Managers
•Switch
•Security Device
• Orchestration / Provisioning
Config • Notification
11

12. Continuous Compliance
Software Asset (OS, App Version, Patch)
Storage Mapping (Data Classification)
Security Controls Enabled (Firewall, IPS)
Provisioning User Authorization
Compliant VM Authorized

13. Thank You!
Mike Wronski, VP Product Management
Email: mike@reflexsystems.com
Web: http://www.reflexsystems.com