2. Agenda Primary customer concerns with the cloud VMware value proposition New features and use cases Customer examples Product summary
3. Re-think End-User Computing Modernize Application Development SaaS Apps Existing Apps New Enterprise Apps Evolve the Infrastructure Public Cloud Services Existing Datacenters Three Core Focus Areas
4. In 2010 VMware Unveiled a Complete Hybrid Cloud Stack… vSphere vSphere vSphere vCloud Director vShield Security vCenter Management
5. vSphere vSphere vSphere New Cloud Infrastructure Launch(vSphere, vCenter, vShield, vCloud Director) vCloud Director 1.5 vCloud Director vShield Security vShield 5.0 vCenter Operations 1.0vCenter SRM 5.0 vCenter Management vSphere 5.0 In 2011 VMware is Introducing a Major Upgrade of the Entire Cloud Infrastructure Stack
23. Security and Compliance Defined Security is about protecting applications, data, server, storage, and networks from malware, and unauthorized human access. Compliance is demonstrating adherence to a standard or regulatory requirement.
24. Security and Compliance Concerns in Detail….. How can I manage security policies across virtual desktops, servers and networks? How do I verify that confidential and regulated data is secure in the cloud? How do I implement compliance audits for resources in the cloud? I have too many VLANsfor segmenting traffic, and agents for securing applications. I can’t keep up InfrastructureTeam Security OperationsTeam Compliance Officer Both Security and Proof of Compliance are Required to Build Trust
25. Agenda Primary customer concerns with the cloud VMware value proposition New features and use cases Customer examples Product summary
39. VMware Transforms Security from Complex… Network Admin Security Admin VI admin 2 1 Overlapping Roles / Responsibilities Multiple frameworks and provisioning interfaces Network Firewall Load Balancer Application VMware vSphere 3 Multiple physical3rd party solutions
40. …To Disruptively Simple Network Admin Security Admin VI admin 2 1 UnifiedFramework Clear separation of Roles / Responsibilities Reduced numberof steps: Configure vCenter vCenter + vShield Manager Network Load Balancer Application Firewall vCenter RSA Other AVvendors Other ISV Trend VMware vSphere 3 Integrated into Virtual Security appliances
41. VMware Turns Security from Weak... Not Virtualization aware Virus spreads quickly in flat networks without segmentation Antivirus storms Agents in every VM DMZ PCI Compliant 1 1 WEB MAIL 2 Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent “Air gap” 3 Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent VMware vSphere and vCenter VMware vSphere and vCenter VMware vSphereand vCenter VMware vSphereand vCenter File Server Switch Switch Switch Switch
42. PCI Compliant ….to More Secure Protect every VM with hypervisor level firewall & IPS Quarantine infected VMs Eliminate agents and antivirus storms Enforce policies with adaptive trust zones DMZ PCI Compliant DMZ 2 3 3 1 Quarantine Zone Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent Agent AV PartnerProduct IPS PartnerProduct AV PartnerProduct Agent Agent Agent Agent VMware vSphere vCenter
43. VMware Turns Compliance from Being Labor Intensive… FISMA HIPAA SOX Using Traditional Ways of Maintaining Compliance ISO 27002 GLBA DISA Requires specialized knowledge Not change-aware Manual remediation NERC/ FERC PCI DSS NIST Virtualization Hardening Guidelines CIS Benchmarks
75. Restrict access to applications in a trust zone to View users in the subgroup within the zone
76.
77. Lower Capex & Opex by replacing hardware appliances with virtual appliancesVMware vSphere + vCenter + vShield Manager
78. Agenda Primary customer concerns with the cloud VMware value proposition New features and use cases Customer examples Product summary
79. Summary – To build Trust in Cloud You NeedSecurity and Proof of Compliance Security Proof of Compliance $300/VM $800/VM VMware vShield and vCenter Configuration Manager Deliver Trust in Your Cloud
To address this challenge, VMware is focused on three core solution areas in IT:How best to evolve the infrastructure to support this new world,Changes in application development to speed time-to-market for business-critical applications, that take advantage of this new world,And a new way of approaching end-user computing, to increase user satisfaction.<click>Let’s begin by exploring the evolution of infrastructure.
VMware delivers the industry leading cloud infrastructure solution for building trusted private, public, and hybrid clouds. Leveraging the proven vSphere 5.0 virtualization platform, VMware creates intelligent cloud infrastructure with built-in automation and resource elasticity to free IT from manual processes and enable it to meet business requirements on-demand.
VMware delivers the industry leading cloud infrastructure solution for building trusted private, public, and hybrid clouds. Leveraging the proven vSphere 5.0 virtualization platform, VMware creates intelligent cloud infrastructure with built-in automation and resource elasticity to free IT from manual processes and enable it to meet business requirements on-demand.
IT security is about protecting an organization’s digital assets – the IT infrastructure such as servers, storage and network, applications and the data that lives there. Organizations want to control: who is accessing digital assetswhat apps and data need protection from theft or leakswhat infrastructure is at risk from threats such as malware or network-based attacks Compliance utilizes a set of processes to determine conformance to regulatory frameworks, industry standards, internal organizational standards, or vendor best practices. IT compliance commonly includes requirements for security controls as they pertain to protecting industry-regulated assets such as personal healthcare information or credit card data. In the case of corporate governance, security applies to assets critical to the business such as intellectual property or customer lists. Within the IT compliance area are several regulatory frameworks, many of which are specific to an industry vertical:Healthcare – HIPAARetail - PCIFinancial – GLBAGovernment – FISMAGovernance – Enterprise policies
Most surveys on cloud computing1 unanimously cite security and compliance as the by far the most significant concerns hindering the adoption of cloud computing. These high level concerns typically boil down to three concrete security and compliance issues: Patchwork of security solutions. Cloud infrastructure is about breaking the silos in the datacenter, and creating a virtualized shared infrastructure that stands ready to support any application workload on-demand. However, existing security solutions are often based on the old siloed way of managing the datacenter – where each group – the server, storage, network, security, and desktop teams – has its own security frameworks and tools. Without a common, unified security policy management framework to control polices and provide visibility into changes, how can the network, virtualization and security teams maintain the level of control that they desire? How can they make rapid changes to security policies if the need arises when so much manual offline coordination is required? Securing applications and data. Before making the jump to cloud, enterprises must be confident that their applications and data can be properly segmented for compliance, and that trust zones can be maintained. The traditional approach has been to segment applications into different zones by creating physical hardware separation or “air gaps”. This approach no longer works in a cloud environment based on a fully virtualized shared infrastructure. Organizations need a new approach that would allow strict application segmentation in trust zones without the need for hardware separation. IT compliance - Customers are concerned that cloud computing makes IT compliance more complex. Change management, configuration management, access controls, auditing and logging in a cloud infrastructure are the important concerns. Organizations need compliance solutions that are tuned for the dynamic and ever-changing nature of cloud infrastructure. Exposure or leakage of sensitive business data is another important aspect of security in the cloud. For example, stolen credit card data or compromised personal health information can cost an enterprise millions of dollars or harm its reputation. Many organizations have requirements to keep data in certain jurisdictions (e.g. the EU directive for safeguarding EU citizen’s personal information in EU jurisdictions). Cloud solutions today provide very limited firewalls to segment applications, with very limited ability to detect or prevent leakage of sensitive information. Today’s solutions for protecting applications and data continue to rely on brittle and/or dedicated hardware infrastructure that isn’t suitable for securing a highly virtualized environment.
VMware Transforms Security from Complex…”Traditional IT security is very complex to provision and deploy. First, customers have to configure multiple purpose-built security appliances with proprietary interfaces to deploy the security solution. Second, VI admins, network and security teams have overlapping roles and it takes a lot of manual coordination to properly configure and setup the network, firewall rules and vSphere configurations. These teams are also limited in terms of the proper role based views into policy and implementation. This results in slow provisioning, very complex configuration with significant requirements on coordination, and lack of role based views into policy and implementation details. Finally, traditional security architectures require multiple special purpose appliances. These appliances are expensive and increase CAPex. In addition it delivers a solution with limited scalability, poor availability with multiple points of failure, consumes more power and rack space. All of this increases the Opex of traditional security solutions.
vShield drastically reduces the complexity and the number of steps it takes for VI admins to implement clearly defined policies , and along with vCenter this solution enables security, network and VI admin teams to work closely together where the policies can be clearly defined, implemented, viewed and changed seamlessly. With role-based access to administration and reporting interfaces, administration is clear and simple. VI admins are empowered to implement the security policies .The lead times it takes to provision the right set of security services is greatly reduced, and these can be done through UI’s or through scriptable, REST based APIs.vShield technology also helps eliminate the sprawl in VLANs, firewall rules and agents. We’ll talk more about this in a few minutes when we get into the products overview.
“VMware Turns Security Solutions from Weak …..”Industry regulations often dictate that ‘in-scope’ systems – ones where regulated/sensitive data are stored or processed – have special policies applied to them. Traditional security solutions are tied to physical hosts and don’t allow flexible groupings of resources to implement these policies.This results in what is known as ‘air-gapped’ solutions. Air gaps are created by the need for dedicated hardware and appliances. They are also created because traditional IT security requires dedicated hardware resources/clusters for specific application tiers or groups, since mixing and matching applications across tiers/groups is not possible because of the implied exposure and infection risks. In virtualized environments, the airgap effect is just as bad, since it implies that specific groups of VMs must be limited to specific hosts. This reduces overall efficiency, imposes constraints on how applications /workloads are scaled, load balanced or otherwise managed. This also means that where datacenter-level or user driven infrastructure changes are required, a lot of manual work and cost is incurred to support such change – this leads to a very rigid infrastructure that does not adapt to changing business needs.
Lets start with an overview of the broad security market.The traditional security market is a mature market segment which has over 27Billion spend – the larger segments in this market include network security, along with Identity Management, Antivirus/endpoint.VMware vShield in it’s initial version is targeting the network security, endpoint security and application security segments to begin with. We also plan to partner closely with key vendor such as RSA, Trend, McAfee, Symantec etc to jointly address other segments.
The Sensitive Data Discovery feature includes over 80 pre-built templates for the most common standards for protecting sensitive data including PII (Personally Identifiable Information), PCI-DSS cardholder data, and PHI (Private Health Information). Each pre-built template provides the ability to scans all elements of a virtualization environment - whether datacenters, file shares, resource pools, hosts and VMs – and produces a detailed report that identifies if all of them are in compliances with the specific standardThe key benefits of this feature is quickly identifies sensitive data and reduces risk of non-compliance and reputation damage. It also improves performance over traditional solutions by offloading all sensitive data discovery functions to a secure virtual appliance.