Uploaded bySuministros Obras y Sistemas
What’s new in VMware vShield 5 - Customer Presentation
VMware is introducing major upgrades to its cloud infrastructure stack in 2011, including vSphere 5.0, vCloud Director 1.5, and vShield 5.0. The new vShield 5.0 release addresses customer concerns around security and compliance in the cloud with new features such as sensitive data discovery, intrusion prevention, and efficient antivirus protection using virtual appliances. These new capabilities help customers secure sensitive data and infrastructure, segment networks into trust zones, and automate compliance audits, allowing them to trust running business critical applications in the cloud.
More Related Content
Similar to What’s new in VMware vShield 5 - Customer Presentation
More from Suministros Obras y Sistemas
What’s new in VMware vShield 5 - Customer Presentation
- 1. What’s New invShield 5.0 – Trust your Cloud
- 2. AgendaPrimary customer concernswith the cloudVMware value propositionNew features and use casesCustomer examplesProduct summary
- 3. Re-think End-User ComputingModernizeApplication DevelopmentSaaS AppsExisting AppsNew Enterprise AppsEvolve the InfrastructurePublic Cloud ServicesExisting DatacentersThree Core Focus Areas
- 4. In 2010 VMwareUnveiled a Complete Hybrid Cloud Stack…vSpherevSpherevSpherevCloud DirectorvShield SecurityvCenter Management
- 5. vSpherevSpherevSphereNewCloud Infrastructure Launch(vSphere,vCenter, vShield, vCloud Director)vCloud Director 1.5vCloud DirectorvShield SecurityvShield 5.0vCenter Operations 1.0vCenter SRM 5.0vCenter ManagementvSphere 5.0In 2011 VMware is Introducing a Major Upgrade of the Entire Cloud Infrastructure Stack
- 6. VMware Cloud InfrastructureRespondto Business FasterTrust Your CloudRun Business Critical Apps with ConfidenceIntelligent Policy Management
- 7.
- 8. Flexible Hybrid CloudManagement
- 9.
- 10. Protection Against NetworkIntrusions
- 11.
- 12.
- 13. High Availability andDisaster Recovery
- 14. Broad Industry SupportVMware Cloud InfrastructureRespond to Business FasterTrust Your CloudRun Business Critical Apps with ConfidenceIntelligent Policy Management
- 15.
- 16. Flexible Hybrid CloudManagement
- 17.
- 18. Protection Against NetworkIntrusions
- 19.
- 20.
- 21. High Availability andDisaster Recovery
- 22. Broad Industry SupportSecurity and Compliance are Key Concerns for CIOs in Moving to the CloudWhat are the top challenges or barriers to implementing a cloud computing strategy? Top 4 Concerns are on Security and ComplianceSource: 2010 IDG Enterprise Cloud-based Computing Research, November 2010
- 23. Security and ComplianceDefinedSecurity is about protecting applications, data, server, storage, and networks from malware, and unauthorized human access.Compliance is demonstrating adherence to a standard or regulatory requirement.
- 24. Security and ComplianceConcerns in Detail…..How can I manage security policies across virtual desktops, servers and networks?How do I verify that confidential and regulated data is secure in the cloud? How do I implement compliance audits for resources in the cloud?I have too many VLANsfor segmenting traffic, and agents for securing applications. I can’t keep upInfrastructureTeamSecurity OperationsTeamCompliance OfficerBoth Security and Proof of Compliance are Required to Build Trust
- 25. AgendaPrimary customer concernswith the cloudVMware value propositionNew features and use casesCustomer examplesProduct summary
- 26. The VMware AdvantageTraditionalSecurityand ComplianceVMware AdvantageComplexMultiple provisioning interfaces
- 27.
- 28. Multiple point solutionsSimpleSingleinterface for provisioning
- 29.
- 30. Firewall policy reduction70:1, virtual security appliancesWeakAgents in each VM, AV storms
- 31.
Editor's Notes
- #4 To address this challenge, VMware is focused on three core solution areas in IT:How best to evolve the infrastructure to support this new world,Changes in application development to speed time-to-market for business-critical applications, that take advantage of this new world,And a new way of approaching end-user computing, to increase user satisfaction.<click>Let’s begin by exploring the evolution of infrastructure.
- #7 VMware delivers the industry leading cloud infrastructure solution for building trusted private, public, and hybrid clouds. Leveraging the proven vSphere 5.0 virtualization platform, VMware creates intelligent cloud infrastructure with built-in automation and resource elasticity to free IT from manual processes and enable it to meet business requirements on-demand.
- #8 VMware delivers the industry leading cloud infrastructure solution for building trusted private, public, and hybrid clouds. Leveraging the proven vSphere 5.0 virtualization platform, VMware creates intelligent cloud infrastructure with built-in automation and resource elasticity to free IT from manual processes and enable it to meet business requirements on-demand.
- #10 IT security is about protecting an organization’s digital assets – the IT infrastructure such as servers, storage and network, applications and the data that lives there. Organizations want to control: who is accessing digital assetswhat apps and data need protection from theft or leakswhat infrastructure is at risk from threats such as malware or network-based attacks Compliance utilizes a set of processes to determine conformance to regulatory frameworks, industry standards, internal organizational standards, or vendor best practices. IT compliance commonly includes requirements for security controls as they pertain to protecting industry-regulated assets such as personal healthcare information or credit card data. In the case of corporate governance, security applies to assets critical to the business such as intellectual property or customer lists. Within the IT compliance area are several regulatory frameworks, many of which are specific to an industry vertical:Healthcare – HIPAARetail - PCIFinancial – GLBAGovernment – FISMAGovernance – Enterprise policies
- #11 Most surveys on cloud computing1 unanimously cite security and compliance as the by far the most significant concerns hindering the adoption of cloud computing. These high level concerns typically boil down to three concrete security and compliance issues: Patchwork of security solutions. Cloud infrastructure is about breaking the silos in the datacenter, and creating a virtualized shared infrastructure that stands ready to support any application workload on-demand. However, existing security solutions are often based on the old siloed way of managing the datacenter – where each group – the server, storage, network, security, and desktop teams – has its own security frameworks and tools. Without a common, unified security policy management framework to control polices and provide visibility into changes, how can the network, virtualization and security teams maintain the level of control that they desire? How can they make rapid changes to security policies if the need arises when so much manual offline coordination is required? Securing applications and data. Before making the jump to cloud, enterprises must be confident that their applications and data can be properly segmented for compliance, and that trust zones can be maintained. The traditional approach has been to segment applications into different zones by creating physical hardware separation or “air gaps”. This approach no longer works in a cloud environment based on a fully virtualized shared infrastructure. Organizations need a new approach that would allow strict application segmentation in trust zones without the need for hardware separation. IT compliance - Customers are concerned that cloud computing makes IT compliance more complex. Change management, configuration management, access controls, auditing and logging in a cloud infrastructure are the important concerns. Organizations need compliance solutions that are tuned for the dynamic and ever-changing nature of cloud infrastructure. Exposure or leakage of sensitive business data is another important aspect of security in the cloud. For example, stolen credit card data or compromised personal health information can cost an enterprise millions of dollars or harm its reputation. Many organizations have requirements to keep data in certain jurisdictions (e.g. the EU directive for safeguarding EU citizen’s personal information in EU jurisdictions). Cloud solutions today provide very limited firewalls to segment applications, with very limited ability to detect or prevent leakage of sensitive information. Today’s solutions for protecting applications and data continue to rely on brittle and/or dedicated hardware infrastructure that isn’t suitable for securing a highly virtualized environment.
- #14 VMware Transforms Security from Complex…”Traditional IT security is very complex to provision and deploy. First, customers have to configure multiple purpose-built security appliances with proprietary interfaces to deploy the security solution. Second, VI admins, network and security teams have overlapping roles and it takes a lot of manual coordination to properly configure and setup the network, firewall rules and vSphere configurations. These teams are also limited in terms of the proper role based views into policy and implementation. This results in slow provisioning, very complex configuration with significant requirements on coordination, and lack of role based views into policy and implementation details. Finally, traditional security architectures require multiple special purpose appliances. These appliances are expensive and increase CAPex. In addition it delivers a solution with limited scalability, poor availability with multiple points of failure, consumes more power and rack space. All of this increases the Opex of traditional security solutions.
- #15 vShield drastically reduces the complexity and the number of steps it takes for VI admins to implement clearly defined policies , and along with vCenter this solution enables security, network and VI admin teams to work closely together where the policies can be clearly defined, implemented, viewed and changed seamlessly. With role-based access to administration and reporting interfaces, administration is clear and simple. VI admins are empowered to implement the security policies .The lead times it takes to provision the right set of security services is greatly reduced, and these can be done through UI’s or through scriptable, REST based APIs.vShield technology also helps eliminate the sprawl in VLANs, firewall rules and agents. We’ll talk more about this in a few minutes when we get into the products overview.
- #16 “VMware Turns Security Solutions from Weak …..”Industry regulations often dictate that ‘in-scope’ systems – ones where regulated/sensitive data are stored or processed – have special policies applied to them. Traditional security solutions are tied to physical hosts and don’t allow flexible groupings of resources to implement these policies.This results in what is known as ‘air-gapped’ solutions. Air gaps are created by the need for dedicated hardware and appliances. They are also created because traditional IT security requires dedicated hardware resources/clusters for specific application tiers or groups, since mixing and matching applications across tiers/groups is not possible because of the implied exposure and infection risks. In virtualized environments, the airgap effect is just as bad, since it implies that specific groups of VMs must be limited to specific hosts. This reduces overall efficiency, imposes constraints on how applications /workloads are scaled, load balanced or otherwise managed. This also means that where datacenter-level or user driven infrastructure changes are required, a lot of manual work and cost is incurred to support such change – this leads to a very rigid infrastructure that does not adapt to changing business needs.
- #21 Lets start with an overview of the broad security market.The traditional security market is a mature market segment which has over 27Billion spend – the larger segments in this market include network security, along with Identity Management, Antivirus/endpoint.VMware vShield in it’s initial version is targeting the network security, endpoint security and application security segments to begin with. We also plan to partner closely with key vendor such as RSA, Trend, McAfee, Symantec etc to jointly address other segments.
- #24 The Sensitive Data Discovery feature includes over 80 pre-built templates for the most common standards for protecting sensitive data including PII (Personally Identifiable Information), PCI-DSS cardholder data, and PHI (Private Health Information). Each pre-built template provides the ability to scans all elements of a virtualization environment - whether datacenters, file shares, resource pools, hosts and VMs – and produces a detailed report that identifies if all of them are in compliances with the specific standardThe key benefits of this feature is quickly identifies sensitive data and reduces risk of non-compliance and reputation damage. It also improves performance over traditional solutions by offloading all sensitive data discovery functions to a secure virtual appliance.