SlideShare una empresa de Scribd logo

What’s new in vShield 5

Eric Sloof
Eric Sloof

Advanced Grouping capabilities in vShield App allow even more sophisticated policies to be managed with ease Layer 2 protection coupled with APIs enable automatic quarantining of compromised VMs vShield Data Security provides knowledge of protected data across cloud environments and lowers cost of compliance by helping define scope Enterprise roles in vShield Manager provides the separation of duties required by security and compliance standards

Tecnología
1 de 16
What’s new in vShield 5
Enterprise Security today – not virtualized, not cloud ready Enterprise VDC Users DMZ Web Servers Apps / DB Tier Sites Perimeter/DMZ Interior security Endpoint security - Firewall, VPN - VLAN or subnet based - AV, DLP agent based - Load balancers policies security Challenges Challenges Challenges - Sprawl: hardware, FW - Sprawl: VLANs, - Sprawl: agents in all VMs rules, VLANs hardware, FW rules – drain resources - Blind spots: inter-VM - Risk: agents in guest traffic VMs – not hardened
vShield 5.0 Securing the Private Cloud End to End: from the Edge to the Endpoint vShield App with Data vShield Edge Security vShield Endpoint Edge Endpoint = VM Security Zone Secure the edge of Offload anti-virus processing the virtual datacenter • Create segmentation between silos of workloads • Sensitive Data Discovery DMZ vShield Manager Application 1 Application 2 Endpoint = VM Centralized Management
vShield Edge 5.0 Overview vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Provides common edge security services around a virtual datacenter. Example uses: • Extranets Secure Secure • Multi-tenant cloud environments Secure Virtual Virtual Virtual Appliance Appliance Appliance Firewall Load balancer VPN 4
vShield Edge 5.0 vShield vShield vShield Primary functionality Edge Edge Edge • Stateful inspection firewall Tenant A Tenant C Tenant X • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN • (NEW) Static Routing Secure Secure Secure Virtual Appliance Virtual Appliance Virtual Appliance Management features • REST APIs for scripting • Logging of activity Firewall Load balancer VPN 5
vShield Edge 5.0 Benefits vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Reduce cost and complexity • Centralized management for all protected environments • Eliminates need for multiple special-purpose appliances Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance • Increased agility for cloud environments • Enables rapid provisioning edge services • Ability to automate and integrate into overall provisioning and management workflow Firewall Load balancer VPN 6
vShield App 5.0 Overview • vShield App: virtualization- built firewall featuring • VM-level enforcement • Intuitive business language policy • Robust flow monitoring • Logging and auditing • REST API
vShield App Design  Hypervisor-Level vShield vShield App Firewall App • Inbound/outbound connection control enforced at the virtual NIC level vSphere vSphere • Dynamic protection as virtual machines migrate • Protects at Layer 3 and Layer 2 vShield ESXi Host ESXi Host Manager vSphere vCenter Client Server
vShield App Group-based Policies MAC Internet Set Resource Security Pools Groups Finance HR Marketing Web Group Web Web Web IP Set DB Group Database Database Database
vShield App 5.0 Benefits • Complete visibility and control to the Inter VM traffic • Enables multiple trust zones on same ESX cluster. • Ability to audit traffic for compliance and security • Fewer misconfiguration mistakes, lower operating overhead by eliminating • VLAN trunking • Complex rules management • Ability to automate and integrate into overall provisioning and management workflow
vShield Data Security (vSDS) Overview • Discover and report sensitive data across virtual machines • Scans occur continuously, transparent to the virtual machine ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
vShield Data Security (vSDS)  Select from many industry, local, and international policies
vShield Data Security (vSDS)  View report of policy matches per VM
vShield Data Security (vSDS) Benefits • Reduces risk of non-compliance with automated scans, rapid assessment and reporting • Improve performance by offloading data discovery functions to a virtual appliance ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
vShield Manager Roles  Clear separation of Responsibilities and Authority Security Define, Monitor admin vShield Implement admin Security Auditor Verify Policies
vShield Endpoint Overview • Offload file activity to Security VM • Enforce Remediation using driver in VM • Security VM provided by best-of- breed AV partners: Trend Micro, others Benefits • Improve VM performance by eliminating anti-virus storms • Reduce risk by eliminating agents susceptible to attacks

Recomendados

Juniper and VMware: Taking Data Centre Networks to the Next Level
Juniper and VMware: Taking Data Centre Networks to the Next LevelJuniper and VMware: Taking Data Centre Networks to the Next Level
Juniper and VMware: Taking Data Centre Networks to the Next Level
Juniper Networks
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
 
Model checking in the cloud
Model checking in the cloudModel checking in the cloud
Model checking in the cloud
Olivier Coudert
 
Nevmug Left Hand Tower Publishing January 2009
Nevmug Left Hand Tower Publishing January 2009Nevmug Left Hand Tower Publishing January 2009
Nevmug Left Hand Tower Publishing January 2009
csharney
 
Architecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud ExpoArchitecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud Expo
smw355
 
LifeSize® UVC Transit™
LifeSize® UVC Transit™LifeSize® UVC Transit™
LifeSize® UVC Transit™
Annie Lavoie
 
Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data Center
Cisco Russia
 
Dvis presentation l
Dvis presentation lDvis presentation l
Dvis presentation l
tinachang2005
 

Recomendados

Juniper and VMware: Taking Data Centre Networks to the Next Level
Juniper and VMware: Taking Data Centre Networks to the Next LevelJuniper and VMware: Taking Data Centre Networks to the Next Level
Juniper and VMware: Taking Data Centre Networks to the Next Level
Juniper Networks
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
 
Model checking in the cloud
Model checking in the cloudModel checking in the cloud
Model checking in the cloud
Olivier Coudert
 
Nevmug Left Hand Tower Publishing January 2009
Nevmug Left Hand Tower Publishing January 2009Nevmug Left Hand Tower Publishing January 2009
Nevmug Left Hand Tower Publishing January 2009
csharney
 
Architecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud ExpoArchitecting a Private Cloud - Cloud Expo
Architecting a Private Cloud - Cloud Expo
smw355
 
LifeSize® UVC Transit™
LifeSize® UVC Transit™LifeSize® UVC Transit™
LifeSize® UVC Transit™
Annie Lavoie
 
Security & Virtualization in the Data Center
Security & Virtualization in the Data CenterSecurity & Virtualization in the Data Center
Security & Virtualization in the Data Center
Cisco Russia
 
Dvis presentation l
Dvis presentation lDvis presentation l
Dvis presentation l
tinachang2005
 
InterCloud the cloud network - v1
InterCloud the cloud network - v1InterCloud the cloud network - v1
InterCloud the cloud network - v1
Pierre Cerou
 
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Damir Bersinic
 
Vyatta cloud expo-sjc_2012-share
Vyatta cloud expo-sjc_2012-shareVyatta cloud expo-sjc_2012-share
Vyatta cloud expo-sjc_2012-share
Scott Sneddon
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloud
Khazret Sapenov
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
 
Runner sv q307
Runner sv q307Runner sv q307
Runner sv q307
Obsidian Software
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
 
Simple ams slidedeck
Simple ams slidedeckSimple ams slidedeck
Simple ams slidedeck
Bengmancastro
 
Wireless to the Nth Degree
Wireless to the Nth DegreeWireless to the Nth Degree
Wireless to the Nth Degree
InnoTech
 
Switch
SwitchSwitch
Switch
1 2d
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
Datacryptor Ethernet Layer 2 Rel 4.5
Datacryptor Ethernet Layer 2 Rel 4.5Datacryptor Ethernet Layer 2 Rel 4.5
Datacryptor Ethernet Layer 2 Rel 4.5
Eugene Sushchenko
 
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS CloudsBayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
Adam Johnson
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
Andrew Wong
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
Ixia
 
The Evolution of Virtual Mentality
The Evolution of Virtual MentalityThe Evolution of Virtual Mentality
The Evolution of Virtual Mentality
Juniper Networks
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public Sector
CA API Management
 
Citrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More AvailabilityCitrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More Availability
dataplex systems limited
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
Graeme Wood
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Open Data Center Alliance
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
F5 Networks
 
Private Clouds - Business Agility Seminar
Private Clouds - Business Agility SeminarPrivate Clouds - Business Agility Seminar
Private Clouds - Business Agility Seminar
Exponential_e
 

Más contenido relacionado

La actualidad más candente

InterCloud the cloud network - v1
InterCloud the cloud network - v1InterCloud the cloud network - v1
InterCloud the cloud network - v1
Pierre Cerou
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloud
Khazret Sapenov
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
 
Switch
SwitchSwitch
Switch
1 2d
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
Datacryptor Ethernet Layer 2 Rel 4.5
Datacryptor Ethernet Layer 2 Rel 4.5Datacryptor Ethernet Layer 2 Rel 4.5
Datacryptor Ethernet Layer 2 Rel 4.5
Eugene Sushchenko
 

La actualidad más candente (13)

InterCloud the cloud network - v1
InterCloud the cloud network - v1InterCloud the cloud network - v1
InterCloud the cloud network - v1
 
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
 
Vyatta cloud expo-sjc_2012-share
Vyatta cloud expo-sjc_2012-shareVyatta cloud expo-sjc_2012-share
Vyatta cloud expo-sjc_2012-share
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloud
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
 
Runner sv q307
Runner sv q307Runner sv q307
Runner sv q307
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
Simple ams slidedeck
Simple ams slidedeckSimple ams slidedeck
Simple ams slidedeck
 
Wireless to the Nth Degree
Wireless to the Nth DegreeWireless to the Nth Degree
Wireless to the Nth Degree
 
Switch
SwitchSwitch
Switch
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
Datacryptor Ethernet Layer 2 Rel 4.5
Datacryptor Ethernet Layer 2 Rel 4.5Datacryptor Ethernet Layer 2 Rel 4.5
Datacryptor Ethernet Layer 2 Rel 4.5
 
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS CloudsBayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
 

Similar a What’s new in vShield 5

The Evolution of Virtual Mentality
The Evolution of Virtual MentalityThe Evolution of Virtual Mentality
The Evolution of Virtual Mentality
Juniper Networks
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Open Data Center Alliance
 
Private Clouds - Business Agility Seminar
Private Clouds - Business Agility SeminarPrivate Clouds - Business Agility Seminar
Private Clouds - Business Agility Seminar
Exponential_e
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
Hythamsaadeh
 
Transcending Computing Environment Boundaries: Seamless Computing Environmen...
Transcending Computing Environment Boundaries: Seamless Computing Environmen...Transcending Computing Environment Boundaries: Seamless Computing Environmen...
Transcending Computing Environment Boundaries: Seamless Computing Environmen...
HCL Infosystems
 
Server Virtualization in Manufacturing Operations
Server Virtualization in Manufacturing OperationsServer Virtualization in Manufacturing Operations
Server Virtualization in Manufacturing Operations
ARC Advisory Group
 
Using Server Virtualization for Manufacturing Operations
Using Server Virtualization for Manufacturing OperationsUsing Server Virtualization for Manufacturing Operations
Using Server Virtualization for Manufacturing Operations
ARC Advisory Group
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
JD Sherry
 
VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell Groupwise
Mike K
 

Similar a What’s new in vShield 5 (20)

Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
 
The Evolution of Virtual Mentality
The Evolution of Virtual MentalityThe Evolution of Virtual Mentality
The Evolution of Virtual Mentality
 
Layer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public SectorLayer 7: Cloud Security For The Public Sector
Layer 7: Cloud Security For The Public Sector
 
Citrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More AvailabilityCitrix - More Applications, More Security, More Availability
Citrix - More Applications, More Security, More Availability
 
Vss Security And Compliance For The Cloud
Vss Security And Compliance For The CloudVss Security And Compliance For The Cloud
Vss Security And Compliance For The Cloud
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
Private Clouds - Business Agility Seminar
Private Clouds - Business Agility SeminarPrivate Clouds - Business Agility Seminar
Private Clouds - Business Agility Seminar
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - Overview
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptxVMware-vShield-Presentation-pp-en-Dec10.pptx
VMware-vShield-Presentation-pp-en-Dec10.pptx
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
 
QLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized EnvironmentsQLogic Adapters & Virtualized Environments
QLogic Adapters & Virtualized Environments
 
Transcending Computing Environment Boundaries: Seamless Computing Environmen...
Transcending Computing Environment Boundaries: Seamless Computing Environmen...Transcending Computing Environment Boundaries: Seamless Computing Environmen...
Transcending Computing Environment Boundaries: Seamless Computing Environmen...
 
Desktopvirtualisatie met VMware View, de laatste ontwikkelingen
Desktopvirtualisatie met VMware View, de laatste ontwikkelingenDesktopvirtualisatie met VMware View, de laatste ontwikkelingen
Desktopvirtualisatie met VMware View, de laatste ontwikkelingen
 
Server Virtualization in Manufacturing Operations
Server Virtualization in Manufacturing OperationsServer Virtualization in Manufacturing Operations
Server Virtualization in Manufacturing Operations
 
Using Server Virtualization for Manufacturing Operations
Using Server Virtualization for Manufacturing OperationsUsing Server Virtualization for Manufacturing Operations
Using Server Virtualization for Manufacturing Operations
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
VMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell GroupwiseVMware Zimbra vs. Novell Groupwise
VMware Zimbra vs. Novell Groupwise
 

Más de Eric Sloof

Mythbusting goes virtual What's new in vSphere 5.1
Mythbusting goes virtual What's new in vSphere 5.1Mythbusting goes virtual What's new in vSphere 5.1
Mythbusting goes virtual What's new in vSphere 5.1
Eric Sloof
 
vCenter Infrastructure Navigator 1.1 - What's New
vCenter Infrastructure Navigator 1.1 - What's NewvCenter Infrastructure Navigator 1.1 - What's New
vCenter Infrastructure Navigator 1.1 - What's New
Eric Sloof
 
E1000 is faster than VMXNET3
E1000 is faster than VMXNET3E1000 is faster than VMXNET3
E1000 is faster than VMXNET3
Eric Sloof
 
vSphere 5 What's New - Profile Driven Storage
vSphere 5 What's New - Profile Driven StoragevSphere 5 What's New - Profile Driven Storage
vSphere 5 What's New - Profile Driven Storage
Eric Sloof
 
What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5
Eric Sloof
 
vSphere 5 - Image Builder and Auto Deploy
vSphere 5 - Image Builder and Auto DeployvSphere 5 - Image Builder and Auto Deploy
vSphere 5 - Image Builder and Auto Deploy
Eric Sloof
 
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Eric Sloof
 
Managing V Sphere With The Vesi
Managing V Sphere With The VesiManaging V Sphere With The Vesi
Managing V Sphere With The Vesi
Eric Sloof
 

Más de Eric Sloof (16)

VMware HA deep Dive
VMware HA deep DiveVMware HA deep Dive
VMware HA deep Dive
 
What’s New in vCloud Director 5.1?
What’s New in vCloud Director 5.1?What’s New in vCloud Director 5.1?
What’s New in vCloud Director 5.1?
 
Mythbusting goes virtual What's new in vSphere 5.1
Mythbusting goes virtual What's new in vSphere 5.1Mythbusting goes virtual What's new in vSphere 5.1
Mythbusting goes virtual What's new in vSphere 5.1
 
vCenter Infrastructure Navigator 1.1 - What's New
vCenter Infrastructure Navigator 1.1 - What's NewvCenter Infrastructure Navigator 1.1 - What's New
vCenter Infrastructure Navigator 1.1 - What's New
 
vCenter Operations 5: Level 300 training
vCenter Operations 5: Level 300 trainingvCenter Operations 5: Level 300 training
vCenter Operations 5: Level 300 training
 
E1000 is faster than VMXNET3
E1000 is faster than VMXNET3E1000 is faster than VMXNET3
E1000 is faster than VMXNET3
 
vSphere 5 What's New - Profile Driven Storage
vSphere 5 What's New - Profile Driven StoragevSphere 5 What's New - Profile Driven Storage
vSphere 5 What's New - Profile Driven Storage
 
Introduction - vSphere 5 High Availability (HA)
Introduction - vSphere 5 High Availability (HA)Introduction - vSphere 5 High Availability (HA)
Introduction - vSphere 5 High Availability (HA)
 
Introduction - vSphere Storage Appliance
Introduction - vSphere Storage ApplianceIntroduction - vSphere Storage Appliance
Introduction - vSphere Storage Appliance
 
What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5What’s New in vCloud Director 1.5
What’s New in vCloud Director 1.5
 
vSphere 5 - Image Builder and Auto Deploy
vSphere 5 - Image Builder and Auto DeployvSphere 5 - Image Builder and Auto Deploy
vSphere 5 - Image Builder and Auto Deploy
 
What’s New in VMware vCenter Site Recovery Manager v5.0
What’s New in VMware vCenter Site Recovery Manager v5.0What’s New in VMware vCenter Site Recovery Manager v5.0
What’s New in VMware vCenter Site Recovery Manager v5.0
 
Advanced Root Cause Analysis
Advanced Root Cause AnalysisAdvanced Root Cause Analysis
Advanced Root Cause Analysis
 
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
 
Managing V Sphere With The Vesi
Managing V Sphere With The VesiManaging V Sphere With The Vesi
Managing V Sphere With The Vesi
 
Managing V Sphere With The Vesi
Managing V Sphere With The VesiManaging V Sphere With The Vesi
Managing V Sphere With The Vesi
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

What’s new in vShield 5

  • 1. What’s new in vShield 5
  • 2. Enterprise Security today – not virtualized, not cloud ready Enterprise VDC Users DMZ Web Servers Apps / DB Tier Sites Perimeter/DMZ Interior security Endpoint security - Firewall, VPN - VLAN or subnet based - AV, DLP agent based - Load balancers policies security Challenges Challenges Challenges - Sprawl: hardware, FW - Sprawl: VLANs, - Sprawl: agents in all VMs rules, VLANs hardware, FW rules – drain resources - Blind spots: inter-VM - Risk: agents in guest traffic VMs – not hardened
  • 3. vShield 5.0 Securing the Private Cloud End to End: from the Edge to the Endpoint vShield App with Data vShield Edge Security vShield Endpoint Edge Endpoint = VM Security Zone Secure the edge of Offload anti-virus processing the virtual datacenter • Create segmentation between silos of workloads • Sensitive Data Discovery DMZ vShield Manager Application 1 Application 2 Endpoint = VM Centralized Management
  • 4. vShield Edge 5.0 Overview vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Provides common edge security services around a virtual datacenter. Example uses: • Extranets Secure Secure • Multi-tenant cloud environments Secure Virtual Virtual Virtual Appliance Appliance Appliance Firewall Load balancer VPN 4
  • 5. vShield Edge 5.0 vShield vShield vShield Primary functionality Edge Edge Edge • Stateful inspection firewall Tenant A Tenant C Tenant X • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN • (NEW) Static Routing Secure Secure Secure Virtual Appliance Virtual Appliance Virtual Appliance Management features • REST APIs for scripting • Logging of activity Firewall Load balancer VPN 5
  • 6. vShield Edge 5.0 Benefits vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Reduce cost and complexity • Centralized management for all protected environments • Eliminates need for multiple special-purpose appliances Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance • Increased agility for cloud environments • Enables rapid provisioning edge services • Ability to automate and integrate into overall provisioning and management workflow Firewall Load balancer VPN 6
  • 7. vShield App 5.0 Overview • vShield App: virtualization- built firewall featuring • VM-level enforcement • Intuitive business language policy • Robust flow monitoring • Logging and auditing • REST API
  • 8. vShield App Design  Hypervisor-Level vShield vShield App Firewall App • Inbound/outbound connection control enforced at the virtual NIC level vSphere vSphere • Dynamic protection as virtual machines migrate • Protects at Layer 3 and Layer 2 vShield ESXi Host ESXi Host Manager vSphere vCenter Client Server
  • 9. vShield App Group-based Policies MAC Internet Set Resource Security Pools Groups Finance HR Marketing Web Group Web Web Web IP Set DB Group Database Database Database
  • 10. vShield App 5.0 Benefits • Complete visibility and control to the Inter VM traffic • Enables multiple trust zones on same ESX cluster. • Ability to audit traffic for compliance and security • Fewer misconfiguration mistakes, lower operating overhead by eliminating • VLAN trunking • Complex rules management • Ability to automate and integrate into overall provisioning and management workflow
  • 11. vShield Data Security (vSDS) Overview • Discover and report sensitive data across virtual machines • Scans occur continuously, transparent to the virtual machine ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
  • 12. vShield Data Security (vSDS)  Select from many industry, local, and international policies
  • 13. vShield Data Security (vSDS)  View report of policy matches per VM
  • 14. vShield Data Security (vSDS) Benefits • Reduces risk of non-compliance with automated scans, rapid assessment and reporting • Improve performance by offloading data discovery functions to a virtual appliance ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
  • 15. vShield Manager Roles  Clear separation of Responsibilities and Authority Security Define, Monitor admin vShield Implement admin Security Auditor Verify Policies
  • 16. vShield Endpoint Overview • Offload file activity to Security VM • Enforce Remediation using driver in VM • Security VM provided by best-of- breed AV partners: Trend Micro, others Benefits • Improve VM performance by eliminating anti-virus storms • Reduce risk by eliminating agents susceptible to attacks