Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2011 VMware Inc. All rights reserved VMware – Cloud Security Solutions.

Published byPeter Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2011 VMware Inc. All rights reserved VMware – Cloud Security Solutions."— Presentation transcript:

1 © 2011 VMware Inc. All rights reserved VMware – Cloud Security Solutions

2 2 Security and Compliance are the Primary Concerns with Cloud Internal IT Public Cloud Virtualization forms the foundation for building private clouds. Security must change to support both. – Gartner, 2010 Virtualization forms the foundation for building private clouds. Security must change to support both. – Gartner, 2010

3 3 New Challenges with Cloud Computing Virtual Machines are dynamic and can move around Virtual Machines are easily created and can be self provisioned by non IT staff Increased workloads with large amount of virtual desktops in datacenter Security must change to support both private and public cloud computing

4 4 Our Answer: Security designed for Cloud Computing VMware vShield is a Security Enabler 1.Unique introspection 2.Policy abstraction 1.Unique introspection 2.Policy abstraction Cost Effective Single virtual appliance with breadth of functionality Single framework for comprehensive protection Simple No sprawl in rules, VLANs, agents Relevant visibility for VI Admins, network and security teams Simplified compliance Adaptive Virtualization and change aware Program once, execute everywhere Rapid remediation

5 5 Traditional vs vShield OS APP DATA OS APP DATA OS APP DATA Host based Security Network based Security VMware vSphere + vShield SECURITY Introspect Processor, Memory, Network, File Access Benefits Comprehensive host and VM protection Reduced configuration errors Quick problem identification Reduced complexity – no security agents per VM required Benefits Create and enforce security policies with live migration, automated VM load balancing and automated VM restart Rapid provisioning of security policies Easier compliance with continuous monitoring and comprehensive logging

6 6 VMware Security Solutions  Perimeter Security  Application Protection for Network Based Threats  Anti-virus Challenges in Virtualization and Cloud environments

7 7 Securing virtual Data Center (vDC) with legacy security solutions Customers cannot realize true virtualization benefits due to security concerns APPLICATION ZONE DATABASE ZONE WEB ZONE ENDPOINT SECURITY INTERNAL SECURITY PERIMETER SECURITY Internet vSphere Air Gapped Pods with dedicated physical hardware Mixed trust clusters without internal security segmentation Configuration Complexity o VLAN sprawl o Firewall rules sprawl o Rigid network IP rules without resource context Private clouds (?)

8 8 Traditional Security Method is Isolation through “Air Gaps”  Microsoft Hyper-V Security Guide: “Deploy your virtual machines in such a way that all the VMs on a given physical computer share a similar level of trust” Hypervisor PCI Compliant Hypervisor Finance Hypervisor Sales

9 9 Security Journey to the Cloud Service Provider Tenant A Tenant B Tenant A WEBAPPDB Air Gapped PodsMixed Trust ZonesPrivate Clouds hypervisor Internet Router BRouter A Switch ASwitch B Trust Zone 1Trust Zone 2 Air Gap

10 10 VMware Transforms Security from Expensive to Cost Effective Load balancer firewall VPN Load balancer Firewall VPN Etc… vShield Edge Virtual Appliance vShield eliminates the need for multiple special purpose hardware appliances – 3-5x Savings Capex, Opex

11 11 Automated Cloud VDC Perimeter Security with vShield Edge APP DB DMZ INTERNET vShield Edge Production VDC APP DMZ Development VDC vSphere Virtual Distributed Switch vShield Edge DB

12 12 vShield Edge Lowers Cost of Security Cost per Mbps 50$ 45$ 40$ 35$ 30$ 25$ 20$ 15$ 10$ 5$ 0$0$.5Gbps1Gbps10Gbps100Gbps Throughput Network edge security solution (Firewall + VPN + Load balancer) vShield Edge Security appliances >5x Assumptions 100 VM per edge vSphere & server costs High availability Mbps = Megabits/sec Gbps = Gigabits/sec Enables Private and Public Cloud Computing Mixed Trust Zones, Duplicate Environments, Multiple Tenants on the same shared virtual infrastucture Enables Private and Public Cloud Computing Mixed Trust Zones, Duplicate Environments, Multiple Tenants on the same shared virtual infrastucture

13 13 VMware Security Solutions  Perimeter Security  Application Protection for Network Based Threats  Anti-virus Challenges in Virtualization and Cloud environments

14 14 VMware Transforms Security from Complex… VLAN’s agent Complex Policies, rules implementation – no clear separation of duties; organizational confusion Many steps – configure network, firewall and vSphere Spaghetti of VLANs, Sprawl – Firewall rules, agents Complex Policies, rules implementation – no clear separation of duties; organizational confusion Many steps – configure network, firewall and vSphere Spaghetti of VLANs, Sprawl – Firewall rules, agents Policies, Rules Network admin Security admin VI admin Overlapping Roles / Responsibilities Many steps. Configure Network Firewall vSphere Define, Implement, Monitor, Refine agent

15 15 …To Disruptively Simple Few steps: Configure vShield Simple Clear separation of duties Few steps – configure vShield Eliminate VLAN sprawl – vNIC firewalls Eliminate firewall rules, agents sprawl Auto enable security on new (self) provisioned VMs/Apps Network admin Security admin VI admin Clear separation of Roles / Responsibilities Define, Monitor, Refine Implement

16 16 VMware vShield App Application Protection for Network Based Threats Hypervisor-level firewall Inbound, outbound connection control applied at vNIC level Elastic security groups - “stretch” as virtual machines migrate to new hosts Robust flow monitoring Policy Management Simple and business-relevant policies Managed through UI or REST APIs Logging and auditing based on industry standard syslog format

17 17 Leveraging Virtualization for Better-than-Physical Security  Key Benefits Complete visibility and control to the Inter VM traffic enabling multi trust zones on same ESX cluster. Intuitive business language policy leveraging vCenter inventory. Enable self service provisioning while enforcing security policies on your VMs/Apps  Better than Physical Virtual firewall with unlimited port density Hypervisor level introspection provides access to inter-VM traffic Topology independent irrespective of network configuration as policies follow the VMs IP address agnostic policies Built in Firewall capabilities provide better than physical security at 1/3rd the cost.

18 18 VMware Security Solutions  Perimeter Security  Application Protection for Network Based Threats  Anti-virus Challenges in Virtualization and Cloud environments

19 19 Anti-virus Challenges in Virtualization and Cloud  Issues “AV storms” can cause brownouts in shared compute (virtualization) and storage (SAN/NAS) environments Traditional agents are resource intensive - not optimized for high utilization, efficient clouds Up to 6 GB on VMware View desktops VMware vSphere VM APP OS Kernel BIOS VM APP OS Kernel BIOS VM APP OS Kernel BIOS AV 12:1 virtual servers / physical host 60:1 virtual desktops / physical host

20 20 Leveraging Virtualization for Better-than-Physical Security  Issues “AV storms” can cause 100% saturation in shared compute (CPU) and SAN/NAS (storage I/O) environments Traditional agents are resource intensive - not optimized for high utilization, efficient clouds Up to 6 GB on VMware View desktops  Opportunities Leverage hypervisor to offload AV functions from agents into a dedicated security VM Deploy security in a more agile, service-driven manner to both private and public cloud environments VMware vSphere Introspection SVM OS Hardened AV VM APP OS Kernel BIOS VM APP OS Kernel BIOS VM APP OS Kernel BIOS

21 21 Efficient Anti-virus as a Service for Virtual Datacenters File-scanning engines and virus definitions offloaded to security VM – scheduled and realtime Thin file-virtualization driver in-guest >95%+ reduction in guest footprint (eventually fully agentless)  Deployable as a service No agents to manage Turnkey, security-as-service delivery  Applicable to all virtualized deployment models – private clouds (virtual datacenters), public clouds (service providers), virtual desktops  Tighter collaborative effort with leading AV partners  Hypervisor-based introspection for all major AV functions

22 22 Efficient Memory Utilization Scan server approach means no agent footprint, less memory and management overhead BEFORE: Traditional agent-based approach AFTER: Security Virtual Appliance using VMware End Point Security (EPSec) Without EPSec  With EPSec 

23 23 Efficient I/O Bandwidth Bandwidth during virus definition update  Without EPSec With EPSec  BEFORE: Traditional agent-based approach AFTER: Security Virtual Appliance using VMware End Point Security (EPSec)

24 24 VMware vShield End Point AvailableProduct TodayTrend Micro Deep Security 7.5 Later in 2011 TBC Overview of available Anti-virus Solutions based on vShield End Point

25 25 VMware – Enabling Security for the Cloud Inside VMVM networkvCloud / VDC edge vShield Endpoint vShield App vShield Edge Industry firsts in all three areas Disruptive simplification, automation In position to unify security policy administration

26 26 The right solution for your project Datacenter Virtualization Private / Public Cloud Computing End User Computing / Desktop Virtualization vShield App vShield Edge vShield App vShield End Point vShield App vShield End Point is included with VMware View Premier

27 © 2011 VMware Inc. All rights reserved Thank You

Download ppt "© 2011 VMware Inc. All rights reserved VMware – Cloud Security Solutions."

Similar presentations

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.

Windows IT Pro magazine Datacenter solution with lower infrastructure costs and OPEX savings from increased operational efficiencies. Datacenter.
2  Industry trends and challenges  Windows Server 2012: Beyond virtualization  Complete virtualization platform  Improved scalability and performance.

2  Industry trends and challenges  Windows Server 2012: Beyond virtualization  Complete virtualization platform  Improved scalability and performance.
© 2009 VMware Inc. All rights reserved VMware vShield – Foundation for the Most Secure Cloud Deployments.

© 2009 VMware Inc. All rights reserved VMware vShield – Foundation for the Most Secure Cloud Deployments.
1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP, CCSK Principal Systems Engineer – Security.
CloudStack Scalability Testing, Development, Results, and Futures Anthony Xu Apache CloudStack contributor.

CloudStack Scalability Testing, Development, Results, and Futures Anthony Xu Apache CloudStack contributor.
System Center 2012 R2 Overview

System Center 2012 R2 Overview
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
© 2010 VMware Inc. All rights reserved Confidential VMware Security Briefing Dan Watson, Senior Systems Engineer, VMware VMUG, Edinburgh, Feb 24, 2011.

© 2010 VMware Inc. All rights reserved Confidential VMware Security Briefing Dan Watson, Senior Systems Engineer, VMware VMUG, Edinburgh, Feb 24, 2011.
Matt Hubbard Regional Product Marketing Securing Today’s Computing Ecosystem: Physical, Virtual and Cloud Confidential | Copyright.

Matt Hubbard Regional Product Marketing Securing Today’s Computing Ecosystem: Physical, Virtual and Cloud Confidential | Copyright.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
© 2011 VMware Inc. All rights reserved Confidential VMware Direction Jonathan Gohstand, Director, Security & Networking Product Marketing.

© 2011 VMware Inc. All rights reserved Confidential VMware Direction Jonathan Gohstand, Director, Security & Networking Product Marketing.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
What is a Virtual Tap? Intelligent Access and Monitoring Architecture Solutions.

What is a Virtual Tap? Intelligent Access and Monitoring Architecture Solutions.
Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.

Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
VMware Update 2009 Daniel Griggs Solutions Architect, Virtualization Servers & Storage Solutions Practice Dayton OH.

VMware Update 2009 Daniel Griggs Solutions Architect, Virtualization Servers & Storage Solutions Practice Dayton OH.
Net Optics Virtualization Solutions Deployment Case Study Intelligent Access and Monitoring Architecture Solutions.

Net Optics Virtualization Solutions Deployment Case Study Intelligent Access and Monitoring Architecture Solutions.
Automating Datacenter Using System Center 2012 Harpreet Singh Rana Consultant Microsoft Corporation MGT328.

Automating Datacenter Using System Center 2012 Harpreet Singh Rana Consultant Microsoft Corporation MGT328.

Similar presentations

Ads by Google