The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec James Edwards Product Marketing Manager Dan Watson Senior Systems Engineer
Disclaimer This session may contain product features that are currently under development. This session/overview of the new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. 2
Organizations Report High Operational Costs for Networking Q. Which of the following networking activities would you consider to be the most costly and time consuming for your organization? Managing / maintaining the physical data center network infrastructure Provisioning / configuring / maintaining a physical server 36% 40% IP address provisioning and management Managing a virtual machine that is migrated from one physical server to another Provisioning / configuring / maintaining a VLAN (i.e., virtual LAN) Provisioning / configuring / maintaining a physical switch Provisioning / configuring / maintaining a virtual server Provisioning / configuring / maintaining a virtual switch 29% 28% 24% 23% 19% 18% Source: Enterprise Strategy Group (ESG), Data Center Networking Trends, research report, 2012. N = 280; multiple responses accepted 3
Security and Compliance are Key Concerns for Organizations Considering Cloud Migrations Q.What are the top challenges or barriers to implementing a cloud computing strategy? Source: 2012 IDG Cloud Computing Study. January 2012 4
Network & Security Haven t Kept Pace with Datacenter Evolution Costly Under utilization of compute Dedicated appliances Complex Manual provisioning Fragmented management Inflexible Load Balancer Firewall Networks don t scale with dynamic workloads Lag time to provision network and security services Not extensible 5
VMware Cloud Management What s New in Q4 2012 vcloud Network and Security vcloud Automation Center IaaS PaaS DaaS vcenter Operations Mgmt vcloud Networking and Security vcloud Director vcloud Connector vcenter Site Recovery Manager vfabric Application Mgmt vcloud Service Providers Other Service Providers Hypervisors Hardware IT Business Mgmt vsphere vcloud Suite 6 Confidential
vcloud Networking and Security How it Works Integrated Management with vcenter/vcd Abstract and Pool Resources Minimize dedicated hardware Optimize Utilization VDC 1 VDC 2 VMware Networking & Security 3 rd party services Create Logical Networks Accelerate Application Provisioning Scale Applications On-demand Simplify Operations Attach Services Integrated Management 3rd Party Extensible vsphere Services Metadata 4Gbps connectivity 2 redundant pnics Load Balancer Web Application Firewall Enable Policy-based Automation Dynamic Provisioning Unlock Efficiency & Agility 7
vcloud Networking and Security Components Integrated Management with vcenter/vcd VMware Networking & Security vcloud Ecosystem Framework: Integrate 3 rd party services vshield Manager: Seamless integration with datacenter management via plugin VDC 1 VDC 2 3 rd party services Edge gateway: Secure the edge of the virtual datacenter and provide gateway services Data Security: Protect against data leaks vsphere App: Isolate and protect applications and Virtual Machines VXLAN: Foundation for elastic portable virtual datacenters 8
Edge Gateway: Complete Virtual Perimeter Network & Security Integrated Management with vcenter/vcd VMware Networking & Security VDC 1 VDC 2 vsphere Overview Integrated L4-7 services for the virtual datacenter edge Firewall / NAT / DHCP Server IPSec and SSL VPN Load Balancer VXLAN Gateway Virtual appliance with high availability option Benefits Firewall Firewall Load balancer Load balancer VPN VPN Single solution for virtual perimeter Eliminates need for specialized devices Improves availability and performance Enables insertion of 3 rd party solutions Centralized management and logging 9
App Firewall: Protect Critical Workloads Overview VMware Networking & Security VDC 1 VDC 2 Firewalling for specific virtual servers Tight integration with vcenter objects for policy creation Adaptive Trust zones Robust flow monitoring PCI Zone vsphere Finance Zone Benefits Protect specific workloads from threats Isolates virtual servers to meet compliance requirements Increased visibility and control over inter- VM communications Improved security and lower operational overhead 10
VXLAN: Driving Agility for Software Defined Networking 650.555.1212 650.555.1212 Networking Telephony Identifier = Location VLAN 10 Mobile Telephony VXLAN VXLAN 10 Identifier = Location 11
VXLAN: Enabling Stretched Clusters Across the Datacenter Segment Cluster/Pod 1 Cluster/Pod 2 VXLAN segments defined with vcd or vcenter Scalable - 16 million VXLANs eliminate VLAN limits Packet Encapsulate VXLAN Packet VXLAN 20 VXLAN encapsulation is performed by vsphere Packet transported as UDP VDC VDC Flexible and Elastic Fabric Scalable Layer 2 networks across the datacenter for vmotion and efficient workload deployment VXLAN fabric is elastic enabling traffic to traverse clusters, virtual switches and layer 3 networks. Investment Protection: Physical network infrastructure works as is without upgrades. 12
vcloud Ecosystem Framework: Integrating Third-Party Networking and Security Services Three Integration Points for Security and Networking New: VMware Ready for Networking and Security Inside Virtual Server Access into the workloads. Eliminate agents Edge of Virtual Server Access to network data into/out of the workload. Isolate & Protect Critical Apps Edge of Virtual Network Access to network data into/out of the Virtual Datacenter. Insert Edge Services VDC 1 VDC 2 VDC 3 Management and Context 13
Network & Security 3 rd Party Service Insertion Features VMware vshield Manager(VSM) Security Services Network Services IDS NGFW SLB ADC Hypervisor level Insertion for 3rd party services Automation via configuration templates Integration with vcenter/vcloud Director management IPS VPN WOC Benefits vcloud Ecosystem Framework Flexibility to insert physical or virtual services into the virtual network Broad ecosystem of networking and security partner solutions Operational efficiency gains with single pane of glass management and automation. 14
Symantec / VMware Security for the Virtualized Data Center Symantec Control Compliance Suite Policy scan of VM on deployment quarantine / remediate Vulnerability scan of VM on deployment quarantine / remediate Symantec Data Loss Prevention Unparalleled ability to discover sensitive data on VMs Integration with vshield App to provide VM-quarantine based on DLP policy Symantec Web Gateway Integration with vshield App for threat discovery (including botnets) Provision to quarantine / remediate threats Symantec Security Information Manager Symantec Managed Security Service Event correlation quarantine / remediate Managed Security Service offering Symantec Critical Systems Protection Protection from advanced threats for mission-critical servers vsphere and vcenter server protection to VMware and Industry standards The Virtualization Security Journey Symantec Endpoint Protection Dynamic, transparent, beyond-physical security on a hardened infrastructure Effective across both managed and unmanaged VMs 15 Confidential 1
In Summary, vcns.. Delivers the leading software-defined networking and security solution Virtualizes networking and security to create ondemand domains, isolate workloads, and implement compliance controls Increases operational efficiency and improves utilization Simplifies operations and enables IT agility to drive business agility Brings the most extensible platform and broadest set of ecosystem partners 16
Are you aware 17
vcloud Network and Security Demo 18