BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Similar documents
CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

MODERNIZE INFRASTRUCTURE

Achieving Digital Transformation: FOUR MUST-HAVES FOR A MODERN VIRTUALIZATION PLATFORM WHITE PAPER

REDUCE TCO AND IMPROVE BUSINESS AND OPERATIONAL EFFICIENCY

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY

VMWARE VSPHERE FEATURE COMPARISON

VMware vrealize Suite and vcloud Suite

WHITE PAPER SEPTEMBER VMWARE vsphere AND vsphere WITH OPERATIONS MANAGEMENT. Licensing, Pricing and Packaging

Eliminate the Complexity of Multiple Infrastructure Silos

DISASTER RECOVERY- AS-A-SERVICE FOR VMWARE CLOUD PROVIDER PARTNERS WHITE PAPER - OCTOBER 2017

DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE

10 QUESTIONS, 10 ANSWERS. Get to know VMware Cloud on AWS The Best-in-Class Hybrid Cloud Service

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

VMware vsphere Clusters in Security Zones

VMWARE MICRO-SEGMENTATION AND SECURITY DEPLOY SERVICE

vsan Security Zone Deployment First Published On: Last Updated On:

VMWARE PIVOTAL CONTAINER SERVICE

vsan Management Cluster First Published On: Last Updated On:

VMWARE vsan 6.7. vsphere vsan. Managed by vcenter. #1 with Cloud Providers 1. vsan Shared Storage. Why VMware vsan?

VMWARE HORIZON 7. End-User Computing Today. Horizon 7: Delivering Desktops and Applications as a Service

VMware NSX: Accelerating the Business

BUSTED! 5 COMMON MYTHS OF MODERN INFRASTRUCTURE. These Common Misconceptions Could Be Holding You Back

DIGITAL TRANSFORMATION IN FEDERAL GOVERNMENT. Securely Modernize and Mobilize Government IT to Advance Missions

The threat landscape is constantly

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

7 Things ISVs Must Know About Virtualization

HOW MIDSIZE ORGANIZATIONS CAN MEET COMPLIANCE REQUIREMENTS AND ENHANCE CYBERSECURITY WITH MICRO-SEGMENTATION WHITE PAPER FEBRUARY 2018

vsan Remote Office Deployment January 09, 2018

VMWARE NSX DATA CENTER: HELPING IT MOVE AT THE SPEED OF BUSINESS

Native vsphere Storage for Remote and Branch Offices

CSP 2017 Network Virtualisation and Security Scott McKinnon

SYMANTEC DATA CENTER SECURITY

Datacenter Security: Protection Beyond OS LifeCycle

HYPER-CONVERGED INFRASTRUCTURE 101: HOW TO GET STARTED. Move Your Business Forward with a Software-Defined Approach

8 TIPS FOR A SUCCESSFUL UPGRADE TO vsphere 6.5. Stay in the Know with These Expert Suggestions

CLOUD PROVIDER POD. for VMware. Release Notes. VMware Cloud Provider Pod January 2019 Check for additions and updates to these release notes

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

The Software Defined Data Centre & vsphere 6.5 The foundation of the hybrid cloud Barry Coombs

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

CLOUD PROVIDER POD RELEASE NOTES

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Data Center Micro-Segmentation

VMWARE ENTERPRISE PKS

VMware vcloud Air Accelerator Service

VMware vcloud Networking and Security Overview

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

What s New in VMware vsphere 5.1 Platform

The Road to a Secure, Compliant Cloud

VMware Cloud Operations Management Technology Consulting Services

STREAMLINING THE DELIVERY, PROTECTION AND MANAGEMENT OF VIRTUAL DESKTOPS. VMware Workstation and Fusion. A White Paper for IT Professionals

VMware Virtualization and Cloud Management Solutions

A Practitioner s Guide to Migrating Workloads to VMware Cloud on AWS

CASE STUDY INSIGHTS: MICRO-SEGMENTATION TRANSFORMS SECURITY. How Organizations Around the World Are Protecting Critical Data

VMWARE PKS. What is VMware PKS? VMware PKS Architecture DATASHEET

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

IBM Cloud IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager and BCDR Leader VMware on IBM Cloud VMworld 2017 Content: Not for publicati

REACTIVE TO PROACTIVE TO INNOVATIVE. The Guide to Successful Digital Transformation with Intelligent Operations

Professional Services for Cloud Management Solutions

WHITE PAPER DECEMBER VMWARE vsphere VIRTUAL MACHINE ENCRYPTION. Virtual Machine Encryption Management

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

PERFORMANCE CHARACTERIZATION OF MICROSOFT SQL SERVER USING VMWARE CLOUD ON AWS PERFORMANCE STUDY JULY 2018

Converged Platforms and Solutions. Business Update and Portfolio Overview

Cloud Provider Pod Designer User Guide. November 2018 Cloud Provider Pod 1.0.1

Introducing VMware Validated Design Use Cases

Vision of the Software Defined Data Center (SDDC)

The Impact of Hyper- converged Infrastructure on the IT Landscape

Transforming IT: From Silos To Services

UNIFY SUBSCRIBER ACCESS MANAGEMENT AND EXPLOIT THE BUSINESS BENEFITS OF NOKIA REGISTERS ON VMWARE vcloud NFV

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Modernize Your Data Center With Hyper Converged Platforms

The Evolution of Data Center Security, Risk and Compliance

CLOUD PROVIDER POD RELEASE NOTES

SIEMLESS THREAT DETECTION FOR AWS

VxRail: Level Up with New Capabilities and Powers GLOBAL SPONSORS

VMware Cloud Provider Pod Designer User Guide. October 2018 Cloud Provider Pod 1.0

8 CRITICAL CAPABILITIES FOR DIGITAL WORKSPACE SECURITY

Enterprise & Cloud Security

Service Description VMware Workspace ONE

Verizon Software Defined Perimeter (SDP).

Dedicated Hosted Cloud with vcloud Director

Mobile Secure Desktop Implementation with Pivot3 HOW-TO GUIDE

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

IBM Cloud Lessons Learned: VMware Cloud Foundation on IBM Cloud VMworld 2017 We are a cognitive solutions and cloud platform company that leverages th

VMware Hybrid Cloud Solution

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Introducing VMware Validated Designs for Software-Defined Data Center

IBM Cloud for VMware Solutions

What s New in VMware vcloud Automation Center 5.1

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Introducing VMware Validated Designs for Software-Defined Data Center

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

HCI mit VMware vsan Radikal einfach und vollständig in die SDDC Strategie integriert

AppDefense Getting Started. VMware AppDefense

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Advanced Architecture Design for Cloud-Based Disaster Recovery WHITE PAPER

Transcription:

SOLUTION OVERVIEW BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY Every organization is exploring how technology can help it disrupt current operating models, enabling it to better serve customers and employees and to gain a competitive edge. IT teams choosing a software-defined data center (SDDC) model featuring virtualized compute, networking, storage, and management to accelerate their transformations are quickly discovering a digital foundation that provides the ultimate flexibility in how and where workloads run. At the same time, the SDDC provides an opportunity to create a zero-trust security model with comprehensive application visibility and consistent security controls across clouds. This model fully protects existing and new workloads in ways never before possible. Threats From Anywhere Demand Security Everywhere Security threats are growing in number and severity, and when intruders are successful enterprises experience decline in both brand loyalty and financial performance. Enterprises deploying VMware SDDC architecture have an advantage battling security threats. Protections built into each component virtualized compute, networking, storage, and management and extending to hybrid cloud create a zero-trust security model. At the core of safeguarding workloads everywhere is VMware vsphere Platinum, the purpose-built security solution protecting enterprise applications, infrastructure, data, and access. $3.86M 196 days 69 days Average total cost of global data breaches (2018)1 Mean time for organizations to identify a data breach2 Figure 1. Ignoring security is expensive and time consuming. Mean time to contain a data breach3 14 seconds How often analysts predict ransomware will attack a business by 20194 With enterprises still searching for better threat protection, detection, and remediation models as regulators push for more risk control, cybercriminals continue to set their sights on new targets. Data centers that are still operating siloed with hardware-based infrastructure and running legacy applications are most vulnerable. Cybercriminals consistently seek weak links that enable them to penetrate perimeters and quickly move malware from server to server, application to application within the environment. There is no quick fix and adding complex security management with point tools can put organizations at greater risk. By ensuring security is built into all of the connected SDDC components, VMware helps enterprises safeguard all of their data and applications onsite and across clouds. The VMware SDDC architecture provides the highest levels of protection because abstraction across compute, network, storage, and management creates an independent virtualization layer to secure infrastructure. VMware also provides deep visibility into interactions between users and applications, and the context to understand it. VMware s solution helps ensure enterprise IT teams align security to what matters most, the application. Finally, the location of VMware software within the compute platform provides the optimal control point to enforce policy and insert third-party services for additional layers of protection. VMWARE SDDC SECURITY 1

MANAGEMENT NETWORKING STORAGE Public Cloud Data Center COMPUTE Figure 2. VMware delivers consistent SDDC infrastructure across data centers and clouds. VMware s Holistic SDDC Security Advantage A closer look at protections within each component compute, networking, storage, and management extending into hybrid cloud illustrates the holistic VMware SDDC architecture security advantage. Compute: Advanced Infrastructure, Data, Access, and Application Security in the Compute Platform In the VMware SDDC, software-defined compute establishes a foundation capable of addressing dynamic threats. VMware vsphere Platinum is a purpose-built security solution protecting enterprise applications, infrastructure, data, and access. It delivers key capabilities to reduce security risks: The industry-leading, efficient, and secure compute platform for all workloads, providing comprehensive, built-in security for the entire hybrid cloud environment. Native integration of VMware AppDefense into core vsphere to provide visibility into virtual machine (VM) and application behavior with alerts for any deviations from the known good state, in addition to embedding threat detection and response into the virtualization layer, and data center endpoint security all powered by machine learning and behavioral analytics. Validation and Attestation Safeguards Infrastructure Protecting workloads of any type, running on-premises and in hybrid clouds begins with securing the digital foundation, which in the VMware SDDC is the compute layer. Secure Boot for ESXi in vsphere Platinum ensures that only VMware and partner-signed code is running in the hypervisor. vsphere Platinum includes support for TPM 2.0 for ESXi hosts. This delivers hypervisor integrity by validating the Secure Boot for ESXi process and enables the ability to do remote host attestation. Secure Boot for Virtual Machines provides Guest OS support for the prevention of image tampering and unauthorized component loading. SOLUTION OVERVIEW 2

vsphere Platinum includes role-based access controls, enhancing security by giving IT control over authorization of what can and can t be accessed. The solution also features support for Microsoft Virtualization-based Security (VBS), including Credential Guard for enterprises running Windows 10 and Windows Server 2016 security features on vsphere. Virtual TPM 2.0 allows for the introduction of in-guest security solutions while IT maintains full operational support for technologies such as VMware vsphere vmotion and VMware vsphere Distributed Resource Scheduler TM (DRS). Secure Applications Enhanced Security Functionality AppDefense Visibility, Control, Detection, Response Secure Data VM & vsan Encryption Encrypted vmotion Secure Infrastructure ESXi support for Secure Boot and TPM 2.0 VM support for vtpm 2.0 and VBS Secure Access Audit Quality Logging Figure 3. vsphere Platinum secures infrastructure, data, applications, and access. Encryption Secures Data Within the infrastructure, vsphere Platinum protects against unauthorized data access from the core to the cloud when data is in motion and at rest. It features FIPS 140-2 Validated cryptography that enables VM Encryption and Encrypted vmotion to provide easy-to-manage encryption with less hassle than legacy solutions. VM Encryption introduces encryption solutions for every workload type and protects VMs against unauthorized data access. Encrypted vmotion ensures the secure live migration of running VMs from one physical server to another with zero downtime, ensuring continuous service availability and complete transaction integrity with no modification to existing network infrastructure. Purpose-Built VMs Protect Applications vsphere Platinum starts with protecting VMs at the infrastructure level and then extends its protection, via AppDefense, to the application level. It does so by ensuring known good behaviors rather than relying on updates of known bad behaviors. This approach addresses zero-day threats for which there is no known signature of bad behaviors. Embedded machine learning helps vsphere Platinum secure infrastructure and applications in a way that is operationally simple with minimal overhead and impact on performance. Administrators easily address in-guest threats and eliminate risks by delivering secure infrastructure and applications with VMs running in their known good states. Ensuring good is possible because AppDefense understands an application s intended state and behavior and monitors it for changes. Any change from a known good state signals a threat for which a number of automatic remediation actions are available. VMs continue to run optimally without burdening administrators to detect threats that may not fit a known signature. Known-good state VMs, in turn, support robust micro-segmentation in the VMware SDDC networking layer. SOLUTION OVERVIEW 3

Greater Visibility Limits Access Because users can inadvertently cause harm to organizational security postures, vsphere Platinum s audit quality logging capability promotes authorized administration and control through high-fidelity visibility into user activity. It maximizes the efficiency and effectiveness of virtualization and security operations while streamlining the application security readiness review process. Easy to use and install, vsphere Platinum simplifies workflows and boosts collaboration among vsphere administrators and security, compliance, and application teams while streamlining security incident response and remediation. Network: Advanced Traffic, App, and Data Protection A software-defined network as part of the VMware SDDC maximizes IT security and agility. Organizations trust VMware NSX to automate network and security provisioning so that as new compute resources are created, they are secured by default. Using policy-based security automation and micro-segmentation, IT teams prevent intrusion and secure network traffic inside enterprise environments, such that malware cannot move laterally. Network Perimeter Internet Figure 4. VMware NSX enables security through micro-segmentation. Micro-segmentation limits a threat s ability to propagate across the environment by enforcing network security policies at the most granular level of an application, the individual data center endpoint. Organizations then segment workloads residing on the same physical host without hair-pinning traffic out through an external physical or virtual firewall. With VMware NSX, IT organizations enforce a least-privilege model, limiting access by user or role and preventing system components from interacting unnecessarily. SOLUTION OVERVIEW 4

Storage: Hyperconverged Infrastructure and Encryption for Data Safety Software-defined storage, standalone or as part of hyper-converged infrastructure (HCI) in the VMware SDDC, extends security built into the foundation. VMware vsan TM helps IT organizations evolve to flash-optimized shared storage across virtualized workloads. Native integration with vsphere removes dependency on external shared storage appliances, offering a secure and consistent operating environment every day. VMware vsan is the first HCI solution to offer native, software-based FIPS 140-2 Validated data-at-rest encryption. vsan Encryption provides data-at-rest security at the cluster level and offers simple key management with support for KMIPcompliant key managers. It meets rigorous enterprise and government agency compliance requirements while supporting choice of standard drives (SSDs and HDDs) and avoiding the limited options, configuration challenges, and pricing premium of self-encrypting drives (SEDs). vsphere... vsan vsan Datastore Figure 5. VMware vsan Encryption provides data-at-rest security. Unlike other software-defined storage solutions, vsan features security, as well as cost and agility benefits. vsan is built into the vsphere kernel. This tight integration optimizes the data I/O path and provides the highest levels of performance with minimal impact on CPU and memory. Data Center Management: Policy-Based Protection The VMware modern SDDC consolidates, standardizes, and automates operations as it breaks down silos and reduces risk. It uniquely delivers secure, consistent infrastructure and VM-centric operations all managed by VMware vrealize Suite, the enterprise-ready cloud management platform purpose-built for the hybrid cloud. vrealize Suite reduces risk by ensuring hardening for vsphere and all VMware SDDC components. It includes intelligent operations such as Smart Alerts and predictive analytics to proactively identify and solve emerging operational and security issues before they negatively impact user experiences. vrealize Suite empowers consistent deployment models, security policies, visibility, and governance for all applications whether they are running in an on-premises SDDC, in VMware Cloud TM on AWS, in other public clouds, or in any combination of those. SOLUTION OVERVIEW 5

Any Device Any Application Business Mobility: Applications Devices Content Traditional Cloud Native Any Cloud Software-Defined Data Center (SDDC) Cloud Management Platform vrealize Automation VMware Integrated OpenStack vrealize Network Insight vrealize Log Insight vrealize Operations vrealize Business for Cloud Dev Ops vrealize Code Stream Extensibility Management Packs Virtual/Cloud Infrastructure Compute NSX Network and Security Storage Hybrid Cloud Figure 6. vrealize Suite delivers intelligent operations and consistent policy-based security. Hybrid Cloud: Extending Security Off-Site VMware Cloud on AWS takes the benefits of the VMware SDDC to the hybrid cloud. As more products and services move online, opportunities increase for cybercriminals. Successful businesses protect distributed modern applications by ensuring dynamic security is an intrinsic feature of the infrastructure across both private and public clouds. vsphere and VMware Cloud on AWS deliver a consistent and intrinsic security architecture from the data center to the cloud. VMware Cloud on AWS provides a robust and hardened cloud infrastructure with rich security features built in. From an operations standpoint, VMware protects the information systems used to deliver VMware Cloud on AWS. The service is also monitored for security events involving the underlying servers, storage, networks, and information systems used in the delivery of this service. Moreover, VMware performs routine vulnerability scans to surface critical risk areas and addresses them in a timely manner. Security configurations and operational procedures have been audited, resulting in VMware Cloud on AWS obtaining industry certifications, such as SOC and ISO. vrealize Suite, ISV Ecosystem Operational Management VMware Cloud TM on AWS Powered by VMware Cloud Foundation AWS Services vcenter vcenter vsphere vsan NSX Customer Data Center AWS Global Infrastructure Figure 7. vsphere and VMware Cloud on AWS deliver a consistent and intrinsic security architecture from the data center to the cloud. SOLUTION OVERVIEW 6

Take Your Security to the Next Level with the VMware SDDC; Start with vsphere Platinum The VMware SDDC features a comprehensive, zero-trust security approach that addresses enterprises most stringent protection requirements without sacrificing agility. As the ideal, efficient, secure universal platform for hybrid cloud supporting new and existing applications as well as serving the needs of IT and the business, vsphere reinforces enterprise investment in VMware. It is a core component of the VMware SDDC and a fundamental building block of cloud strategy. With vsphere, enterprises can run, manage, connect, and secure their applications in a common operating environment, across hybrid cloud. Figure 8. Comprehensive built-in security for your data center with vsphere Platinum. By building security into the core compute platform instead of as a bolted-on afterthought, VMware ensures threats from anywhere are met by security everywhere. vsphere Platinum, the foundation of the VMware SDDC, mitigates risks with purpose-built safeguards across the entire IT environment so enterprise IT teams can focus more on the innovation that drives competitive advantage. Discover vsphere Platinum. 1-3 Ponemon Institute. 2018 Cost of a Data Breach Study, July 2018. 4 Cybersecurity Ventures. Global Ransomware Damage Costs Predicted to Exceed $5 Billion in 2017, May 18, 2017. VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright 2018 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: VMW-SO-SDDC-USLET-FINAL 10/18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback