vShield Suite
-
Upload
kameshbathina -
Category
Technology
-
view
1.766 -
download
2
description
Transcript of vShield Suite
![Page 1: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/1.jpg)
vShield
![Page 2: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/2.jpg)
• VMware® vShield is a suite of security virtual appliances built for protecting virtualized datacenters from attacks and misuse
• vShield Components– vShield Manager– vShield Zones– vShield App– vShield Edge– vShield End Point
![Page 3: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/3.jpg)
• vShield Manager– The vShield Manager is the centralized network
management component of vShield suite and is installed from OVA as a virtual machine by using the vSphere Client.
– Using the vShield Manager user interface, administrators install, configure, and maintain vShield components
![Page 4: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/4.jpg)
• vShield Zones• vShield Zones, included with the vShield Manager, provides firewall protection for
traffic between virtual machines
• vShield App• vShield App is an interior, vNIC level firewall that allows you to create access control ‐
policies regardless of network topology. A vShield App monitors all traffic in and out of an ESX host, including between virtual machines in the same port group. vShield App includes traffic analysis and container based policy creation.‐
• vShield Edge• vShield Edge provides network edge security and gateway services to isolate the
virtual machines in a port group, vDS port group, or Cisco® Nexus 1000V.• Common deployments of vShield Edge include in the DMZ, VPN Extranets, and multi‐
tenant Cloud environments where the vShield Edge provides perimeter security for Virtual Datacenters (VDCs).
• vShield End Point• vShield Endpoint delivers an introspection based antivirus solution. vShield Endpoint ‐
uses the hypervisor to scan guest virtual machines from the outside without a bulky agent
![Page 5: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/5.jpg)
![Page 6: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/6.jpg)
vShield Zones
![Page 7: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/7.jpg)
![Page 8: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/8.jpg)
![Page 9: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/9.jpg)
![Page 10: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/10.jpg)
![Page 11: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/11.jpg)
Firewall Rules
![Page 12: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/12.jpg)
vShield App
• vShield App is an interior, vNIClevel firewall that allows you to create access control policies regardless of network topology. A vShield App monitors all traffic in and out of an ESX host, including between virtual machines in the same port group. vShield App includes traffic analysis and container based ‐policy creation.
![Page 13: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/13.jpg)
vShield App
• VMware vShield App, part of the VMware vShield family of virtualization security products, protects as applications in the virtual datacenter from network based threats. vShield App gives organizations deep visibility into network communications between virtual machines and enables granular policy enforcement with security groups. The solution also eliminates the hardware and policy sprawl associated through traditional measures, resulting in a cost-effective solution that helps customers to go beyond the limitations of physical security.
![Page 14: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/14.jpg)
Key Benfits
• Increase visibility and control over network communications between virtual machines.
• Eliminate the need for dedicated hardware• and VLANs to separate security groups from
one another.• Optimize hardware resource utilization while
maintaining strong security.• Simplify compliance with comprehensive
logging of all virtual machine network activity.
![Page 15: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/15.jpg)
Vshield App enables Granular Policy Enforcement Using Security Groups
![Page 16: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/16.jpg)
vShield Edge
• vShield Edge provides network edge security and gateway services to isolate the virtual machines in a port group, vDS port group, or Cisco® Nexus 1000V.
• Common deployments of vShield Edge include in the DMZ, VPN Extranets, and multi tenant ‐Cloud environments where the vShield Edge provides perimeter security for Virtual Datacenters (VDCs).
![Page 17: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/17.jpg)
![Page 18: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/18.jpg)
Consolidate edge security hardware: Provision edge security services, including firewall and VPN,
using existing vSphere resources, eliminating the need for hardware-based solutions.
![Page 19: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/19.jpg)
Ensure performance and availability of web services: Efficiently manage inbound web traffic across virtual machine clusters with web load balancing capabilities
![Page 20: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/20.jpg)
Accelerate IT compliance: Get increased visibility and control over security at the network edge,
with the logging and auditing controls you need to demonstrate compliance with internal policies and external regulatory requirements
![Page 21: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/21.jpg)
vShield End Point
• vShield Endpoint delivers an introspection based antivirus ‐solution. vShield Endpoint uses the hypervisor to scan guest virtual machines from the outside without a bulky agent
![Page 22: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/22.jpg)
![Page 23: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/23.jpg)
Streamline antivirus and anti-malware deployment: Deploy enterprise antivirus engine and signature file to a single
security virtual machine instead of each and every individual virtual machine on a vSphere host
![Page 24: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/24.jpg)
• Improve virtual machine performance: Securely achieve higher consolidation ratios by the same offload mechanism as described above
![Page 25: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/25.jpg)
• Prevent antivirus storms and bottlenecks: Prevent antivirus storms and bottlenecks associated with multiple simultaneous antivirus and anti-malware scans and updates
![Page 26: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/26.jpg)
• Protect antivirus security software from attack: Deploy and run the antivirus and anti-malware client software in a hardened security virtual machine to prevent targeted attacks
![Page 27: vShield Suite](https://reader033.fdocuments.net/reader033/viewer/2022061206/5481be37b4af9f6c578b45cd/html5/thumbnails/27.jpg)