SlideShare a Scribd company logo

What’s new in vShield 5

Eric Sloof, profile picture
Eric Sloof

The document outlines the features and benefits of vShield 5.0 for enterprise security, focusing on securing private cloud environments and managing cyber threats. It emphasizes centralized management, visibility, and control over virtualized resources, while addressing common security challenges such as resource sprawl and compliance. Key components include vShield Edge, App, and Data Security which enhance firewall capabilities, automate security processes, and improve overall performance.

Technology
1 of 16
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
What’s new in vShield 5
Enterprise Security today – not virtualized, not cloud ready Enterprise VDC Users DMZ Web Servers Apps / DB Tier Sites Perimeter/DMZ Interior security Endpoint security - Firewall, VPN - VLAN or subnet based - AV, DLP agent based - Load balancers policies security Challenges Challenges Challenges - Sprawl: hardware, FW - Sprawl: VLANs, - Sprawl: agents in all VMs rules, VLANs hardware, FW rules – drain resources - Blind spots: inter-VM - Risk: agents in guest traffic VMs – not hardened
vShield 5.0 Securing the Private Cloud End to End: from the Edge to the Endpoint vShield App with Data vShield Edge Security vShield Endpoint Edge Endpoint = VM Security Zone Secure the edge of Offload anti-virus processing the virtual datacenter • Create segmentation between silos of workloads • Sensitive Data Discovery DMZ vShield Manager Application 1 Application 2 Endpoint = VM Centralized Management
vShield Edge 5.0 Overview vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Provides common edge security services around a virtual datacenter. Example uses: • Extranets Secure Secure • Multi-tenant cloud environments Secure Virtual Virtual Virtual Appliance Appliance Appliance Firewall Load balancer VPN 4
vShield Edge 5.0 vShield vShield vShield Primary functionality Edge Edge Edge • Stateful inspection firewall Tenant A Tenant C Tenant X • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN • (NEW) Static Routing Secure Secure Secure Virtual Appliance Virtual Appliance Virtual Appliance Management features • REST APIs for scripting • Logging of activity Firewall Load balancer VPN 5
vShield Edge 5.0 Benefits vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Reduce cost and complexity • Centralized management for all protected environments • Eliminates need for multiple special-purpose appliances Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance • Increased agility for cloud environments • Enables rapid provisioning edge services • Ability to automate and integrate into overall provisioning and management workflow Firewall Load balancer VPN 6
vShield App 5.0 Overview • vShield App: virtualization- built firewall featuring • VM-level enforcement • Intuitive business language policy • Robust flow monitoring • Logging and auditing • REST API
vShield App Design  Hypervisor-Level vShield vShield App Firewall App • Inbound/outbound connection control enforced at the virtual NIC level vSphere vSphere • Dynamic protection as virtual machines migrate • Protects at Layer 3 and Layer 2 vShield ESXi Host ESXi Host Manager vSphere vCenter Client Server
vShield App Group-based Policies MAC Internet Set Resource Security Pools Groups Finance HR Marketing Web Group Web Web Web IP Set DB Group Database Database Database
vShield App 5.0 Benefits • Complete visibility and control to the Inter VM traffic • Enables multiple trust zones on same ESX cluster. • Ability to audit traffic for compliance and security • Fewer misconfiguration mistakes, lower operating overhead by eliminating • VLAN trunking • Complex rules management • Ability to automate and integrate into overall provisioning and management workflow
vShield Data Security (vSDS) Overview • Discover and report sensitive data across virtual machines • Scans occur continuously, transparent to the virtual machine ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
vShield Data Security (vSDS)  Select from many industry, local, and international policies
vShield Data Security (vSDS)  View report of policy matches per VM
vShield Data Security (vSDS) Benefits • Reduces risk of non-compliance with automated scans, rapid assessment and reporting • Improve performance by offloading data discovery functions to a virtual appliance ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
vShield Manager Roles  Clear separation of Responsibilities and Authority Security Define, Monitor admin vShield Implement admin Security Auditor Verify Policies
vShield Endpoint Overview • Offload file activity to Security VM • Enforce Remediation using driver in VM • Security VM provided by best-of- breed AV partners: Trend Micro, others Benefits • Improve VM performance by eliminating anti-virus storms • Reduce risk by eliminating agents susceptible to attacks

More Related Content

PDF
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
 
PDF
Model checking in the cloud
Olivier Coudert
 
PDF
Nevmug Left Hand Tower Publishing January 2009
csharney
 
PPTX
Architecting a Private Cloud - Cloud Expo
smw355
 
PDF
LifeSize® UVC Transit™
Annie Lavoie
 
PDF
Security & Virtualization in the Data Center
Cisco Russia
 
PPT
Dvis presentation l
tinachang2005
 
PDF
InterCloud the cloud network - v1
Pierre Cerou
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
 
Model checking in the cloud
Olivier Coudert
 
Nevmug Left Hand Tower Publishing January 2009
csharney
 
Architecting a Private Cloud - Cloud Expo
smw355
 
LifeSize® UVC Transit™
Annie Lavoie
 
Security & Virtualization in the Data Center
Cisco Russia
 
Dvis presentation l
tinachang2005
 
InterCloud the cloud network - v1
Pierre Cerou
 

What's hot (12)

PPTX
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Damir Bersinic
 
PDF
Vyatta cloud expo-sjc_2012-share
Scott Sneddon
 
PDF
Virtual sharp cloud aware bc dr up 2012 cloud
Khazret Sapenov
 
PDF
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
 
PDF
Runner sv q307
Obsidian Software
 
PDF
Security and Virtualization in the Data Center
Cisco Canada
 
PPTX
Simple ams slidedeck
Bengmancastro
 
PDF
Wireless to the Nth Degree
InnoTech
 
PDF
Switch
1 2d
 
PDF
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
PDF
Datacryptor Ethernet Layer 2 Rel 4.5
Eugene Sushchenko
 
PDF
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
Adam Johnson
 
Prairie DevCon-What's New in Hyper-V in Windows Server "8" Beta - Part 2
Damir Bersinic
 
Vyatta cloud expo-sjc_2012-share
Scott Sneddon
 
Virtual sharp cloud aware bc dr up 2012 cloud
Khazret Sapenov
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
VirtSGR
 
Runner sv q307
Obsidian Software
 
Security and Virtualization in the Data Center
Cisco Canada
 
Simple ams slidedeck
Bengmancastro
 
Wireless to the Nth Degree
InnoTech
 
Switch
1 2d
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
Datacryptor Ethernet Layer 2 Rel 4.5
Eugene Sushchenko
 
BayLISA: MidoNet Overlay Based Network Virtualization for IaaS Clouds
Adam Johnson
 
Ad

Similar to What’s new in vShield 5 (20)

PDF
Introduction - Trend Micro Deep Security
Andrew Wong
 
PDF
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
Ixia
 
PDF
Layer 7: Cloud Security For The Public Sector
CA API Management
 
PDF
Citrix - More Applications, More Security, More Availability
dataplex systems limited
 
PDF
Vss Security And Compliance For The Cloud
Graeme Wood
 
PDF
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Open Data Center Alliance
 
PPTX
BIG-IP Data Center Firewall Solution
F5 Networks
 
PPTX
Private Clouds - Business Agility Seminar
Exponential_e
 
PDF
GAMO VMware vCloud Air
GAMO a.s.
 
PPTX
VMware vShield - Overview
Irsandi Hasan
 
PPTX
VMware-vShield-Presentation-pp-en-Dec10.pptx
Abasse KPEGOUNI
 
PPTX
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
Hythamsaadeh
 
PPTX
QLogic Adapters & Virtualized Environments
QLogic Corporation
 
PDF
Transcending Computing Environment Boundaries: Seamless Computing Environmen...
HCL Infosystems
 
PDF
Desktopvirtualisatie met VMware View, de laatste ontwikkelingen
UNIT4 IT Solutions
 
PDF
Using Server Virtualization for Manufacturing Operations
ARC Advisory Group
 
PDF
Server Virtualization in Manufacturing Operations
ARC Advisory Group
 
PPTX
Trend micro v2
JD Sherry
 
PDF
VMware Zimbra vs. Novell Groupwise
Mike K
 
PPTX
ZStack Solutions & Cases 2023
Ryo Ardian
 
Introduction - Trend Micro Deep Security
Andrew Wong
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
Ixia
 
Layer 7: Cloud Security For The Public Sector
CA API Management
 
Citrix - More Applications, More Security, More Availability
dataplex systems limited
 
Vss Security And Compliance For The Cloud
Graeme Wood
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Open Data Center Alliance
 
BIG-IP Data Center Firewall Solution
F5 Networks
 
Private Clouds - Business Agility Seminar
Exponential_e
 
GAMO VMware vCloud Air
GAMO a.s.
 
VMware vShield - Overview
Irsandi Hasan
 
VMware-vShield-Presentation-pp-en-Dec10.pptx
Abasse KPEGOUNI
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
Hythamsaadeh
 
QLogic Adapters & Virtualized Environments
QLogic Corporation
 
Transcending Computing Environment Boundaries: Seamless Computing Environmen...
HCL Infosystems
 
Desktopvirtualisatie met VMware View, de laatste ontwikkelingen
UNIT4 IT Solutions
 
Using Server Virtualization for Manufacturing Operations
ARC Advisory Group
 
Server Virtualization in Manufacturing Operations
ARC Advisory Group
 
Trend micro v2
JD Sherry
 
VMware Zimbra vs. Novell Groupwise
Mike K
 
ZStack Solutions & Cases 2023
Ryo Ardian
 
Ad

More from Eric Sloof (16)

PDF
VMware HA deep Dive
Eric Sloof
 
PDF
What’s New in vCloud Director 5.1?
Eric Sloof
 
PDF
Mythbusting goes virtual What's new in vSphere 5.1
Eric Sloof
 
PDF
vCenter Infrastructure Navigator 1.1 - What's New
Eric Sloof
 
PDF
vCenter Operations 5: Level 300 training
Eric Sloof
 
PDF
E1000 is faster than VMXNET3
Eric Sloof
 
PDF
vSphere 5 What's New - Profile Driven Storage
Eric Sloof
 
PDF
Introduction - vSphere 5 High Availability (HA)
Eric Sloof
 
PDF
Introduction - vSphere Storage Appliance
Eric Sloof
 
PDF
What’s New in vCloud Director 1.5
Eric Sloof
 
PDF
vSphere 5 - Image Builder and Auto Deploy
Eric Sloof
 
PDF
What’s New in VMware vCenter Site Recovery Manager v5.0
Eric Sloof
 
PPTX
Advanced Root Cause Analysis
Eric Sloof
 
PPT
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Eric Sloof
 
PPTX
Managing V Sphere With The Vesi
Eric Sloof
 
PPTX
Managing V Sphere With The Vesi
Eric Sloof
 
VMware HA deep Dive
Eric Sloof
 
What’s New in vCloud Director 5.1?
Eric Sloof
 
Mythbusting goes virtual What's new in vSphere 5.1
Eric Sloof
 
vCenter Infrastructure Navigator 1.1 - What's New
Eric Sloof
 
vCenter Operations 5: Level 300 training
Eric Sloof
 
E1000 is faster than VMXNET3
Eric Sloof
 
vSphere 5 What's New - Profile Driven Storage
Eric Sloof
 
Introduction - vSphere 5 High Availability (HA)
Eric Sloof
 
Introduction - vSphere Storage Appliance
Eric Sloof
 
What’s New in vCloud Director 1.5
Eric Sloof
 
vSphere 5 - Image Builder and Auto Deploy
Eric Sloof
 
What’s New in VMware vCenter Site Recovery Manager v5.0
Eric Sloof
 
Advanced Root Cause Analysis
Eric Sloof
 
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Eric Sloof
 
Managing V Sphere With The Vesi
Eric Sloof
 
Managing V Sphere With The Vesi
Eric Sloof
 

Recently uploaded (20)

PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
August Patch Tuesday
Ivanti
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
project resource management chapter-09.pdf
ssuser00e6e21
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
August Patch Tuesday
Ivanti
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 

What’s new in vShield 5

  • 1. What’s new in vShield 5
  • 2. Enterprise Security today – not virtualized, not cloud ready Enterprise VDC Users DMZ Web Servers Apps / DB Tier Sites Perimeter/DMZ Interior security Endpoint security - Firewall, VPN - VLAN or subnet based - AV, DLP agent based - Load balancers policies security Challenges Challenges Challenges - Sprawl: hardware, FW - Sprawl: VLANs, - Sprawl: agents in all VMs rules, VLANs hardware, FW rules – drain resources - Blind spots: inter-VM - Risk: agents in guest traffic VMs – not hardened
  • 3. vShield 5.0 Securing the Private Cloud End to End: from the Edge to the Endpoint vShield App with Data vShield Edge Security vShield Endpoint Edge Endpoint = VM Security Zone Secure the edge of Offload anti-virus processing the virtual datacenter • Create segmentation between silos of workloads • Sensitive Data Discovery DMZ vShield Manager Application 1 Application 2 Endpoint = VM Centralized Management
  • 4. vShield Edge 5.0 Overview vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Provides common edge security services around a virtual datacenter. Example uses: • Extranets Secure Secure • Multi-tenant cloud environments Secure Virtual Virtual Virtual Appliance Appliance Appliance Firewall Load balancer VPN 4
  • 5. vShield Edge 5.0 vShield vShield vShield Primary functionality Edge Edge Edge • Stateful inspection firewall Tenant A Tenant C Tenant X • Dynamic Host Configuration Protocol (DHCP) • Site to site VPN • (NEW) Static Routing Secure Secure Secure Virtual Appliance Virtual Appliance Virtual Appliance Management features • REST APIs for scripting • Logging of activity Firewall Load balancer VPN 5
  • 6. vShield Edge 5.0 Benefits vShield vShield vShield Tenant A Edge Tenant C Edge Tenant X Edge • Reduce cost and complexity • Centralized management for all protected environments • Eliminates need for multiple special-purpose appliances Secure Virtual Appliance Secure Virtual Appliance Secure Virtual Appliance • Increased agility for cloud environments • Enables rapid provisioning edge services • Ability to automate and integrate into overall provisioning and management workflow Firewall Load balancer VPN 6
  • 7. vShield App 5.0 Overview • vShield App: virtualization- built firewall featuring • VM-level enforcement • Intuitive business language policy • Robust flow monitoring • Logging and auditing • REST API
  • 8. vShield App Design  Hypervisor-Level vShield vShield App Firewall App • Inbound/outbound connection control enforced at the virtual NIC level vSphere vSphere • Dynamic protection as virtual machines migrate • Protects at Layer 3 and Layer 2 vShield ESXi Host ESXi Host Manager vSphere vCenter Client Server
  • 9. vShield App Group-based Policies MAC Internet Set Resource Security Pools Groups Finance HR Marketing Web Group Web Web Web IP Set DB Group Database Database Database
  • 10. vShield App 5.0 Benefits • Complete visibility and control to the Inter VM traffic • Enables multiple trust zones on same ESX cluster. • Ability to audit traffic for compliance and security • Fewer misconfiguration mistakes, lower operating overhead by eliminating • VLAN trunking • Complex rules management • Ability to automate and integrate into overall provisioning and management workflow
  • 11. vShield Data Security (vSDS) Overview • Discover and report sensitive data across virtual machines • Scans occur continuously, transparent to the virtual machine ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
  • 12. vShield Data Security (vSDS)  Select from many industry, local, and international policies
  • 13. vShield Data Security (vSDS)  View report of policy matches per VM
  • 14. vShield Data Security (vSDS) Benefits • Reduces risk of non-compliance with automated scans, rapid assessment and reporting • Improve performance by offloading data discovery functions to a virtual appliance ! ! ! Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director)
  • 15. vShield Manager Roles  Clear separation of Responsibilities and Authority Security Define, Monitor admin vShield Implement admin Security Auditor Verify Policies
  • 16. vShield Endpoint Overview • Offload file activity to Security VM • Enforce Remediation using driver in VM • Security VM provided by best-of- breed AV partners: Trend Micro, others Benefits • Improve VM performance by eliminating anti-virus storms • Reduce risk by eliminating agents susceptible to attacks