Security Blog

VMware vShield Zones 1.0 is generally available

charu@vmware.com — Thu, 18 Jun 2009 18:47:15 GMT

Warren Wu writes over on the VMware Security Blog:

With the general availability of VMware vSphere 4 a few weeks ago, I just wanted to highlight for the security community that VMware vShield Zones is also part of that release and now generally available!

vShield Zones is a new product for VMware and one of the newest members of the vSphere 4 product family, based on technology from our acquisition of Blue Lane Technologies. We had a lot of interest from customers around vShield Zones and had over 200 customers around the world registered for our recent private beta. It is part of the vSphere package starting with the Advanced Edition and above.

VMware vShield Zones 1.0 offers the following key features and benefits for vSphere 4 environments:

Central Management of Logical Zone Boundaries and Segmentation

Leverage existing virtual infrastructure containers – hosts, virtual switches, VLANs – as logical trust or organizational zones
Define policies to bridge, firewall, or isolate network traffic between zone boundaries
Manage and deploy policies across entire VMware vCenter Server deployment
Integrate with VMware vCenter Server and automatically deploy on existing virtual networks
Scan and discover existing applications running on virtual machines to identify application protocol

Network Enforcement and Flow Monitoring

Classify traffic by network or application protocol (e.g. HTTP, RDP, SNMP)
Performantly filter traffic with stateful packet inspection (SPI)
Track dynamic port connections for protocols such as FTP
Track network connections across VMware VMotion migration events.
Easily convert observed network flows into precise network enforcement rules.
Monitor both allowed and disallowed activity

Management and Reporting

Access the Web-based vShield Manager interface remotely from any Web browser
Configure administrators to be common with VMware vCenter Server or distinct for separation of duties and roles
View activity hierarchically at individual virtual machine or aggregate levels and generate graphical or tabular reports
Retain log data for archival and compliance purposes
Export events and data using syslog format

More information about vShield Zones can be found at the product page here: http://www.vmware.com/products/vshield-zones/ <http://www.vmware.com/products/vshield-zones/>

vShield Zones 1.0 is downloadable as part of the VMware vSphere evaluation at: https://www.vmware.com/tryvmware/index.php?p=vsphere&lp=1 <https://www.vmware.com/tryvmware/index.php?p=vsphere&lp=1>

Documentation and release notes about vShield Zones 1.0 can be found at: http://www.vmware.com/support/pubs/vsz_pubs.html <http://www.vmware.com/support/pubs/vsz_pubs.html>

Beta of VMware vShield Zones

charu@vmware.com — Thu, 26 Mar 2009 20:15:39 GMT

Recently at VMworld Europe 2009 in February, VMware announced a new vSphere offering called VMware vShield Zones that provides network monitoring and firewalling for security and compliance of VM's. vShield Zones is based on our acquistion of Blue Lane Technologies last October. It is uses Blue Lane's mature application-aware network stack, but instead of offering virtual patching, it has all-new modules providing network flowing monitoring/auditing as well as network firewalling. These are packaged as a virtual appliance and provides visibility and enforcement specifically for logically partitioning the interior of the virtual datacenter.

We recent started a private beta open to vSphere beta customers that will be running for the next few weeks. If you are interested, please send me a private message. You can learn more about VMware vShield Zones at the product page here: http://www.vmware.com/products/vshield-zones/

Virtualization and Compliance

charu@vmware.com — Fri, 17 Oct 2008 18:35:14 GMT

Virtualization Compliance has become a hot topic lately, particularly in the retail environment. For that industry, there are a confluence of factors that have come together:

The imposition of the PCI standards on the majority of merchants who process credit cards
The fact that PCI is one of the more prescriptive security standards out there, but yet does not acknowledge virtualization as a technology
The growing desire for retailers to virtualize their store environments, due to the tremendous savings that can be achieved when server consolidation is leveraged across hundreds or even thousands of locations

Other standards such as HIPAA and SOX are of course top of mind for IT administrators in those respective industries, and I expect to see more direct questions from virtualization admins in those areas as time goes on.

To help answer the question, "how can I achieve compliance in my virtualized environment", we recently launched the VMware Compliance Center. We have provided some overview information, a list of partner solutions that can help with achieving, maintaining, and demonstrating compliance, and a list of resources, including whitepapers, webcasts, and podcasts from leading vendors in this area.

I would love to here comments from people both on what more you'd like to see in the Compliance Center, as well as on what are the burning issues that you face with compliance, and maybe some tips or lessons learned that you can share with others.

Xtravirt's Security Risk Assessment

schambers — Wed, 03 Sep 2008 17:43:02 GMT

Gavin Joliffe of Xtravirt was one of the very first contributors to VIOPS with a Proven Practice: VI3 Security Risk Assessment.

You're reading this because you already know that security is a key part of virtualization, probably because it changes the game somewhat. Being ever the optimist, I'm a fan of saying "enhanced" instead of "changed" or "broken", but that's just my sunny Yorkshire disposition.

What Xtravirt have done in their document is to encapsulate their experience of running their own security process for virtualization for themselves (prior to starting Xtravirt) and now on behalf of clients - that's a lot of experience!

That is the kind of document and experience we need for VIOPS proven practices. Instead of trying to create something that tries to be all things to all people, Xtravirt have focussed in on what has been successful for them and written it up.

Steve