VMware® vShield Zones enables network compliance with security policies and industry regulations while adopting the efficiency and flexibility of cloud computing.
VMware vShield Zones creates logical zones in the virtual datacenter that span shared physical resources, with each zone representing a distinct level of trust and confidentiality.
VMware vShield Zones enables customers to:
• Bridge, firewall, or isolate virtual machine zones based on logical trust or organizational boundaries
• Create intuitive network access rules using existing VMware vCenter Server containers
• Log and report on allowed and disallowed activity by application-based protocols
• Easily convert observed network flows into precise access rules
VMware vShield Zones presents network monitoring and access management in a highly virtualization-aware and application-aware context, so that administrators can define access policies that intuitively map to logical trust or organizational zone boundaries expressed in their existing VMware vCenter Server management hierarchy and network topology.
VMware vShield Zones consists of the VMware vShield Manager, which provides centralized management of monitoring and access policies across an entire deployment, and VMware vShield Zones appliances that provide the runtime enforcement. VMware vShield Manager is deployed as a virtual appliance and integrates automatically with VMware vCenter Server to present policies and events in the context of the existing virtual machines, networks, host, and clusters.
VMware vShield Zones virtual appliances are distributed and deployed inline on the virtual switches on VMware ESX hosts to provide runtime visibility and enforcement of traffic. Network activity between zones and to the outside is logged and classified according to application network protocol, and packets are filtered inline to block any disallowed protocols or access. Events are consolidated back to the VMware vShield Manager, where activity across the entire datacenter can be logged, viewed and exported to third-party management solutions.
No comments:
Post a Comment