virutalization and the future of datacenter security
Post on 16-Jan-2015
1.400 Views
Preview:
DESCRIPTION
TRANSCRIPT
The Future Of Datacenter Security
Charu Chaubal
Senior Architect, Technical Marketing
November 2008
Operating System
Exchange
Operating System
Virtualization
Operating System
VPN
Operating System
Virtualization
Operating System
File/Print
Operating System
Virtualization
Operating System
CRM
Operating System
Virtualization
Virtual Infrastructure
InterconnectPool
CPUPool
MemoryPool
StoragePool
Hypervisor Virtual Infrastructure
Virtual Infrastructure
InterconnectPool
CPUPool
MemoryPool
StoragePool
CRM
Operating System
CRM
Operating System
VPN
Operating System
VPN
Operating System
File/Print
Operating System
File/Print
Operating System
Exchange
Operating System
Exchange
Operating System
CRM
Operating System
CRM
Operating System
VPN
Operating System
VPN
Operating System
File/Print
Operating System
File/Print
Operating System
Exchange
Operating System
Exchange
Operating System
An OS for the Virtual Datacenter
Impact #1: Apps decoupled from Infrastructure
VMotion
HA
VCB
NIC & HBA Teaming
VMotion
Storage VMotion
Network Redundancy
Application-independent Uptime Mechanisms
PerformancePlanned Downtime Unplanned Downtime
VM Failure Monitoring
Virtual Machines
Server
ESX Server
App
OS
App
OS
App
OS
App
OS
App
OS
Storage
Interconnect
Site Recovery Manager
Impact #2: Desktops Look Like Servers
Thin or Stateless Clients
TraditionalDesktops
VirtualCenter
VDM
Clients Virtual Desktop
Manager VMware
Infrastructure
Centralized Management
• Physical Security attainable
• Can extend server security and management practices to the local PC
• Isolation contains faults and allows full user experience
Impact #3: Servers Act Like Files
Servers Can Be Managed Like Documents
Publish or Retract
Audit Usage
Retain
Dispose
Document Lifecycle Management
Request for VM
ProvisioningDelete VM
Archive VM
Virtual Machine Lifecycle Management
Monitor & Adjust
Resources
Power-On or Suspend VM
Route VM for Approval
Deploy VM from
Template
Create Approve
Request Document
Master VM
Linked Clone
File Replication, De-duplication, Check-in/out
App
OS
App
OS
App
OS
App
OS
View Manager and View Composer Linked Clone
Client Virtualization
Check-In Check-Out
Google Chrome
Google Chrome
Google Chrome
Google Chrome
VirtualCenter
Clients VMware
Infrastructure
Centralized, Efficient File Processing
Offline Ops• Patch• Malware Scan• Configuration• Backup
Impact #4: Insight Through Hypervisor APIs
VMsafe API and Partner Program
Protect the VM by inspection of virtual components (CPU, Memory, Network and Storage)
Run outside the VM
Complete integration and awareness of VMotion, Storage VMotion, HA, etc.
Fundamentally changes protection available for VMs running on VMware Infrastructure vs. physical machines
Provides an unprecedented level of security – “Virtual is more secure than Real”
ESX
VMsafe
ESX with VMsafe
http://vmware.com/go/vmsafe
Impact #5: Appliances Go Virtual
Overcomes the limitations of physical topology
Deploy anywhere
Increases the granularity of security within the datacenter
Deploy as many appliances as necessary
Auto-Configuration Of App Security
AppApp
AppApp
AppApp
App
Web tier App tier DB tierAvailability = 99.99%
Security = High
Performance = 500 msec
SLA DefinitionsvApp
Web
OS
App
OS
DB
OS
Availability = 99.99%
Security = High
Performance = 500 msec
SLA DefinitionsvApp
Web
OS
App
OS
DB
OS
Dynamic Capacity, Mobility Awareness
App
AppApp
App
AppApp
Web tier
App tier
DB tier
App
“No free lunch” rule applies to virtualization
The Good The Bad
Easy machine creation “VM sprawl”
Mobility Breaks static security
Abstraction layer New layer to be secured
Tremendous flexibility Potential for Misconfiguration
Summary
Virtualization fundamentally transforms security
Need to have a broader perspective about virtualization – utilize everything that’s different
The “Next Generation” of datacenter is coming – and so are the security products
Where to Learn More
Security
Hardening Best Practices
Implementation Guidelines
http://vmware.com/go/security
Compliance
Partner Solutions
Advice and Recommendations
http://vmware.com/go/compliance
top related