emc solution for vmware view™4 virtual desktop
DESCRIPTION
EMC Solution for VMware View™4 Virtual Desktop. Planning The Perfect Virtual Desktop Deployment Jeff Thomas Sr. vSpecialist Western Region Manager EMC Corporation [email protected]. Super Session Agenda. Technical overview of VMware View Solutions 1:00-1:45pm - PowerPoint PPT PresentationTRANSCRIPT
1© Copyright 2010 EMC Corporation. All rights reserved.
EMC Solution for VMware View™4 Virtual Desktop
Planning The Perfect Virtual Desktop Deployment
Jeff Thomas Sr. vSpecialist Western Region Manager EMC [email protected]
2© Copyright 2010 EMC Corporation. All rights reserved.
Super Session Agenda
Technical overview of VMware View Solutions 1:00-
1:45pm
Break 1:45-
2:00pm
Security Solutions for Virtualization and VMware View 1:00-
1:45pm
Break & Drawing for 1 yr Subscription to Netflix 2:45-
3:00pm
White Board Session 3:00-
3:45pm
Wifi Blue Ray Player Prize Drawing
3:45pm
3© Copyright 2010 EMC Corporation. All rights reserved.
Typical Challenges to Contend With…
Distributed workforce• Mobile & remote workers• Outsourcing & off-shoring
• Contract Workers
Limited control of PCs• Patch compliance
• Security• Regulatory compliance
Focus on PC hardware• Many makes & models
• Refresh cycles
Management complexity • Deployment
• Support• Security
4© Copyright 2010 EMC Corporation. All rights reserved.
Centralize compute resource
Increase flexibility & agility
Simplify management
Improve standardization
VMware View - Addressing the Challenges…
5© Copyright 2010 EMC Corporation. All rights reserved.
New Challenges Arise
• Current infrastructure designed for server workloads• Must reduce TCO per user• Large number of VMs to manage• Aggressive and somewhat unpredictable performance profiles• Availability and performance requirements increase• Small changes have a big impact (10 IOPS per desktop multiplies)
~10 IOPS10 GB
~600 IOPS600 GB
99.999%
99%
EMC Addressing the Challenges…
• Store and Manage Efficiently
• Protect the migrated user data
• Secure user access
• Scalable, Flexible Infrastructure
6© Copyright 2010 EMC Corporation. All rights reserved.
Areas of Focus – Ensuring Success
Management and Provisioning
Data Protection
Security
Deploying at Scale
7© Copyright 2010 EMC Corporation. All rights reserved.
Management and Provisioning
Management and Provisioning
Data Protection
Security
Deploying at Scale
8© Copyright 2010 EMC Corporation. All rights reserved.
Virtual Desktops – Impact to Infrastructure
Traditional Environment Thousands of desktop systems distributed
through the enterprise
Distributed data needs to be managed Each user has there own C:\ drive with boot disk and user data
IT supports/maintains remote systemsIncludes hardware compatibility and software updates
Consolidated Environment Thin Clients access data and applications
over the network
Centralized boot disk and user data Allows IT to enforce corporate policies for what is on desktopSimplified software management and hardware independence
Thin Clients
LAN/WAN
Desktop VMs
ESX Servers
9© Copyright 2010 EMC Corporation. All rights reserved.
What is a Virtual Desktop made of?
User Data Disk
• Persistent disk to store user data and settings
• Consistent user experience while maintain tight control and compliance
Base Image
•Highly managed OS disk
•Reduce provisioning time
•Simplified updates and patches
Operating System
User Data
Application
10© Copyright 2010 EMC Corporation. All rights reserved.
Boot Drive: Techniques to Lower Cost and Maintain Availability
Minimize Boot Disk Capacity Requirements
1,000 users with a 10GB Boot Disk each• Standard Boot Disk for each client ~
1,000 clients = 10TB of storage • Leveraging VMware’s View Composer
or EMC Snapshots to create “Thin” Boot Disks provides 60-80% less drive consumption
Full Boot Image/Client
VMware Composer/Array Snaps
10TB
2-4TB
60-80%Less
Capacity
VMware View Composer significantly reduce Virtual
Desktop Boot Disk Consumption
Key Benefits:• Dramatically drives down storage costs
• 5 9’s availability across all arrays• Reduces time deploy multiple images• Simplifies maintenance and updates
11© Copyright 2010 EMC Corporation. All rights reserved.
View Composer: Linked Clone Technology
– A linked clone is a thin copy of the original virtual machine that shares the virtual disk with the base virtual machine in an ongoing manner Base virtual disk is called replica
– Linked clones are given separate identity created with QuickPrep Clones can be powered on, suspended, snapshot, reconfigured
independent of the parent
– Optionally, clones can have additional private disks calleduser data disk
12© Copyright 2010 EMC Corporation. All rights reserved.
Base
Master (Template) VM
Data Disk
Data Disk
Data Disk
System Disk
System Disk
System Disk
N
2
1
Replica
Linked Clone N
Linked Clone 2
Linked Clone 1
Use Cases1. Deploy2. Refresh
Snap1
Desktop Deployment via VMware View Composer
13© Copyright 2010 EMC Corporation. All rights reserved.
Data Disk
Data Disk
Data Disk
System Disk
System Disk
System Disk
Replica
Linked Clone N
Linked Clone 2
Linked Clone 1
N
2
1
Use Cases1. Deploy2. Refresh
3. Re-Compose
Base
Master (Template) VM
Snap1Snap2
Desktop Deployment via VMware View Composer
14© Copyright 2010 EMC Corporation. All rights reserved.
Use Cases1.Deploy2.Refresh
3.Re-Compose4.Re-Balance
Replica
Replica
Base
Master (Template) VM
Snap2
Desktop Deployment via VMware View Composer
15© Copyright 2010 EMC Corporation. All rights reserved.
Data Protection
Management and Provisioning
Data Protection
Security
Deploying at Scale
16© Copyright 2010 EMC Corporation. All rights reserved.
Addressing Backup/Restore for VMware ViewAvamar
Avamar delivers up to 90% faster VMware backups, resulting in 50% or greater server consolidation
Unified backup approach for both physical and virtual environments
Universal support for file and image level backup
Transparent backups for end users – Move up to 99% less data
Self service end user restores* – Available in physical environments only*– Windows and MAC
Virtual DesktopFile level
View ServerImage level
Physical File level
17© Copyright 2010 EMC Corporation. All rights reserved.
Leveraging Avamar with VMware View
Application-consistent backups for:
– vCenter database– Virtual Desktop
Manager– Active Directory– User home directories
Crash-consistent backups using the underlying storage and Replication Manager
= Avamar Software Agent
Avamar Data Store
VMware vCenter
VMware Virtual Desktop Manager
Microsoft Active Directory
Virtual Desktop Templates
User Home Directories
Avamar Accelerator Node
Centralized Storage
Approach 1
Approach 2
18© Copyright 2010 EMC Corporation. All rights reserved.
Security
Management and Provisioning
Data Protection
Security
Deploying at Scale
19© Copyright 2010 EMC Corporation. All rights reserved.
Complete Security Solution for VMware View
RSA enVision for security monitoring and reporting
RSA SecurIDfor ESX Service Console and vMA
RSA SecurID for remote
authentication
RSA DLP for protection of data
Ionix SCM for security config and patch
management
RSA enVision Log Collector
For VMware vCenter
Clients
VMware Infrastructure
VMwareView Manager
VMwarevCenter
Active Directory
OfflineLaptop
20© Copyright 2010 EMC Corporation. All rights reserved.
SecurBook – Best Practices for VMware View
RSA Solutions • Multi-product, integrated
solutions• Tested and validated in the
RSA Solutions Center
RSA SecurBooks • Solution guides enable
administrators to better plan, deploy, and manage RSA solutions
21© Copyright 2010 EMC Corporation. All rights reserved.
Deploying at Scale
Management and Provisioning
Data Protection
Security
Deploying at Scale
22© Copyright 2010 EMC Corporation. All rights reserved.
100% Random Read Miss 8KBOne Drive per DA Processor - 8 processors
0
10
20
30
40
50
60
70
80
90
100
110
0 5000 10000 15000 20000 25000 30000 35000 40000 45000IOPs
Res
pons
e Ti
me
Mse
c
Scaling Storage for Virtual Desktops
15K FC drives(8 drives)
Enterprise Flash Drives (8 drives)
SATA drives(8 drives)
Flash -- Significantly More IO/s per Drive at Much Lower Response Time
23© Copyright 2010 EMC Corporation. All rights reserved.
The Challenge Architecting a View Environment to size for BOTH capacity and performance at
scale when leveraging Linked Clone Technology
The Analysis 4000 x 10GB boot images = 24TB (90-95% capacity savings) 5 iops per user = 20,000 iops
The Result at scale, data reduction technologies + EFD saves you $$$
The Case for Enterprise Flash Drives
Drive Type Sustained IOPS # of drives
10k FC 130 153
15k FC 180 112
EFD 2000 10
24© Copyright 2010 EMC Corporation. All rights reserved.
Disk Response Times
0
10
20
30
40
50
60
EFD Disk Response TimeFC Disk Response Time
Time
Dis
k R
espo
nse
Tim
e (m
il se
c)
Boot
Steady State
25© Copyright 2010 EMC Corporation. All rights reserved.
Disk Response Times
0
10
20
30
40
50
60
EFD Disk Response TimeFC Disk Response Time
Time
Dis
k R
espo
nse
Tim
e (m
il se
c)
60% lower average RT90% lower peak RT7x VMs per spindle
26© Copyright 2010 EMC Corporation. All rights reserved.
User Data: EMC Tiered Storage Minimizes The Cost And Complexity Of Backup And Management
Desktop VMs
Thin Clients
LAN/WAN
Policy-based Management to Automate Deduplication, Tiering,
Mobility, Replication and Archiving
Key Benefits: Reduce capacity ≈50% Reduce total Storage costs ≈ 80% Improve service levels
– 5 9’s availability– Faster backups and restores
Operational Efficiency– Centralized
anti-virus Quota management Backup/Recovery DR
– Automated Tiering and Archival
Tier 1 – $$$$
VDI User Data
Tier 2 – $$
Tier 3 – $
27© Copyright 2010 EMC Corporation. All rights reserved.
Storage Infrastructure Deployment OptionsEnterprise virtual desktop infrastructure: design for performance and reliability
EMC Symmetrix V-Max is a new enterprise-class storage array that incorporates a new high-performance fabric interconnect designed to meet the performance and scalability demands for enterprise storage within the most demanding virtual data center installations. EMC Symmetrix is the industry standard for high-end information storage systems—the unsurpassed market leader for availability, consolidation, performance, application integration, power efficiency, and information-centric security.
EMC Unified Storage (CLARiiON CX4/Celerra) delivers industry-leading innovation in midrange storage with a unique combination of flexible, scalable hardware design and advanced software capabilities – it is optimized for file and block access, delivering high-end features in a scalable, easy-to-use package.
ALL EMC PLATFORMS =
vStorage Ready!
28© Copyright 2010 EMC Corporation. All rights reserved.
EMC Proven Solutions
Help youidentify
and overcomebusiness
challenges
Reduce risk anddeliver faster
implementations
Address uniqueindustry
challenges
Simplify the managementof complexapplication
environments
29© Copyright 2010 EMC Corporation. All rights reserved.
Highly Scalable Infrastructure for Virtual DesktopsScalability study for deploying VMware View on Cisco UCS and EMC V-Max
Symmetrix Virtual Provisioning allows on-demand storage allocation which provides significant savings in physical storage required for virtual desktops
Auto-provisioning Groups greatly reduces the time it takes to map and mask Symmetrix devices and present them to a VMware virtual infrastructure
Symmetrix Remote Data Facility (SRDF) with VMware’s Site Recovery Manager (SRM) provides protection from any disaster that might disable a primary production site
EMC Symmetrix V-Max
CiscoUCS
VMware View
VMware View Use CaseScale to thousands of desktops, reduce cost of desktop management, and secure/protect corporate data
30© Copyright 2010 EMC Corporation. All rights reserved.
EMC Global Services - VMware Catalog
EMC Consulting
Technology Solutions and Services
Education Services
Residency Services
Adopt VMware with EMC’s Core Competencies…
Infrastructure Business Continuity Management Client and Cloud
Strategy Business Case Development Application Transformation
VMware Design and Implementation
Physical to Virtual Migration
Business Risk Alignment Recovery Planning
Replication and Recovery Site Deployment
Backup, Recovery, and Archive
Reporting and Dashboard Automation
Operational Excellence
Desktop Strategy Secure Access
Cloud Integration
Virtual Desktop Design and Implementation
Certification Training Full VMware Training
Portfolio
Training for Storage Replication and VMware Site Recovery Manager
VMware View Training
Resource Management Software and Tools
Discovery, maintenance, and updates
VMware Lifecycle Manager Training
Ionix Training Portfolio
Luiza Aguiar, Solutions Marketing [email protected] 2010
RSA Security Solutions for Virtualization
Source: Live EMC Forum pole conducted in 5 cities across N. America, 10/09
“Yes, in all cases”
24%“In some cases,
but there are gaps”
43%“No, security is brought in after
the fact”
22%“The business moves ahead
without security”
11%
QuestionDoes your IT security address the risks associated
with virtualization and private cloud before they are implemented?
Why is this bad?Restricted potential value
Increased potential for data breaches
QuestionDoes your IT security address the risks associated
with virtualization and private cloud before they are implemented?
Security Challenges with Virtualization
Trouble finding and tracking sensitive data and files in a dynamic virtual environment
Difficulty ensuring appropriate access to virtual sessions and sensitive information based on end-user identity
Poor visibility into end user and IT admin activity occurring across the virtual network environment that may compromise security and compliance
Ensuring users handle sensitive information appropriately during a virtual desktop session
Need for centralized security policy and management across both the physical and virtual infrastructure
Configuration and patch management to and detect/remediate vulnerabilities across rapidly scaling and growing VMs
New compliance requirements; creating/cloning/moving of virtual machines, data access, and privileged user activities
Leading the Way Toward 100% VirtualizationRSA: Security and Compliance for Virtual Environments
ACCELERATEIntegrate security
controls today that can accelerate the adoption
of virtualization for mission critical
applications
ADAPTDevelop one security
policy for both physical and virtual
environments
ADVANCELook to virtualization for a more advanced solution for endpoint
security
4444
RSA Capabilities for Virtualization Security
RSA Solution for VMware View
RSA Solutions for Virtual Data Center
Use Case Scenarios
SecureInformation
MonitorInfrastructure
ProtectIdentities
Accelerate Mission Critical VirtualizationWhat if you could…
Monitor and report on all activities across the IT stack – including the creation, cloning and moving of virtual machines
…monitor and report on all activities across the IT stack – both physical and virtual.
…know what is happening with sensitive information in a virtualized environment?
…be 100% confident of user and administrator identities before allowing access to virtual desktops and servers.
SecureInformation
MonitorInfrastructure
ProtectIdentities
Accelerate Mission Critical VirtualizationWhat if you could…
Monitor and report on all activities across the IT stack – including the creation, cloning and moving of virtual machines
…monitor and report on all activities across the IT stack – both physical and virtual.
…know what is happening with sensitive information in a virtualized environment?
…be 100% confident of user and administrator identities before allowing access to virtual desktops and servers.
47
InformationInfrastructureIdentities
Securing the Virtual Information Infrastructure
Policy Monitor | Audit | Report
enVision
Consulting EMC Security Assessment for Virtualized Environments
RSA SecurID EMC Ionix Server Configuration Manager
RSA DLP Endpoint
2-factor authentication to VMware ESX Service Console and VMware View Manager
Central configuration and patch management for virtual desktops
Discover and protect sensitive information within VMware Centralized Virtual Desktops
VM Lifecycle Management Assessment
EMC Consulting: Security Policy Development
Reporting Recommendations
Analysis
Security Policies and Controls Assessment
VM Infrastructure Hardening Assessment
VM Operational Processes Assessment
Security Assessment for Virtual Environments
Review current enterprise virtualization practices and controls via interviews with IT team members and process ownersReport on gaps between current practices and controls and best practicesMake recommendations for achieving a desired stateDevelop a roadmap for implementation of recommendations
49
RSA SecurID and Authentication Manager
• Establishing user identities for virtual desktop access
• Authenticating administrator access
• to ESX Service Console
• vSphere Management Assistant
• Multiple form factors of tokens
5050
RSA DLP Endpoint – protecting data at the endpoint
DLP Enterprise ManagerUnified Policy Mgmt &
EnforcementIncident
Workflow Dashboard & Reporting
User & System Administration
DLP Endpoint
Discover Local drives, PST files, Office files, 300+ file types
EnforceAllow, Justify, Block on Copy, Save As, Print, USB, Burn, etc.
RSA enVision
serversstorageapplications /
databasessecurity devices
network devices
SimplifyingCompliance
Compliance reports for regulations and
internal policy
AuditingReporting
EnhancingSecurity
Real-time security alerting and analysis
Forensics Alert / correlatio
n
Optimizing IT & Network Operations
IT monitoring across the infrastructure
VisibilityNetwork baseline
Purpose-built database
(IPDB)RSA enVision Log Management platform
enVision Dashboard – VMware Events and Activity
53
Managing Changes and Configurations – Ionix Server Configuration Manager
Pre-built compliance toolkitsMulti-platform server and desktop complianceVirtualization support
– Managing guest-to-host relationships
– Benchmark for compliance– VMware VirtualCenter plug-in
Change and configuration management RemediationPatch and vulnerability management
54
Managing Changes and Configurations –
Ionix Server Configuration Manager
Discover Configuration of Virtual Desktops
Establish a standard virtual desktop configuration and centrally enforce compliance to this standard
Ensure that latest security updates and patches are applied – Verify that required software agents are installed, properly
configured, and are running on the endpoint– Verify that the proper software services are installed, appropriately
configured, and running on the endpoint– All virtual desktops must be provisioned such that they belong to
the organization’s Windows domain
5555
RSA Capabilities for Virtualization Security
RSA Solution for VMware View
RSA Solutions for Virtual Data Center
Use Case Scenarios
Gateway to infection and theft– 35% of infected PCs had up-to-date
antivirus software installed. (3)– Malware, typically contracted through
web browsing, contributed to 82% of records compromised in 2009 (4)
Today’s Endpoint Security Challenges
Source: (1) Gartner, Inc. (2) OSF Data loss DB (3) Panda Labs (4) Verizon Business
Expensive but still vulnerable– 60% of the security budget is
consumed by endpoint security software (1)
– Lost or stolen laptops is the largest single source of breaches (2)
Fraudsters
Virtual Data Center
Online Banking,Social Networkinge-Commerce, etc.
Physical endpoint
Security Considerations for VMware View
Extend security controls to third party desktops– Temporary, outsourced or contractor personnel– Mobile worker laptops
Quickly provision and secure new internal desktops – Mergers & acquisitions
Capture event data and audit logs to ensure compliance across the virtual stack
Centralized firewall controls across all desktops (vShield zones)
Granular control of removable NAS devices
RSA Solution for VMware View
58
RSA enVision for security monitoring and reporting
RSA SecurID for remote
authentication
RSA DLP for protection of data
in use
Ionix SCM for security config and patch
management
RSA enVision Log Collector
For VMware vCenter
Clients
VMware Infrastructure
VMwareView Manager
VMwarevCenter
Active Directory
RSA SecurIDfor ESX Service Console and vMA
RSA SecurBook for VMware View
RSA Solutions Multi-product solutionsValidated in the RSA Solutions Center
RSA SecurBooks Guides for planning, deploying, and administering RSA solutions.Comprehensive reference architecture, screenshots, practical guidance
59
6060
RSA Capabilities for Virtualization Security
RSA Solution for VMware View
RSA Solutions for Virtual Data Center
Use Case Scenarios
Transforming Security with Virtualization
Today:Most security is enforced by the OS and application stack
Storage
Virtual Infrastructure
(including hypervisor)
VDC Services Layer
vApp and VM layer
Secu
rity
Man
agem
ent
& R
epor
ting
Compute
Network
RSA’s vision:Surpass the levels of security possible in today’s physical infrastructures by pushing information security enforcement down the virtual stack
Security Challenges in the Virtual Data Center
62
Control access to sensitive data in an increasingly fluid virtual machine environment
Strong authentication of privileged users
Ease of integration with existing security operations
Full visibility into security-relevant events across the virtual stack for compliance reporting Symmetrix
V-MaxCLARiiON
Cisco UCS
Cisco Switches
VMware VMware
Virtualization
Server
Network
Storage
Security
Cisco UCS
Vblock: A New Way of Delivering IT to Business
Production-ready– Pre-integrated, tested and modular
packages of virtualized infrastructure
Best of breed technologies– Compute: Cisco UCS– Network: Cisco Nexus family, Cisco MDS
9000 series– Storage: EMC Symmetrix V-Max or EMC
Unified Storage (Celerra and CLARiiON)– Hypervisor: VMware vSphere 4– Management: Cisco UCS Manager, EMC
Ionix Unified Infrastructure Manager, VMware vCenter
– Security: RSA
RSA’s Approach to Securing Vblock
Extend customer’s existing RSA investments to the virtual infrastructure and deliver new capabilities
Layer onto Vblock architecture:
– User authentication
– Compliance monitoring and reporting
– Infrastructure security
– Data loss prevention
Validate RSA with Vblock Infrastructure Packages in the VCE Lab
64
RSA’s Approach to Securing Vblock
65
1) Secure the core Vblock
platform (VMware, Cisco,
EMC components)
2) Secure each application
validated with Vblock
(e.g., VMware View, SAP)
Central Security Management and Reporting
Applications
1. Secure the Core Vblock Platform
66
Secure Administrative User AccessRSA SecurID authentication for:
• ESX Service Console• vSphere Management Assistant
Security Monitoring & ReportingRSA enVision monitoring for:
• vSphere• EMC Symmetrix and CLARiiON
storage• Cisco UCS
Validated with
VBlock
1. Secure the Core Vblock Platform
67
VblockVblockVblock
VMware vSphere
Cisco UCS
EMC Storage
vSphere Management
AssistantRSA
enVision
Security and
compliance
officer
VMware administrator
Strong authentication
before access to ESX Service Console and
vSphere Management
Assistant
• Comprehensive visibility into
security events
• Security incident
management, compliance reporting
RSA SecurID
2. VMware View on Vblock
68
RSA enVision for security monitoring and reporting
RSA SecurID for remote
authentication
RSA DLP for protection of data
in use
Ionix SCM for security config and patch
management
RSA enVision Log Collector
For VMware vCenter
Clients
VMware Infrastructure
VMwareView Manager
VMwarevCenter
Active Directory
RSA SecurIDfor ESX Service Console and vMA
Validated with
VBlock
RSA SecurBook for VMware View
RSA Solutions Multi-product solutionsValidated in the RSA Solutions Center
RSA SecurBooks Guides for planning, deploying, and administering RSA solutions.Comprehensive reference architecture, screenshots, practical guidance
69
Summary: RSA in VMware En
RSA SecurID for user and administrative access to VMware View, ESX Service Console and vSphere Management Assistant
RSA enVision for monitoring and reporting on the entire virtual stack (vBlock; vSphere, Cisco UCS, EMC storage)
RSA DLP, enVision, SecurID and Ionix Server Configuration Manager for VMware View (on Vblock or any other platform)
EMC Consulting services
70
7171
RSA Capabilities for Virtualization Security
RSA Solution for VMware View
RSA Solutions for Virtual Data Center
Use Case Scenarios
Use Case Scenarios
Lost LaptopApplying a patch to a production systemUnauthorized Administrator
72
Laptop with NO sensitive data
Virtual Desktop with Access to sensitive data
Application with sensitive data
Scenario: The Lost Laptop
73
Secure Network
SSL + SecurID
Virtual Desktop• No USB or only secure USB allowed• No Internet access (vShield Zones enforced)• Fully logged by RSA enVision throughout the process
Sensitive Data is never out of datacenter control
Scenario: Applying a patch to a production system
Production Physical Host Test Physical HostHR Application Server VM
HR Database Server VM
HRDBName, SSN, DoB, etc
HR Application Server VM
HR Database Server VM
HRDBName, SSN, DoB, etc
PATCHPATCH
Step 1. Clone virtual environmentStep 2.Test PatchStep 3. Apply Patch to production environmentIs this an authorized procedure?
Is the test environment sufficiently protected & controlled?Who accessed the data in the test environment?
Was the VM destroyed after it was used?
A common way to apply patches is to try
them out in a test environment.
In a virtual world you can clone the system,
data and all
This is difficult and time-consuming in a
production environment, but very easy in a virtual
environment
Scenario: Applying a patch to a production system
Production Physical Host Test Physical HostHR Application Server VM
HR Database Server VM
HRDBName, SSN, DoB, etc
HR Application Server VM
HR Database Server VM
HRDBName, SSN, DoB, etc
PATCHPATCH
Step 1. Clone virtual environmentStep 2.Test PatchStep 3. Apply Patch to production environment
RSA enVision
VM Cloned Patch AppliedPatch Applied VM Deleted
Fully Audited Process
Out of policy?RSA enVision can log the administrative
activity from vCenter, like the VM being
cloned
If this is out of policy we can alert a security
analyst
If the test environment is properly protected, then it will also be monitored by
RSA enVision
PCI Physical server
Scenario: Unauthorized Administrator
PCI Physical serverStore Management Windows VM
Transaction DBCredit Card numbers
Transaction Management Application
RSA enVisionVM Moved by kpbrady
Active Directory
AuthorizedPCI Admin?
In a PCI environment, you need to validate that only authorized administrators are
modifying the system
Suppose permissions are set up incorrectly, and an unauthorized
administrator can move a VM
RSA enVision logs what activities were performed
and by whom
If the administrator is not authorized, RSA enVision can alert a
security analyst
RSA enVision can check against a “watchlist” of authorized PCI administrators
Why RSA?
Centralized Approach to Policy ManagementThe infrastructure to manage key security services centrally
Services to Help you Manage RiskServices to help you mature your processes while you virtualize
Visibility Across Identity, Infrastructure and InformationMonitor, audit and report across both physical and virtual IT environments
Secure VMware with Market Leading ProductsFrom the virtual desktop to datacenter and validated on VCE’s Vblock
Built-in Expertise …about regulations, threats and best practices. Built by teams of experts.
Learn More
RSA Security Brief: – Security Compliance in a Virtual World
http://www.rsa.com/node.aspx?id=1212 RSA SecurBook for VMware View – A Guide for Deploying and Administering the RSA Solution for
VMware View https://www.rsa.com/go/Securbook/Securbook_VM_land.htm
EMC white papers:– Securing the Virtual Information Infrastructure - Technology
Concepts and Business Considerations (available 2/25/10)
– Building the Virtual Information Infrastructure -Technology Concepts and Business Considerations http://www.emc.com/collateral/hardware/white-papers/h6721-building-virtual-information-infrastructure-wp.pdf
Thank you!
80© Copyright 2010 EMC Corporation. All rights reserved.
WHITE BOARD SESSION
81© Copyright 2010 EMC Corporation. All rights reserved.
RESOURCES – NEXT STEPS
Seminars Mar 4-
Controlling Change, Configuration & Compliance Costs in Physical, Virtual and Cloud Worlds , Phoenix
Mar 11- EMC DeDupe Seminar, Phoenix May 10-13- EMC World, Boston
WebinarsMar 3 -Speed and Extend Your Virtualization Initiatives (Part of a Series)Mar 4- EMC's IT Virtualization Journey - Updated (Part of a Series)Mar 4- SharePoint
Storage Design Guidance and Virtualization Best Practices (Part of a series)
ResourcesEMC's Journey to the Private Cloud (this is our internal journey)EMC and VMware Solution Tracks (whiteboard sessions)EMC Solutions for VMware