VMware VSHIELD APP User manual

P R O D U C T D A T A S H E E T / 1

D A T A S H E E T

AT A G L ANCE

VMware vShield App, part of the VMware vShield

family of virtualization security products, protects

applications in the virtual datacenter from network-

based threats. vShield App gives organizations deep

visibility into network communications between

virtual machines and enables granular policy

enforcement with security groups. The solution

also eliminates the hardware and policy sprawl

associated through traditional measures, resulting

in a cost-eective solution that helps customers to

go beyond the limitations of physical security.

K E Y B E N E F I T S

•Increasevisibilityandcontrolovernetwork

communications between virtual machines.

•Eliminatetheneedfordedicatedhardware

and VLANs to separate security groups from

one another.

•Optimizehardwareresourceutilizationwhile

maintaining strong security.

•Simplifycompliancewithcomprehensivelogging

of all virtual machine network activity.

VMware vShield App

Protect Applications from Network-based Attacks

What Is VMware

vShield App?

VMware vShield App is a hypervisor-based application-aware

ﬁrewall solution for virtual datacenters. vShield App plugs

directly into VMware vSphere™ to protect against internal

network-based threats and reduce the risk of policy violations

within the corporate security perimeter using application-aware

ﬁrewalling with deep packet inspection and connection control

based on source and destination IP addresses.

vShield helps to simplify policy control by enabling the rapid

creation of business-relevant security groups and includes ﬂow

monitoring to analyze virtual machine network trac and

dynamically enforce security group policies. Administrators

can centrally manage vShield App through the included vShield

Manager console, which integrates seamlessly with VMware

vCenter™ Server to facilitate uniﬁed security management for

virtual datacenters.

How Does VMware vShield

App Work?

vShield App installs on each vSphere host, controlling and

monitoring all network trac on the host, even for packets that

never cross a physical network interface card (NIC). vShield App

can create and enforce policies based on administrator-deﬁned,

business-relevant security groups instead of physical boundaries

or static assumptions about application deployments.

vShield App provides a centralized interface that leverages

vCenter Server to consistently apply these policies across

multiple vSphere hosts in the virtual datacenter.

How Is VMware vShield

App Used?

•Eliminate blind spots – vShield App helps administrators

deﬁne and enforce granular policies for all trac that crosses a

virtual NIC, increasing visibility over internal virtual datacenter

trac while helping to eliminate detours to physical ﬁrewalls.

•Maintain change-aware protection – vShield App helps to

ensure that network topology changes do not impact

application security with continuous ﬁrewall protection for

virtual machines as they migrate from host to host.

VMware vShield App enables granular policy enforcement using security groups.

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed

at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be

trademarks of their respective companies. Item No: VMW_10Q3_DS_PROD_VSHIELD_APP_USLET_EN_R6

VMware vShield App

Flow Monitoring

•Abilitytoobservenetworkactivitybetweenvirtualmachines

to help deﬁne and reﬁne ﬁrewall policies, identify botnets and

secure business processes through detailed reporting of

application trac (application, sessions, bytes)

Security Groups

•Administrator-dened,business-relevantgroupingsofany

virtual machines by their virtual NICs

Policy Management

•Managementoffull-featuresthroughvShieldManager;many

features also accessible through vCenter Server interface

•Policyenforcementonsecuritygroups,vCentergroupingsand

TCP 5 tuple (source IP, destination IP, source port, destination

port, protocol)

•Programmableinterfaceformanagementandpolicy

enforcement using REST APIs

•Supportforintegrationwithenterprisesecuritymanagementtools

Logging and Auditing

•Basedonindustry-standardsyslogformat

•AccessiblethroughRESTAPIsandvShieldManager

•Administratordenedloggingon/oforrewallsatrulelevel

Find Out More

For information or to purchase VMware products,

call 877-4-VMWARE (outside of North America dial

650-427-5000), visit www.vmware.com/products,

or search online for an authorized reseller. For detailed

product speciﬁcations and systems requirements, refer

to the VMware vShield App Administration Guide.

•Eciently manage dynamic policies – vShield App helps to

simplify policy deﬁnition and provides administrators a rich

context for deﬁning and reﬁning internal ﬁrewall policies as

business needs evolve over time.

•Reduce botnet risks – vShield App helps security administrators

protect against botnets and other attacks by dynamically allocating

ports to trusted applications.

•Control access to shared resources – vShield App allows

security administrators to restrict access to shared services

such as storage and backup on vSphere hosts based on

IP address.

•Accelerate IT compliance – vShield App increases visibility

and control over virtual machine network security, providing

the logging and auditing controls that enterprises need to

demonstrate compliance with internal policies and external

regulatory requirements.

Key Features

Hypervisor-Level Firewall

•Inbound/outboundconnectioncontrolenforcedatthevirtual

NIC level through hypervisor inspection, supporting multihomed

virtual machines

•Abilitytoenforcebasedonnetwork,applicationport,protocol

type (TCP, UDP), application type

•Dynamicprotectionasvirtualmachinesmigrate

•IP-basedstatefulrewallandapplicationlayergatewayfor

a broad range of protocols including Oracle, Sun Remote

ProcedureCall(RPC),MicrosoftRPC,LDAPandSMTP;

complete list of supported protocols in VMware vShield

App Administration Guide

Other VMware Software manuals

VMware

VMware THINAPP 4.6 - MIGRATING APPLICATIONS TECHNICAL... User guide

VMware

VMware VIEW 4.5 Quick setup guide

VMware

VMware VCLOUD API 1.0 - TECHNICAL NOTE Operating instructions

VMware

VMware VCENTER CHARGEBACK User manual

VMware

VMware VIRTUALIZATION AND CLOUD MANAGEMENT Installation guide

VMware

VMware GLOBAL SUPPORT SERVICES User manual

VMware

VMware VCLOUD REQUEST MANAGER 1.0.0 User manual

VMware

VMware VSHIELD APP 1.0 - API Operating instructions

VMware

VMware CONVERTER STANDALONE 4.3 User manual

VMware

VMware VCENTER CONFIGURATION MANAGER Quick guide

VMware

VMware VCENTER APPLICATION DISCOVERY MANAGER 6.0 User manual

VMware

VMware VCENTER CONVERTER EN-000158-02 User manual

VMware

VMware VCM 5.3 User manual

VMware

VMware VLM3-ENG-CP - Lab Manager - PC User manual

VMware

VMware VSHIELD User manual

VMware

VMware vSphere 4 User manual

VMware

VMware DISK MOUNT UTILITY WORKSTATION 5.5 User manual

VMware

VMware VCENTER APPLICATION DISCOVERY MANAGER 6.1.1 -... User manual

VMware

VMware VCENTER APPLICATION DISCOVERY MANAGER 6.1.1 -... User manual

VMware

VMware VFABRIC TC SERVER User manual

VMware

VMware VIEW 4.5 - ARCHITECTURE PLANNING... User manual

VMware

VMware VSHIELD APP 1.0.0 UPDATE 1 - API Operating instructions

VMware

VMware APPSPEED SERVER 1.5 - VCENTER APPSPEED INSTALLATION... Installation and operation manual

VMware

VMware VIEW 4.5 - ARCHITECTURE PLANNING... User manual

Popular Software manuals by other brands

COMPRO

COMPRO COMPROFM manual

Muratec

Muratec OFFICEBRIDGE ONLINE user guide

Oracle

Oracle Contact Center Anywhere 8.1 installation guide

Adobe

Adobe 65007312 - Photoshop Lightroom Programmer's guide

Avaya

Avaya NULL One-X for RIM Blackberry user guide

HP ProLiant BL420c user guide

PS Audio

PS Audio PowerPlay Programming manual

Brady

Brady LOCKOUT PRO 3.0 Administrator's guide

Avaya

Avaya Interaction Center user guide

Texas Instruments

Texas Instruments TI-83 Plus Silver Edition Guide book

Novell

Novell GROUPWISE 8 - INTERNET AGENT manual

Oracle

Oracle Application 9i Configuration guide

Acer

Acer RDM user guide

Canon

Canon Vixia HF21 instruction manual

Canon

Canon ZR950 instruction manual

Samsung

Samsung Auto Backup user manual

Polycom

Polycom Vortex EF2201 Application note

Brocade Communications Systems

Brocade Communications Systems Brocade 8/12c user manual