Build a Flexible, Efficient Datacenter
vSphere with Operations Management combines the world’s leading virtualization platform with VMware’s award winning management capabilities. This new solution enables IT to gain operational insight into the virtual environment providing improved availability, performance, and capacity utilization. Run business applications confidently to meet the most demanding service level agreements at the lowest TCO.
- Features Overview
- vSphere ESXi Hypervisor
Distributed Resources Scheduler (DRS),
Distributed Power Management (DPM)
Secure Your Virtual Infrastructure
All virtualization platforms are not the same. As you move to adopt virtual infrastructure solutions to reduce costs and improve IT operations, make sure you understand the security implications of virtualization technology and the platform you choose. VMware offers the most robust and secure virtualization platform available.
Hosted vs. Bare-Metal Virtualization
There are two common approaches to virtualization: hosted and bare-metal. Hosted virtualization software runs as an application or "guest" on top of a general-purpose operating system. Bare-metal virtualization interfaces directly with computer hardware, without the need for a host operating system. Below you can see the common security issues and the implications of choosing a hosted versus bare-metal virtualization platform.
|Vulnerability of the underlying operating system||Hosted virtualization products run on general-purpose operating systems and are susceptible to all the vulnerabilities of and attacks on such systems.||VMware bare-metal virtualization is built around the VMkernel, a special-purpose microkernel that has a much smaller attack surface than a general-purpose operating system.|
|Sharing of files and data between the guest and the host||Most hosted virtualization products provide methods to share user information from the guest to the host (shared folders, clipboards, etc). Although convenient, these are vulnerable to data leakage and malicious code intrusion.||Since vSphere is designed specifically for virtualization, there is no mechanism or need to share user information between virtual machines and their host.|
|Resource allocation||Hosted virtualization products run as applications in the process space of the host OS. They are at the mercy of the host OS and other applications.||VMware bare-metal virtualization allocates resource intelligently while isolating virtual machines from underlying hardware components. No single virtual machine can use all the resources or crash the system.|
|Target Usage||Hosted virtualization is targeted for environments where the guest virtual machines can be trusted. This includes software development, testing, demonstration, and trouble-shooting.||vSphere is meant to be used in production environments in which the guest virtual machines can potentially be exposed to malicious users and network traffic. Strong isolation and strict separation of management greatly reduce any risk of harmful activity going beyond the boundaries of the virtual machine.|
Thin Virtualization: Get Strong Security in a Small Package
Thin virtualization, found in software such as vSphere 5.1, is the next step in virtualization, dramatically strengthening security and manageability.
- Removal of the console OS significantly reduces the software footprint providing for simplified deployment, less maintenance and significantly fewer patches.
- Reduced size eliminates extraneous software and makes the attack surface much smaller, reducing the potential for vulnerabilities.
- Built in mechanism for preventing the installation of unauthorized software. Only software packages with digital signatures can be installed on a vSphere host.
- Robust APIs enable agentless monitoring eliminating the need to install 3rd party software components directly on the host.
vSphere 5.1: The Most Secure Hypervisor On The Market
Software Acceptance Levels. Only software that meets the user-defined acceptance level and contains a trusted digital signature can be installed on a vSphere host.
Host Firewall. The vSphere host management interface is protected by a service-oriented and stateless firewall, which you can configure using the vSphere Client or the ESXCLI command line interface. A new firewall engine eliminates the use of iptables and uses rule sets to define port rules for each service. For remote hosts, you can specify the IP addresses or range of IP addresses that are allowed to access each service.
Improved Security. There is no longer a dependency on a shared root account when working from the ESXi Shell. Local users assigned administrative privileges automatically get full shell access. With full shell access local users no longer need to “su” to root in order to run privileged commands.
Improved Logging and Auditing. In vSphere 5.1 all host activity, from both the Shell and the Direct Console User Interface (DCUI), are logged under the account of the logged in user, making it easy to monitor and audit activity on the host.
Secure Syslog. All log messages are generated by syslog, and messages can now be logged on either local and/or one or more remote log servers. Messages can be remotely logged using either the Secure Sockets Layer (SSL) or TCP connections. Log messages from different sources can be configured to go into different logs. Configuration of message logging can also be accomplished using ESXCLI command line interface in addition to the vSphere client.
AD Integration. The host can be configured to join an Active Directory domain. Any user trying to access the host will automatically be authenticated against the centralized user directory. You can also have local users defined and managed on a host-by-host basis and configured using the vSphere Client, vCLI, or PowerCLI. This second method can be used either in place of, or in addition to, the Active Directory integration.
vShield Endpoint bundling. Now included in vSphere 5.1, vShield Endpoint offloads antivirus and anti-malware agent processing inside guest VMs to a dedicated secure virtual appliance delivered by VMware partners.