VMware vCloud Networking and Security

vCloud Networking and Security consists of the following components: Edge, App, VXLAN, Data Security and vCloud Ecosystem Framework, all managed centrally through vCenter and vCloud Director.

The Edge gateway component of vCloud Networking and Security delivers an operationally efficient, and cost-effective security services gateway to secure the perimeter of virtual datacenters. The Edge virtual appliance provides firewall for virtual datacenters as well as integrated gateway services such as NAT, load balancer, VPN and DHCP and is fully integrated with VMware vCenter Server and VMware vCloud Director.

• Eliminate the need for specialized hardware with integrated firewall, load balancer, VPN and DHCP.
• Support Multi-Tenancy environments and safely share network resources by creating logical security boundaries that provide isolation for virtual datacenters.
• Ensure performance and availability of web services by efficiently managing inbound web traffic across virtual machine clusters with load balancing capabilities.
• Get increased visibility and control over security at the network edge.

Segment and isolate critical applications within the virtual data center using vNIC level firewalling. App enables you to create logical and elastic trust zones, that are protected from network-based threats. Get deep visibility into network communications and enforce granular policies with security groups.

• Maintain isolation and segmentation as virtual machines migrate from host to host with application level firewall
• Eliminate blind spots and improve visibility with detailed traffic statistics and reporting
• Accelerate and improve audit and compliance with logging of firewall activity and administrative changes

VXLAN is the foundation for creating elastic portable virtual datacenters. VXLAN technology allows compute resources to be pooled across non-contiguous clusters or pods. You can then segment this pool into logical networks attached to applications. Unlike VLANs, VXLANs virtual networks can span across virtual resources pools and physical boundaries - and as such, are more efficient, scalable, resilient and manageable.

VXLAN works by creating Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets. A "Segment ID" in every frame differentiates the VXLAN logical networks from each other without any need for VLAN tags. This allows very large numbers of isolated Layer 2 VXLAN networks to co-exist on a common Layer 3 infrastructure with complete isolation from each other and the underlying network.

• Optimize datacenter compute utilization through the support for “stretched clusters” that cross physical boundaries
• Streamline network operations by running VXLAN on standard Layer 3 IP networks, eliminating the need to build and manage a large Layer 2 underlying transport layer
• Run VXLAN over standard switching hardware, with no need for software upgrades or special code versions on the switches.

Data Security scans virtual workloads for sensitive data - such as credit card information - and reports violations of regulations (such as PCI-DSS), enabling IT organizations to quickly assess the state of compliance with regulations from around the world.

• Identify sensitive business information
• Predefined templates for country and industry-specific regulations, to quickly identify and reports on sensitive data exposures.
• Improve performance by offloading data discovery functions to a virtual appliance

vCloud Ecosystem Framework provides customers with the assurance that their existing security controls can be leveraged within virtual and cloud infrastructure. The framework allows for partners to integrate at various levels:

• the virtual network interface card or vNIC
• the virtual network edge
• the policy management plane

Read more on VMware and partner security solutions as well as the latest security partner integrations.

Through seamless integration with VMware vCenter Server™ and vCloud Director, vCloud Networking and Security provides a central point of control for deploying, managing, reporting, logging, and integrating 3rd party security and gateway services. In addition, role-based access control enables separation of duties and compliance.