VMware vCloud Networking and Security

vCloud Networking and Security virtualizes networks and security to create efficient, agile, extensible logical constructs that meet the performance and scale requirements of virtualized datacenters. vCloud Networking and Security is architected using virtual security appliances and standard APIs to inspect traffic flows. Network traffic from virtual workloads is passed through purpose built App and Edge virtual appliances, where services such as firewalling and load balancing are applied. 3rd party services from integration partners also have access to network traffic via APIs. Using vCloud Networking and Security, enterprises can virtualize business critical applications with confidence, build secure and agile private clouds and secure their virtual desktop solutions.

• Protect and isolate critical applications with virtualization-aware firewall and adaptive trust zones
• Increase visibility and control over inter-VM communication
• Optimize resource utilization across non-contiguous clusters and pods
• Identify and protect sensitive business information

• Reduce manual networking provisioning and simplify deployment by eliminating VLANs
• Optimize management and consumption of compute resources across physical network boundaries
• Secure the edge of the virtual datacenter with integrated firewall and gateway services
• Manage inbound web traffic across virtual machine clusters with web load balancing capabilities

• Limit network access for remote third party users to authorized applications
• Protect sensitive data from access by unauthorized staff members or hackers
• Streamline security management and remove performance bottlenecks

The first step in creating software-defined networks and security is to abstract and pool the resources. Just as vSphere abstracted compute capacity from the server hardware to create virtual pools of resources that can be consumed as a service, vCloud Networking and Security abstracts networking and security into a generalized pool of capacity and separates the consumption of these services from the underlying physical infrastructure. This pool can span physical boundaries, optimizing compute resource utilization across clusters and pods.

Once you've created your pool of network and security resources, you can segment it into logical networks with VXLAN and attach these networks to specific applications. While there are other segmentation techniques such as using port groups on a virtual distributed switch, vApp encapsulation and physical VLANs, using VXLAN offers the distinct advantage of flexibility and the ability to stretch the clusters. Since the VXLAN network is now attached to an application, the network can move, grow or shrink with the application. And since logical networks are decoupled from physical network topology, these can be scaled without reconfiguring the underlying physical hardware. This solves the problem of time-consuming planning cycles for VLAN provisioning and managing VLAN sprawl. Operations are simplified and application provisioning is a lot faster

• Accelerate application provisioning by deploying virtual workloads without physical network re-configuration
• Scale applications as needed without VLAN sprawl
• Lowers cost and complexity by efficiently managing compute resources across subnet boundaries and non-contiguous clusters

This logical network provides layer 2 connectivity and a framework to attach higher-level Edge services including firewall, VPN and load-balancing. The application now carries its logical network and security policy with it as it is scaled. App distributed firewall provides workload level isolation and protection while applications vMotion through the environment. Customers benefit from “single pane of glass” management for all these services, reducing the cost and complexity of datacenter operations.

The logical networks you create can provide VMware-branded services through Edge and App virtual appliances, or you can integrate hardware or software-based 3rd party solutions. vCloud Ecosystem Framework provides an open architecture and standard APIs extend the platform to 3rd party innovation.

• Manage services from a single pane of glass
• Provide gateway services optimized for your needs
• Eliminate your dependency on appliances that are difficult to manage and cannot scale as your datacenter grows

vCloud Networking and Security is built on top of the VMware vShpere Virtual Distributed Switch, available in VMware vSphere Enterprise Plus Edition. vSphere Virtual Distributed Switch provides high-performance virtual networking across clusters. Integrated management with VMware vCenter and vCloud Director provides centralized control and visibility down to the virtual-port level.

vCloud Networking and Security provides additional value as policy-based automation and dynamic scaling of networking and security services can be utilized to unlock the efficiency and agility of the virtual datacenter.

• Provision services according to application metadata
• Eliminate the need for manual configuration processes and repetitive administrative tasks
• Automate provisioning and scale-out of networking and security services