Get comprehensive perimeter network security for virtual datacenters with VMware vShield Edge, part of the VMware vShield family. vShield Edge integrates seamlessly with VMware vSphere™ and includes essential network gateway services so you can quickly and securely scale your cloud infrastructures.
- Reduce cost and complexity by eliminating multiple special purpose appliances and by rapidly provisioning network gateway services
- Ensure policy enforcement with built-in edge network security and services
- Increase scalability and performance with one edge per organization or one edge per tenant
- Simplify IT compliance with detailed logging
- Streamline management using a full-featured interface that integrates with VMware vCenter Server and third-party solutions.
Questions?
1-877-486-9273
VMware VMware vShield Edge FAQs
- 1. Which existing VMware products are compatible with vShield Edge?
-
vShield Edge is compatible with:
- (Required) vSphere: 4.1 (including ESX, ESXi 4.1, 4.0), 5.0
- vCenter Server: 4.0, 4.1, 5.0
- vShield App 1.0, 5.0
- vShield Endpoint 1.0, 5.0
- vCloud Director
- 2. Is vShield Edge compatible with earlier versions of VMware ESX (3.0, 3.5) and VMware vCenter (2.5)?
-
vShield Edge is not compatible with these earlier versions of VMware ESX and VMware vCenter. Customers are encouraged to upgrade to current versions of vCenter and vSphere (including ESX 4.0, 4.1) to benefit from security and other advanced virtual data center management capabilities.
- 3. What are the main use cases for vShield Edge?
-
There are two key use cases for the vShield Edge product:
- Offering multi-tenant hosting services
- Site-to-site VPN to connect partners
For the multi-tenant case, enterprises host potentially hundreds or thousands of tenants in shared infrastructure with:
- Traffic isolation between the tenants
- Complete protection and confidentiality of tenant apps and data
- Integration with enterprise directory services, such as Active Directory
- Complying with various audit requirements
vShield Edge lets you:
- Guarantee full confidentiality and protection of tenant apps and data with built-in firewall and VPN
- Use enterprise-directory services for security policies
- Accelerate compliance by logging all traffic information on per-tenant basis
- Lower cost of security by 100+% by eliminating purpose built appliances and by increasing utilization and virtual machine density
For partner extranets (site-to-site VPN) use case, enterprises can:
Deploy a shared infrastructure to allow partners to access applications and data by:
- Enjoying complete confidentiality
- Leveraging existing VPN solutions from Cisco, Checkpoint or Juniper
- Getting optimal application server utilization
- Ensuring compliance to various audit requirements
vShield Edge lets you:
- Reduce management cost to provision new partners by supporting multiple third party VPN devices
- Improve security with strong encryption of all communication between partners
- Simplify management with vCenter integration and remote management with REST API
- Lower cost of security by 100+% by eliminating purpose built appliances, increasing server utilization and virtual machine density
- 4. What is the relationship between vShield Edge and vShield App?
-
While both products provide virtual network firewall capabilities, their implementations are different and address different scenarios. vShield Edge creates a barrier between resources in a virtual datacenter and un-trusted networks, such as other virtual datacenters in the same private cloud. In contrast, vShield App controls traffic between virtual machines within the same vDC and more specifically, on the same vSphere host. The following table summarizes key differences between the two products.
Attribute vShield Edge vSphere App Purpose
Secure traffic between the virtual data center and un-trusted networks
Secure traffic between virtual machines within a single vSphere host
Deployment
Per Port Group
Per host
Features
Security
Firewall, VPN
Firewall
Firewall
Stateful, IP-based, 5-tuple*
Application-based, 5-tuple plus use of Security Groups
NAT, DHCP Services
Yes
No
Availability
Load Balancing across VMs
No
- 5. What are the similarities and differences between the various VMware security solutions?
-
There are three solutions for virtualized network security on vSphere-based environments:
- vShield App
- vShield App with Data Security
- vShield Edge
The following table summarizes a comparison of key features for these three products:
Feature vShield Edge
vShield App vShield App with Security
vShield Endpoint Deployment Method
Per port group
Per host
Per host
Per host
Enforcement
Between virtual datacenter and un-trusted networks
Between virtual machines
Between virtual machines
Within the guest virtual machine
Anti-virus, Anti-malware
No
Yes
Yes
Yes
Site-to-Site VPN
Yes
No
No
No
NAT, DHCP services
Yes
No
No
No
Load balancing
Yes
No
No
No
Sensitive Data Discovery
No
No
Yes
No
Stateful firewall
Yes
Yes
Yes
No
Change-Aware
Yes (1)
Yes
Yes
No
Hypervisor-based firewall
No
Yes
Yes
No
Application firewall
Yes
Yes
Yes
No
Flow Monitoring
No
Yes
Yes
No
Groupings for policy enforcement
Only 5-tuple (2) based policies
1) 5-tuple
2) Security Groups: resource pools, folders, containers and other vSphere groupings
1) 5-tuple
2) Security Groups: resource pools, folders, containers and other vSphere groupings
Any available vCenter groupings for virtual machines
(1) The Port Group Isolation feature is actually deployed as an LKM (Loadable Kernel Module). All other features are provided in the virtual appliance.
(2) Edge security and services are maintained within the host where the edge appliance is deployed. If the virtual appliance were moved to another host, the edge security policies would need to be updated.
