VMware

Currently, most  virtualized environments are secured through the use of air gaps.  The air gap security model segregates applications in different trust zones on dedicated virtualized hosts with layers of security – usually involving firewalls, load balancers, and VPNs – protecting the interconnections that span the air gaps.  This model is effective, but it does not scale well when you have a larger virtualized environment or want to move to the cloud.  A new security model is needed for the cloud.

VMware is the only vendor that is addressing the security requirements for cloud computing, with solutions that allow customers to move from the traditional “air gap” security model to a “mixed trust” model that is more flexible, cost effective and can scale effectively for the cloud .

Competitors such as Microsoft, Citrix, Red Hat and Oracle are still promoting security solutions that are based on traditional physical security paradigms.  Only VMware is rethinking this old methodology to come up with a more efficient, less complex way to manage security .Only VMware, with the vShield 5 suite of security solutions, uses virtualization-aware technology to address the important concerns for security and compliance in the cloud head-on.  With vShield, customers are able to:

  • Simplify datacenter security without compromise
  • Deploy a better security model that scales for cloud computing
  • Continuously assess and automate compliance requirements

Better Security for Cloud-Ready Infrastructure

Traditional security models are highly static requiring static firewall rules, ‘air-gapped’ hardware, and software infrastructure for various application trust zoning needs. This is not appropriate in cloud infrastructures, which require rapid and dynamic reconfiguration of resources across datacenters.

The problem is, with virtualization, you can't rely solely on physical security measures…If you are not monitoring virtual traffic, there's no way you can detect those types of attacks

- Hyper-V security comes under scrutiny (searchvirtualization.com, July 2010)

With vShield, VMware delivers security and compliance that is change-aware. With vShield’s Adaptive Trust Zones, virtual machines no longer need to be ‘pinned’ to a particular host or cluster, allowing customers to  leverage dynamic mobility capabilities such as live migration, automated load balancing, and automated virtual machine restart while being assured that the security and compliance policies for each application are ‘Always On’ and will follow the virtual machines.

vShield’s agent-less antivirus protection and hypervisor-level firewall capabilities provide customers with the scalability and flexibility they need to secure their environments, while keeping pace with the ever changing needs of the business

  Other Virtualization Vendors Limited to Traditional Security Tools VMware vShield Security Model
Adaptive VM Security
Rigid, Policies Tied to Servers
  • Security is limited to the server itself
  • VMs cannot migrate freely to other hosts
  • VMs must be segregated by trust
  • VMs that are compromised have access to everything within the trust zone
Adaptive Trust Zones
  • Security groups becomes a logical construct rather than physical server construct
  • Security groups enforced with virtual machine movement
  • Mix virtual machines from different groups on the same host
  • Instantly quarantine compromised virtual machines to protect other applications
VM-to-VM Security
Limited to VLAN Rules
  • Security breaks when virtual machines move
  • Not scalable; creates “VLAN sprawl”
  • Gap in enforcement points
Hypervisor-level Firewalls
  • Unlimited scalability
  • Change-aware
  • Virtualization-aware
Antivirus Protection
Agent-Based
  • Agents are resource intensive; difficult to scale for VDI, large cloud deployments
  • Susceptible to “AV storms” which can cause 100% saturation of CPU and storage
Agent-less
  • Agent-less architecture improves performance and scales well for large environments
  • Eliminate AV storms