VMware vShield is a suite of security virtual appliances built for VMware vSphere 4.1. It is a critical security component for protecting virtualized datacenters from attacks and misuse. vShield App and vShield Edge are the two products in the suite that address network security. The goal of this document is to provide details on the key security technologies implemented in the vShield App and vShield Edge products that enable administrators to build a multitenant virtualized datacenter environment that is flexible, agile, scalable and secure. The document first discusses the challenges in using physical security to protect virtual infrastructure and then describes in detail the key new technologies in vShield products that address those challenges.
The Technology Foundations of VMware vShield
VMware vShield Edge, part of the VMware vShield family of virtualization security products, provides perimeter security and network services such as DHCP, NAT, Load balancing, and VPN service. vShield Edge is a virtual firewall appliance that can be provisioned on-demand and its services enabled on the fly to meet the flexibility requirement of cloud deployments. The goal of this document is to help customers understand where and how a vShield Edge firewall can be deployed to secure and isolate tenants/organizations, while providing some reference designs along the way. This document will also help VI administrators and network administrators understand the deployment of security and other network services in virtual datacenters using a vShield Edge firewall.
VMware vShield App, part of the VMware vShield family of virtualization security products, protects applications in the virtual datacenter from network-based threats. vShield App gives organizations deep visibility into network communications between virtual machines and enables granular policy enforcement with security groups. This document helps VI administrators understand the deployment of security around the virtualized server infrastructure using VMware vShield App product. Two reference designs are provided to help customer understand the security deployment around the virtual infrastructure using vShield App product and advantages.