 |
|
Content Owner: Roman Macek | ||||
Summary
Free: ESXi Firewall, vShield Endpoint;
Advanced (with Vendor Add-On: NSX / vCloud Networking and Security)
Advanced (with Vendor Add-On: NSX / vCloud Networking and Security)
Details
vSphere contains standard security features and vShield Endpoint in all vSphere offerings except Essentials (vShield Endpoint offloads Anti Virus processing to a secure virtual appliance supplied by VMware partners).
vCloud Networking and Security (fee based Add-On) provides additional networking and security functionality delivered through virtual appliances, such as a virtual firewall, virtual private network (VPN), load balancing, NAT, DHCP and VXLAN-extended networks.
With the release of vCloud Networking and Security (vCNS) 5.5, vCNS is only available as part of vCloud Suite 5.5 - the vCNS standalone SKUs is End of Availability (EOA) effective September 30th, 2013
(Free) vSphere integrated security related features:
- Small hypervisor footprint - Simplifies deployment, maintenance and patching, and reduces vulnerability by presenting a much smaller attack surface.
- Software acceptance levels - Prevents unauthorized software installation.
- Robust APIs - Enable agentless monitoring, eliminating the need to install third-party software.
- Host firewall - Protects the vSphere host management interface with a configurable, stateless firewall.
- Improved logging and auditing - Log all host activity under the logged-in users account, making it easy to monitor and audit activity on the host.
- Secure syslog - Log messages on local and/or remote log servers, with remote logging via either SSL or TCP connections.
- AD integration - Configure the vSphere host to join an Active Directory domain; individuals requesting host access are automatically authenticated against the centralized user directory.
(Fee) vCloud Networking and Security provides:
- Firewall: Stateful inspection firewall that can be applied either at the perimeter of the virtual data center or at the virtual network interface card (vNIC) level directly in front of specific workloads.
- VPN: Industry-standard IPsec and SSL VPN capabilities, site-to-site VPN to link virtual data centers and enable hybrid cloud computing. The SSL VPN capability delivers remote administration into the virtual data center through a bastion host.
- Load balancer: A virtual-appliance-based load balancer. Placed at the edge of the virtual data center, the load balancer supports Web-, SSL- and TCP-based scale-out
- VXLAN: Creates Layer 2 logical networks across noncontiguous clusters or pods without the need for VLANs (vSphere Distributed Switch and multicast required).
Details here: http://www.vmware.com/files/pdf/products/vcns/vmware-vcloud-networking-and-security-overview.pdf
VMware has also announced the VMware NSX Platform for Network Virtualization - merging Nicira NVP and vCloud Networking and Security. Expected availability is Q4/13 (see Network Virtualization / SDN )
vCloud Networking and Security (fee based Add-On) provides additional networking and security functionality delivered through virtual appliances, such as a virtual firewall, virtual private network (VPN), load balancing, NAT, DHCP and VXLAN-extended networks.
With the release of vCloud Networking and Security (vCNS) 5.5, vCNS is only available as part of vCloud Suite 5.5 - the vCNS standalone SKUs is End of Availability (EOA) effective September 30th, 2013
(Free) vSphere integrated security related features:
- Small hypervisor footprint - Simplifies deployment, maintenance and patching, and reduces vulnerability by presenting a much smaller attack surface.
- Software acceptance levels - Prevents unauthorized software installation.
- Robust APIs - Enable agentless monitoring, eliminating the need to install third-party software.
- Host firewall - Protects the vSphere host management interface with a configurable, stateless firewall.
- Improved logging and auditing - Log all host activity under the logged-in users account, making it easy to monitor and audit activity on the host.
- Secure syslog - Log messages on local and/or remote log servers, with remote logging via either SSL or TCP connections.
- AD integration - Configure the vSphere host to join an Active Directory domain; individuals requesting host access are automatically authenticated against the centralized user directory.
(Fee) vCloud Networking and Security provides:
- Firewall: Stateful inspection firewall that can be applied either at the perimeter of the virtual data center or at the virtual network interface card (vNIC) level directly in front of specific workloads.
- VPN: Industry-standard IPsec and SSL VPN capabilities, site-to-site VPN to link virtual data centers and enable hybrid cloud computing. The SSL VPN capability delivers remote administration into the virtual data center through a bastion host.
- Load balancer: A virtual-appliance-based load balancer. Placed at the edge of the virtual data center, the load balancer supports Web-, SSL- and TCP-based scale-out
- VXLAN: Creates Layer 2 logical networks across noncontiguous clusters or pods without the need for VLANs (vSphere Distributed Switch and multicast required).
Details here: http://www.vmware.com/files/pdf/products/vcns/vmware-vcloud-networking-and-security-overview.pdf
VMware has also announced the VMware NSX Platform for Network Virtualization - merging Nicira NVP and vCloud Networking and Security. Expected availability is Q4/13 (see Network Virtualization / SDN )
