RSA Solutions for VMware and Vblock. Dominique Dessy Senior Technical Consultant

RSA Solutions

for VMware and Vblock

Agenda

•

What is a Vblock?

•

RSA’s Approach to Securing Vblock

•

Typical use cases

•

Rapid deployment model

of virtualized infrastructure

•

Pre-integrated and validated

solutions reduce total cost

of ownership

•

Service-level driven through

predictable performance

and operational characteristics

•

Improved compliance/security

and reduced risk

Vblock

Vblock

A New Way of Delivering IT to Business

•

Best of breed technologies

– Compute: Cisco UCS

– Network: Cisco Nexus family, Cisco MDS 9000

series

– Storage: EMC Symmetrix V-Max or EMC

Unified Storage (Celerra and CLARiiON)

– Hypervisor: VMware vSphere 4

– Management: Cisco UCS Manager, EMC Ionix

Unified Infrastructure Manager, VMware vCenter

RSA’s Approach to Securing Vblock

•

Extend customer’s existing RSA

investments to the virtual

infrastructure and deliver new

capabilities

•

Layer onto Vblock architecture:

–

User authentication

–

Compliance monitoring and

reporting

–

Infrastructure security

–

Data loss prevention

•

Validate RSA with Vblock

Infrastructure Packages in the VCE

Lab

RSA’s Approach to Securing Vblock

Secure the

core Vblock platform

(VMware, Cisco, EMC components)

1

Secure each application validated with Vblock

(e.g., VMware View, SAP)

2

Central Security

Management

and Reporting

Secure the Core Vblock Platform

Secure Administrative User Access

•

RSA SecurID authentication for:

• ESX Service Console

• vSphere Management Assistant

Security Monitoring & Reporting

•

RSA enVision monitoring for:

• vCenter • ESX and ESXi

• EMC Symmetrix, CLARiiON and Celerra

storage

• Cisco UCS

7

Secure the Core Vblock Platform

RSA enVision RSA SecurID

Strong authentication before access to ESX Service Console and vSphere Management Assistant

Comprehensive visibility into security events

Security incident management, compliance reporting Security and compliance officer vSphere Management Assistant vSphere Storage UCS Vmware Administrator

RSA enVision Collector

•

enVision Collector uses the VMware SDK to retrieve the logs from vCenter

and all ESX/ESXi servers

Collector connection

enVision Dashboard: Monitoring Vblock

Event Sources by Event Category

enVision Dashboard: Vblock VCE Event

Sources Activity by Event Category

Applying Patch to

Production System

Unauthorized

Administrator

Protecting

Management Console

Use Case Scenarios

So how does VDI make me more secure?

Secure Network

How VDI addresses the Lost Laptop Scenario

Virtual Desktop

No USB or only secure USB allowed via DLP

Network access controlled via VMware vShield Zones The process is fully logged by SIEM

Laptop with NO sensitive data Virtual Desktop with access to sensitive data Application with sensitive data SSL + 2FA

Scenario

Protecting Your Management Console

•

Remote desktop into your Management LAN via VPN

20

Management LAN

ESX Service Console

vCenter Server

Vblock Management Console

SSL VPN supporting RSA SecurID

A common way to apply patches is to try them out in a test environment

In a virtual world you can clone the system, data and all

Scenario

Apply Patch to Production System

Clone virtual environment

1

This is difficult and time-consuming in a production environment, but very easy in a virtual environment

Test Patch

2

Apply Patch to production environment

3

Is this an authorized procedure?

Is the test environment sufficiently protected & controlled?

Who accessed the data in the test environment?

Was the VM destroyed after it was used?

Production Environment

Test Environment

HR Application Server VM

HR Database Server VM

HRDB

Name, SSN, DoB, etc HR Application Server VM

HR Database Server VM

HRDB

Name, SSN, DoB, etc

PATCH PATCH

Scenario

Apply Patch to Production System

Production Environment

Test Environment

HR Application Server VM

HR Database Server VM

HRDB

Name, SSN, DoB, etc HR Application Server VM

HR Database Server VM

HRDB

Name, SSN, DoB, etc

PATCH PATCH

Clone virtual environment

1

2

_{Test Patch}

Apply Patch to production environment

3

VM Cloned

RSA enVision can log the administrative activity from

vCenter, like the VM being cloned

Patch Applied

If the test environment is properly protected, then it will also

be monitored by RSA enVision

VM Cloned

Patch Applied

If this is out of policy we can alert a security analyst

Patch Applied

VM Deleted

Scenario

Unauthorized Administrator

PCI Zone

Non-PCI Zone

RSA enVision

Store Management Windows VM

Transaction DB

Credit Card numbers

Transaction Management Application

In a PCI environment, you need to validate that only authorized administrators are modifying the system Suppose permissions are set up incorrectly, and an unauthorized administrator can move a VM

VM Moved by kpbrady

Authorized

What’s available today?

•

RSA enVision support for Vblock

– Cisco UCS – Cisco network – EMC Ionix UIM

– EMC storage solutions

• Symmetrix • Clariion • Celerra

•

RSA Solution for VMware View

– RSA DLP Endpoint

– RSA SecurID agent built-in to VMware View – RSA enVision Collector for VMware vCenter – RSA enVision support for VMware View

RSA SecurBook for VMware View

•

RSA Solutions

–

Multi-product solutions

–

Validated in the RSA Solutions

Center

•

RSA SecurBooks

–

Guides for planning, deploying,

and administering RSA solutions.

–

Comprehensive reference

architecture, screenshots,

practical guidance

Learn More

New RSA Landing Page at

VMware.com

• RSA content

RSA Video

• Build a Solid Foundation for Secure

Virtualization with RSA

RSA SecurBook for VMware View

• A Guide for Deploying and Administering

the RSA Solution for VMware View

RSA White Papers

• Securing the Administration of Virtualization

RSA Webinars

• Securing VMware Desktop and Server

Environments with RSA

RSA Security Brief

• Security Compliance in a Virtual World