RSA Solutions
for VMware and Vblock
Agenda
•
What is a Vblock?
•
RSA’s Approach to Securing Vblock
•
Typical use cases
•
Rapid deployment model
of virtualized infrastructure
•
Pre-integrated and validated
solutions reduce total cost
of ownership
•
Service-level driven through
predictable performance
and operational characteristics
•
Improved compliance/security
and reduced risk
Vblock
Vblock
A New Way of Delivering IT to Business
•
Best of breed technologies
– Compute: Cisco UCS
– Network: Cisco Nexus family, Cisco MDS 9000
series
– Storage: EMC Symmetrix V-Max or EMC
Unified Storage (Celerra and CLARiiON)
– Hypervisor: VMware vSphere 4
– Management: Cisco UCS Manager, EMC Ionix
Unified Infrastructure Manager, VMware vCenter
RSA’s Approach to Securing Vblock
•
Extend customer’s existing RSA
investments to the virtual
infrastructure and deliver new
capabilities
•
Layer onto Vblock architecture:
–
User authentication
–
Compliance monitoring and
reporting
–
Infrastructure security
–
Data loss prevention
•
Validate RSA with Vblock
Infrastructure Packages in the VCE
Lab
RSA’s Approach to Securing Vblock
Secure the
core Vblock platform
(VMware, Cisco, EMC components)
1
Secure each application validated with Vblock
(e.g., VMware View, SAP)
2
Central Security
Management
and Reporting
Secure the Core Vblock Platform
Secure Administrative User Access
•
RSA SecurID authentication for:
• ESX Service Console
• vSphere Management Assistant
Security Monitoring & Reporting
•
RSA enVision monitoring for:
• vCenter • ESX and ESXi
• EMC Symmetrix, CLARiiON and Celerra
storage
• Cisco UCS
7
Secure the Core Vblock Platform
RSA enVision RSA SecurID
Strong authentication before access to ESX Service Console and vSphere Management Assistant
Comprehensive visibility into security events
Security incident management, compliance reporting Security and compliance officer vSphere Management Assistant vSphere Storage UCS Vmware Administrator
RSA enVision Collector
•
enVision Collector uses the VMware SDK to retrieve the logs from vCenter
and all ESX/ESXi servers
Collector connection
enVision Dashboard: Monitoring Vblock
Event Sources by Event Category
enVision Dashboard: Vblock VCE Event
Sources Activity by Event Category
Applying Patch to
Production System
Unauthorized
Administrator
Protecting
Management Console
Use Case Scenarios
So how does VDI make me more secure?
Secure Network
How VDI addresses the Lost Laptop Scenario
Virtual Desktop
No USB or only secure USB allowed via DLP
Network access controlled via VMware vShield Zones The process is fully logged by SIEM
Laptop with NO sensitive data Virtual Desktop with access to sensitive data Application with sensitive data SSL + 2FA
Scenario
Protecting Your Management Console
•
Remote desktop into your Management LAN via VPN
20
Management LAN
ESX Service Console
vCenter Server
Vblock Management Console
SSL VPN supporting RSA SecurID
A common way to apply patches is to try them out in a test environment
In a virtual world you can clone the system, data and all
Scenario
Apply Patch to Production System
Clone virtual environment
1
This is difficult and time-consuming in a production environment, but very easy in a virtual environment
Test Patch
2
Apply Patch to production environment
3
Is this an authorized procedure?
Is the test environment sufficiently protected & controlled?
Who accessed the data in the test environment?
Was the VM destroyed after it was used?
Production Environment
Test Environment
HR Application Server VM
HR Database Server VM
HRDB
Name, SSN, DoB, etc HR Application Server VM
HR Database Server VM
HRDB
Name, SSN, DoB, etc
PATCH PATCH
Scenario
Apply Patch to Production System
Production Environment
Test Environment
HR Application Server VM
HR Database Server VM
HRDB
Name, SSN, DoB, etc HR Application Server VM
HR Database Server VM
HRDB
Name, SSN, DoB, etc
PATCH PATCH
Clone virtual environment
1
2
Test Patch
Apply Patch to production environment
3
VM Cloned
RSA enVision can log the administrative activity from
vCenter, like the VM being cloned
Patch Applied
If the test environment is properly protected, then it will also
be monitored by RSA enVision
VM Cloned
Patch Applied
RSA enVisionIf this is out of policy we can alert a security analyst
Patch Applied
VM Deleted
22Scenario
Unauthorized Administrator
PCI Zone
Non-PCI Zone
RSA enVision
Store Management Windows VM
Transaction DB
Credit Card numbers
Transaction Management Application
In a PCI environment, you need to validate that only authorized administrators are modifying the system Suppose permissions are set up incorrectly, and an unauthorized administrator can move a VM
VM Moved by kpbrady
Authorized
What’s available today?
•
RSA enVision support for Vblock
– Cisco UCS – Cisco network – EMC Ionix UIM
– EMC storage solutions
• Symmetrix • Clariion • Celerra
•
RSA Solution for VMware View
– RSA DLP Endpoint
– RSA SecurID agent built-in to VMware View – RSA enVision Collector for VMware vCenter – RSA enVision support for VMware View
RSA SecurBook for VMware View
•
RSA Solutions
–
Multi-product solutions
–
Validated in the RSA Solutions
Center
•
RSA SecurBooks
–
Guides for planning, deploying,
and administering RSA solutions.
–
Comprehensive reference
architecture, screenshots,
practical guidance
Learn More
New RSA Landing Page at
VMware.com
• RSA content
RSA Video
• Build a Solid Foundation for Secure
Virtualization with RSA
RSA SecurBook for VMware View
• A Guide for Deploying and Administering
the RSA Solution for VMware View
RSA White Papers
• Securing the Administration of Virtualization
RSA Webinars
• Securing VMware Desktop and Server
Environments with RSA
RSA Security Brief
• Security Compliance in a Virtual World