• No results found

SDN Security for VMware Data Center Environments

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "SDN Security for VMware Data Center Environments"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

SDN SECURITY FOR

VMWARE DATA CENTER

ENVIRONMENTS

Purpose-built virtual security

appliances will be increasingly

used alongside hardware

appliances to secure enterprise

data centers, which are

becoming increasingly dynamic

due to rapid adoption of server

virtualization and SDN

SDN Security for VMware

Data Center Environments

Fortinet FortiGate-VMX with VMware Network

Extensibility (NetX) API Controller Integration

FortiGate-VMX is a Fortinet Virtual Appliance Solution for VMware

that provides purpose-built integration for VMware-only environments,

and interoperability with vSphere, vCNS (vCloud Networking and

Security), or NSX. It provides visibility into Virtualized Network traffi c

on the vSphere hypervisor through direct API-level integration,

and management orchestration to secure workloads in dynamic

software-defi ned networks and infrastructure without protection

and compliance gaps.

Fortinet “In-Guest” Virtual Machines for Perimeter Security

Fortinet offers a security solution for cloud and software-defi ned data centers and protects virtualized applications while enhancing the elasticity and mobility benefi ts of virtualization. It combines state-of-the-art network security and agentless monitoring to provide

application protection.

Benefi ts

n Next-generation fi rewall and threat prevention for VMware n Automatic inspection on inter-VM network traffi c with hypervisor-level integration n Real-time security policy orchestration for VM deployment n Security rules and policies are provisioned on-demand as ESXi hosts and VMs are added n Support VM migration to ensure security persistency

(2)

2 www.fortinet.com

Today’s Security Hardening Trend

of Virtualization

With virtualization and cloud computing technology, IT can provision Virtual Machines (VMs) to run a web application within minutes at a fraction of the cost of physical machines. Fortinet supports server virtualization platforms like VMware, Hyper-V, Xen, and KVM. There are a number of reasons why server virtualization has been so benefi cial, including hardware cost savings and decreased data center footprint.

Fortinet Security VM Products

Simply replacing hardware appliances with software ports running on VMs helps to improve cost and introduce data center agility. For more information on the current VM-centric security solution, download the solution brief http://www.fortinet.com/resource_center/solution_briefs/ fortinet_virtual_appliance_solutions.html.

Current Fortinet Virtual Appliances

Service Provider/ Cloud Provider

CLOUD

FortiWeb-VM

Web Application Firewall

FortiGate-VM

FortiGate-VM

FortiGate-VMX FortiClient

FortiGuard Services

FortiManager-VM

Centralized Management

FortiAnalyzer-VM

Logging and Reporting

FortiVoice-VM

Phone Systems

FortiRecorder-VM

Video Security Surveillance

FortiAuthenticator-VM

User Identity Management

FortiMail-VM

Messaging Security

FortiCache-VM

High-Performance Caching

FortiADC-VM

Application Delivery Controllers

Remote Office/ Branch Office

Headquarters

(3)

Software-Defi ned Networking (SDN) Security

Data Center Networking is going through a major overhaul driven by virtualization (server compute and storage) and convergence (data, I/O, and control network). Current work on network virtualization is focused on the Layer 2/3 infrastructure level, leaving advanced application features, such as content fi rewall and network IPS/IDS, to either hardware hair-pinning or software appliances complementing hardware-based services in the network.

Rigid infrastructure will soon become the bottleneck as a new generation of applications demands a fully elastic platform in the cloud, public, hybrid, or private.

FortiGate-VMX is a virtual appliance solution for VMware environments that provides purpose-built integration for VMware’s Software-Defi ned Data Center (SDDC) and interoperability with vSphere and vCloud Networking and Security.

Purpose Built for vSphere and

vCloud Networking and Security

FortiGate-VMX is based on the latest version of the Fortinet FortiOS, a security-hardened, purpose-built operating system, which delivers the advanced protection and

performance that standalone products simply cannot match. It supports all the advanced NGFW/UTM features of FortiOS. IT administrators set IPS/IDS, AV, web fi ltering, etc.,

policies just as they would in any FortiOS deployment. Fortinet services work together as a system to provide better visibility and mitigation of the latest network and application threats, stopping attacks before damage can occur. This ensures the product is deployed from all ESXi hypervisors.

1

1 Initiate communication with vCenter Server 2 Register Fortinet as security

service with vCNS Manager 3 Auto-deploy FortiGate-VMX to all hosts in security cluster 4 FortiGate-VMX connects with

FortiGate-VMX Service Manager 5 License verification and configuration

synchronization with FortiGate-VMX 6 Kernel agent creation and default

redirection rules for each host cluster 7 Real-time updates of object database 7

2

5

4 3

8

How Does it Work?

FortiGate-VMX Supported Security Features

Firewall Intrusion Prevention Web Filtering WAN Optimization Antivirus Email Filter Application Control Data Loss Prevention Explicit Proxy

(4)

4 www.fortinet.com

FortiGate-VMX offers seamless Intrusion

Prevention Service (IPS) for Enterprise,

Cloud, and Private Cloud:

Leveraging a shared object database with VMware vCenter for easy creation of security policies, FortiGate-VMX makes process-intensive deployment of security services and policy enforcement with greater agility. FortiGate-VMX also supports live migrations of applications within clustered environments. With the VMware NSX compatibility integration, any host added will embrace the security zone policy, and these updates are real-time and dynamic for newly created services without normal time lag in the paper trail requests. With NetX API providing backward compatibility to VMware NSX manager, FortiGate-VMX can provide network visibility and inspection on East-West network traffic among VMs instantly.

Secured by FortiGuard

Beyond the platform integration, FortiGuard can be implemented to provide a continuous protection model in the integration with real-time sandboxing detecting new malware variants. FortiGuard helps recognize suspect content exhibiting malicious attributes, and investigate accordingly.

The solution provides protection against network-level threats, detects and blocks attacks in real time, packet logging and attacker quarantine, and automated updates from the proven Fortinet Global Threat Research Team. Benefits

Antivirus / Anti-spyware (AV)

Protection against virus, spyware, worms, and other forms of malware “Set and forget” functionality to reduce security management overhead Automated content updates from FortiGuard virus, spyware, and heuristic detection engines

USE CASE

FortiGate-VMX inserts a virtual filter between vNIC of the protected VM and the virtual switch (i.e. hypervisor-based security) resulting in a fully automated deployment of secu-rity services and policies. It provides dynamic secusecu-rity policy updates to enforce policy on newly created VMs (services) without requiring notification of the security administrator. Benefits

Data loss prevention

Identification and control over data in motion RegEx-based matching engine

Common file format inspection Content archiving

Firewall

WAN optimization Web filtering Application control Email filter

(5)

GLOBAL HEADQUARTERS Fortinet Inc.

EMEA SALES OFFICE 120 rue Albert Caquot

APAC SALES OFFICE 300 Beach Road 20-01

LATIN AMERICA SALES OFFICE Prol. Paseo de la Reforma 115 Int. 702

The integrated solution provides full next-generation security functionality in one platform, accommodating different network and security functions. And the IT administrator does not need to guess how much network security is required. The joint integrated solution is the most cost-effective, simplified, and secure approach to apply security policies when any hypervisor is provisioned on-demand.

Virtual Appliance VMware Citrix Open Source Amazon Microsoft

vSphere

v4.0/4.1 vSphere v5.0 vSphere v5.1 vSphere v5.5 Xen Server v5.6 SP2

Xen

Xen KVM AWS Hyper-V 2008 R2 Hyper-V 2012

FortiGate-VM FortiManager-VM FortiAnalyzer-VM FortiWeb-VM FortiMail-VM FortiAuthenticator-VM FortiCache-VM FortiRecorder-VM FortiADC-VM

* Also available as pay-as-you-go licensing option.

✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ FortiGate-VMX ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔

FortiVoice-VM ✔ ✔ ✔ ✔ ✔ ✔

FortiSandbox-VM ✔ ✔

Server v6.0

*

*

*

References

Download now ( PDF - 5 Page - 1.29 MB )

Related documents

Virtualizing Gateway Security

The Trend Micro™ InterScan™ Messaging Security Virtual Appliance is VMware Ready validated to complement virtualized environments with comprehensive email protection at the

Virtual Compliance In The VMware Automated Data Center

If users provision their own virtual machines and their own guest systems, tracking such activities across the organization, presents a worthy challenge – for example, if

SOLUTION. Hitachi Unified Compute Platform for VMware vsphere Top 10

Hitachi Data Systems technologies are a fully integrated foundation for growing virtual environments like VMware vSphere. Together, HDS and VMware give custom- ers the

TechTalk. macos Training Workshops. Shoutout to all the Mac Users! macos End Users Workshop. macos Technical Workshop

VMware NSX Data Center is a complete Layer 2–7 network virtualization and security platform that enables the virtual cloud network, a software-defined approach to networking

EMC Avamar Backup Solutions for VMware ESX Server on Celerra NS Series 2 Applied Technology

Avamar software quickly and efficiently protects VMware Infrastructure environments by reducing the size of backup data within and across virtual machines — using agents in the

VDI Security for Better Protection and Performance

A dedicated, security-hardened virtual appliance integrates with the VMware hypervisor APIs to access a small VMware driver in each guest virtual desktop to coordinate

Virtual Machine Mobility with VMware VMotion and Cisco Data Center Interconnect Technologies

VMware VMotion enables data centers to transparently implement virtual machine mobility using the Cisco LAN and storage extension solutions. The VMware vSphere Virtual Data

TSM for Virtual Environments Data Protection for VMware

Hypervisor Virtual Machines vStorage Backup TSM Backup Server vStorage API (VADP) Virtual Disk Volumes • TSM API • B/A Client • DP for VMware Agent.3. TSM for Virtual