©2010 Reflex Systems LLC Reflex VMC: Overview Mike Wronski, CISSP VP, Product Management [email protected]
Dec 05, 2014
©2010 Reflex Systems LLC
Reflex VMC: Overview
Mike Wronski, CISSP
VP, Product Management [email protected]
Virtualization Challenges
Visibility and Transparency
Change Management
Network Management
Security / Firewall
Desktop Virtualization
Operational
&
Security
Goals
Ch
alle
ng
es
3
Solution Overview
Automate, Integrate and Correlate
Configuration Mgmt. / Audit (vProfile)
Monitoring & Analysis (vWatch)
Network Security (vTrust)
Virtualization Management Center (VMC)
Discovery/Mapping Visualization Central Alerting Event Correlation
Policy Automation Scripting Event Correlation Central Reporting
vCMDB VQL Cloud API 3rd Party interface
Virtual & Cloud Infrastructure
Virtual Center
ESX Host
Guest (VM)
Network
Storage
Co
mp
lian
ce
Per
form
ance
Cap
acit
y
Ass
et /
Inve
nto
ry
Vir
tual
Fir
ewal
l
Segm
enta
tio
n
Vir
tual
DP
I
Acc
ess
Co
ntr
ol
Pro
file
s
Co
mp
lian
ce
Au
tom
atio
n
Reflex: vWatch
Fully integrated component of the Reflex VMC platform
Monitoring and analysis module which provides a comprehensive overview of the state of the virtual
environment at any given time
Through real-time and historical visual reporting, configuration change monitoring, and extensive
correlation, vWatch provides administrators with the visibility they need
The ability to visualize both the virtual and underlying hardware infrastructure has become mission critical
for IT administrators
Functions:
Virtual Flow Data
Historical tracking
Physical-to-Virtual
Configuration
Compliance Audit
Root-cause Analysis
Visibility and Transparency
Virtual Networking Visibility
Hi stor i ca l t rack i ng
Phys i ca l - to - V i r tu a l
Conf i gu rat i on
Compl i anc e
Root-ca us e Anal ys i s
Reflex: vProfile
vProfile provides an API that enables service providers and enterprises to provision and manage security and compliance without the dependency on expensive external hardware
vProfile configuration management is the only solution on the market today that provides ‘difference visualization’, and plots VM configuration changes according to a graphical, easy to understand "heat map" interface
Functions:
Apply Baseline Profile Configuration
Heat map and Customized Pivot Tables
Ad-Hoc and Scheduled Remediation
VQL Configuration Queries
Tiered Configuration Profiles
Historical Profile Definition
Batch Modification
IP Pool Allocation
8
Reflex: vTrust Segmentation & Security
Fully integrated component of the Reflex VMC platform
Designed to be integrated directly with the VMware VMsafe platform technology
Provides dynamic policy enforcement for virtual environments deployed locally and in external cloud
environments
Operating at the hypervisor kernel level, vTrust leverages the tightly integrated VMsafe component of
VMware vSphere™ 4
Facilitates adaptive, extensible policies that allow administrators to address complex business,
information security and compliance requirements within the virtual environment
Functions:
Virtual Segmentation
Virtual Quarantine
Networking Policy
Stateful Inspection
Agentless
VMware VMsafe Integration
• Low-Level Enforcement
• Part of the Hypervisor
• VM Network Segmentation/Firewall
• Multi-Virtual Center Aware
• vMotion Aware
• Policy Mobility
VMsafe
VM ACLs
Policy
ESX Hypervisor
vmSafe Kernel Module
(d)vSwitch
Software Asset Management
•No Agents to Install •Independent of State
•Power •Templates
•Policy Criteria •NAC •Posture Checking •Maintain Compliance
Automation: Policy and Enforcement
Policy Types
•Segmentation (Firewall)
•Quarantine (NAC, Posture)
•Redirection (IDP, Capture)
•Configuration (VLAN, QoS)
Network
•Storage
•Network Connection
•Software (OS, App, Patch)
•Authorization
Guest
•Access Control
•Authorization
•Resource Pools
•Storage
vCenter
•Chassis (UCS, Blade Ctr)
•Switch
•Security Device
Device
Config
Enforcement Points
•Reflex VMsafe
•3rd Party (TippingPoint)
•VI API
Network
•VI API
•3rd Party API/DB/CLI
Infrastructure
•Generic Programmable (Python)
•Element Managers
•Orchestration / Provisioning
•Notification
Generic
11
Continuous Compliance
Software Asset (OS, App Version, Patch)
Storage Mapping (Data Classification)
Security Controls Enabled (Firewall, IPS)
Provisioning User Authorization
Compliant VM Authorized
Thank You!
Mike Wronski, VP Product Management
Email: [email protected]
Web: http://www.reflexsystems.com