Federal VMUG - March - Reflex VMC Overview

©2010 Reflex Systems LLC

Reflex VMC: Overview

Mike Wronski, CISSP

VP, Product Management [email protected]

Virtualization Challenges

Visibility and Transparency

Change Management

Network Management

Security / Firewall

Desktop Virtualization

Operational

&

Security

Goals

Ch

alle

ng

es

3

Solution Overview

Automate, Integrate and Correlate

Configuration Mgmt. / Audit (vProfile)

Monitoring & Analysis (vWatch)

Network Security (vTrust)

Virtualization Management Center (VMC)

Discovery/Mapping Visualization Central Alerting Event Correlation

Policy Automation Scripting Event Correlation Central Reporting

vCMDB VQL Cloud API 3rd Party interface

Virtual & Cloud Infrastructure

Virtual Center

ESX Host

Guest (VM)

Network

Storage

Co

mp

lian

ce

Per

form

ance

Cap

acit

y

Ass

et /

Inve

nto

ry

Vir

tual

Fir

ewal

l

Segm

enta

tio

n

Vir

tual

DP

I

Acc

ess

Co

ntr

ol

Pro

file

s

Co

mp

lian

ce

Au

tom

atio

n

Reflex: vWatch

Fully integrated component of the Reflex VMC platform

Monitoring and analysis module which provides a comprehensive overview of the state of the virtual

environment at any given time

Through real-time and historical visual reporting, configuration change monitoring, and extensive

correlation, vWatch provides administrators with the visibility they need

The ability to visualize both the virtual and underlying hardware infrastructure has become mission critical

for IT administrators

Functions:

Virtual Flow Data

Historical tracking

Physical-to-Virtual

Configuration

Compliance Audit

Root-cause Analysis

Visibility and Transparency

Virtual Networking Visibility

Hi stor i ca l t rack i ng

Phys i ca l - to - V i r tu a l

Conf i gu rat i on

Compl i anc e

Root-ca us e Anal ys i s

Reflex: vProfile

vProfile provides an API that enables service providers and enterprises to provision and manage security and compliance without the dependency on expensive external hardware

vProfile configuration management is the only solution on the market today that provides ‘difference visualization’, and plots VM configuration changes according to a graphical, easy to understand "heat map" interface

Functions:

Apply Baseline Profile Configuration

Heat map and Customized Pivot Tables

Ad-Hoc and Scheduled Remediation

VQL Configuration Queries

Tiered Configuration Profiles

Historical Profile Definition

Batch Modification

IP Pool Allocation

8

Reflex: vTrust Segmentation & Security

Fully integrated component of the Reflex VMC platform

Designed to be integrated directly with the VMware VMsafe platform technology

Provides dynamic policy enforcement for virtual environments deployed locally and in external cloud

environments

Operating at the hypervisor kernel level, vTrust leverages the tightly integrated VMsafe component of

VMware vSphere™ 4

Facilitates adaptive, extensible policies that allow administrators to address complex business,

information security and compliance requirements within the virtual environment

Functions:

Virtual Segmentation

Virtual Quarantine

Networking Policy

Stateful Inspection

Agentless

VMware VMsafe Integration

• Low-Level Enforcement

• Part of the Hypervisor

• VM Network Segmentation/Firewall

• Multi-Virtual Center Aware

• vMotion Aware

• Policy Mobility

VMsafe

VM ACLs

Policy

ESX Hypervisor

vmSafe Kernel Module

(d)vSwitch

Software Asset Management

•No Agents to Install •Independent of State

•Power •Templates

•Policy Criteria •NAC •Posture Checking •Maintain Compliance

Automation: Policy and Enforcement

Policy Types

•Segmentation (Firewall)

•Quarantine (NAC, Posture)

•Redirection (IDP, Capture)

•Configuration (VLAN, QoS)

Network

•Storage

•Network Connection

•Software (OS, App, Patch)

•Authorization

Guest

•Access Control

•Authorization

•Resource Pools

•Storage

vCenter

•Chassis (UCS, Blade Ctr)

•Switch

•Security Device

Device

Config

Enforcement Points

•Reflex VMsafe

•3rd Party (TippingPoint)

•VI API

Network

•VI API

•3rd Party API/DB/CLI

Infrastructure

•Generic Programmable (Python)

•Element Managers

•Orchestration / Provisioning

•Notification

Generic

11

Continuous Compliance

Software Asset (OS, App Version, Patch)

Storage Mapping (Data Classification)

Security Controls Enabled (Firewall, IPS)

Provisioning User Authorization

Compliant VM Authorized

Thank You!

Mike Wronski, VP Product Management

Email: [email protected]

Web: http://www.reflexsystems.com