Beruflich Dokumente
Kultur Dokumente
ON VMWARE
Virtualization technology from VMware is fueling a significant change in
todays modern data centers, resulting in architectures that are common-
ly a mix of private, public and hybrid cloud computing environments. The
benefits of cloud computing are well-known and significant. However, so
are the security challenges, exemplified by the many recent high-profile data
breaches. Whether stored in a physical data center or in a public, private or
hybrid cloud, your data is the cybercriminals target.
V
SeMrie-s
vS
wi
tch
Hy vS
pe wi
rvi t
sor ch
NSX
Manager
A
P
P
D
B
VM-1000-HV
VM
NS VM
Se X N
rvi etw VM
c
VM e Insork
wa erti
re o
ES n
Xi
NS
Xv
Sw
i tch
Palo Alto Networks | VM-Series on VMware | Datasheet 2
looking for a target. Within your virtual network, cyber-
threats will rapidly move laterally from VM to VM, in an
east-west manner, placing your mission-critical applications
and data at risk. Exerting application-level control using
Zero Trust principles in between VMs will reduce the threat
footprint while applying policies to block both known and
unknown threats.
VM
Network
VM
Automated, Transparent Deployment and Provisioning Application
Security
APIs VM
Interfaces V
A rich set of APIs can be used to integrate with external Objects
vS
wit
ch
S M-
erie
s
PA
Policies rvis ch
N
O
or
RA
related to workload changes, which can then be used to
M
A
Licensing
VM
Hybrid cloud security In this use case, the VM-Series
VM
VM
V
S M-
vS
wit
ch
erie
s
vCloud is configured to establish a secure, standards-based
Air
Hy vS
VM
Network
VM
Application APIs
Security namically drive policy updates via Dynamic Address Groups
VM
Interfaces V
S M-
and VM Monitoring.
vS erie
wit s
Objects ch
Hy vS
pe wit
PA
Policies rvis ch
N
O
or
RA
M
A
Licensing
Performance and Capacities Summary
Corporate Data Center Security performance data listed below is based on tests in
controlled lab conditions using PAN-OS 8.0. In virtualized
and cloud environments, many factors, such as type of CPU,
hypervisor version, numbers of cores assigned, memory and
tion enablement policies that are used to protect your network I/O options, can impact your performance. We rec-
ESXi-based private cloud. Common use cases include: ommend additional testing within your environment to ensure
your performance and capacity requirements are met.
Perimeter gateway In this use case, the VM-Series is
deployed as your gateway firewall, securing your vCloud
Air environment based on application, regardless of port
VM-100/ VM-300/
VM-50 VM200 VM-1000-HV VM-500 VM-700
Performance and Capacities (0.4 core) (2 Cores) (4 Cores) (8 Cores) (16 cores)
With single-root I/O virtualization (SR-IOV)/PCI passthrough of I/O enabled
Firewall throughput (App-ID enabled) 200 Mbps 2 Gbps 4 Gbps 8 Gbps 16 Gbps
Threat prevention throughput 100 Mbps 1 Gbps 2 Gbps 4 Gbps 8 Gbps
IPsec VPN throughput 100 Mbps 1 Gbps 1.8 Gbps 4 Gbps 6 Gbps
New sessions per second 3,000 15,000 30,000 60,000 120,000
With Distributed Virtual Switch (DVS)
Firewall throughput (App-ID enabled) 100 Mbps 1 Gbps 2 Gbps 4 Gbps 8 Gbps
Threat prevention throughput 50 Mbps 500 Mbps 1 Gbps 2 Gbps 4 Gbps
New sessions per second 1,000 8,000 15,000 30,000 60,000
Capacities
Max sessions 50,000 250,000 800,000 2,000,000 10,000,000
Max Security policies 250 1,500 10,000 10,000 20,000
Max Routes 5,000 5,000 20,000 64,000 200,000
IPsec tunnels 250 1,000 2,000 4,000 8,000
The performance and capacities results shown above were tested under following conditions:
Firewall and IPsec VPN throughput are measured with App-ID and User-ID technology features enabled.
Threat prevention throughput is measured with App-ID, User-ID, IPS, antivirus and anti-spyware features enabled.
Throughput is measured with 64KB HTTP transactions.
Connections per second is measured with 4KB HTTP transactions.
Virtualization Specifications
Image formats supported OVA
Hypervisors supported VMware ESXi 5.1, 5.5 and 6.0
VMware NSX Manager 6.0, 6.1 and 6.2
Network I/O options VMware paravirtual drivers (vmxnet3, e1000)
PCI pass-through
Single-root I/O Virtualization (SR-IOV)
Networking Features
Interface Modes: VLANs
L2, L3, tap, virtual wire (transparent mode): VM-Series 802.1q VLAN tags per device/per interface:
on ESXi 4,094/4,094
L3: vCloud Air Max interfaces:
Virtual wire (transparent mode): VM-Series on NSX 4096 (VM-500/VM-700)
2048 (VM-100/VM-300)
512 (VM-50)
Modes: Active/Passive with session synchronization L2, L3, tap, virtual wire (transparent mode)
Failure detection: path monitoring, Features: App-ID, User-ID, Content-ID technology,
interface monitoring WildFire threat analysis service and SSL decryption
To view additional information on the VM-Series security features and associated capacities, please visit
www.paloaltonetworks.com/products.
4401 Great America Parkway 2017 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found at
Main: +1.408.753.4000 http://www.paloaltonetworks.com/company/trademarks.html. All other
Sales: +1.866.320.4788 marks mentioned herein may be trademarks of their respective companies.
Support: +1.866.898.9087 vm-series-on-vmware-ds-050117
www.paloaltonetworks.com