Beruflich Dokumente
Kultur Dokumente
P R O D U C T D ATA S H E E T / 1
VMware vShield Zones
Enforce multi-tenant isolation for external or private clouds. Key Features of VMware vShield Zones
VMware vShield Zones can create isolated and contained
datacenter zones to prevent any network leakage of data or user Central Management of Logical Zone Boundaries
activity across multiple tenants sharing a single cloud and Segmentation
infrastructure. Scale isolation to hundreds of tenants without • Leverage existing virtual infrastructure containers –
introducing excessive network complexity or management hosts, virtual switches, VLANs – as logical trust or
caused by individual virtual switches and virtual LANs (VLANs). organizational zones
Monitor for unauthorized access within the virtual datacenter. • Define policies to bridge, firewall, or isolate network traffic
Wide open internal networks facilitate the spread of malware between zone boundaries
and illegitimate activity. VMware vShield Zones can monitor and • Manage and deploy policies across entire VMware vCenter
log traffic between virtual machines and to the Internet on an Server deployment
application protocol level. Unusual patterns of activity that may
be indicative of worms or unauthorized access can be identified • Integrate with VMware vCenter Server and automatically
through graphical and tabular reports, and specific network deploy on existing virtual networks
flows can be quickly converted into precise blocking rules at an • Scan and discover existing applications running on virtual
individual machine or aggregate levels. machines to identify application protocols
Network Enforcement and Flow Monitoring
How Does VMware vShield Zones Work? • Classify traffic by network or application protocol (e.g. HTTP,
VMware vShield Zones eases the burden of partitioning RDP, SNMP)
VMware vSphere™ deployments into multiple secure and • Performantly filter traffic with stateful packet inspection (SPI)
contained zones of activity, so that virtualization can deliver
efficiency, utilization, and availability into datacenter areas of • Track dynamic port connections for protocols such as FTP
greater sensitivity or confidentiality without exposing users or
• Track network connections across VMware VMotion
data to greater risk or breaching security or compliance
migration events.
mandates around network controls. VMware vShield Zones
presents network monitoring and access management in a • Easily convert observed network flows into precise network
highly virtualization-aware and application-aware context, so enforcement rules.
that administrators can define access policies that intuitively
• Monitor both allowed and disallowed activity
map to logical trust or organizational zone boundaries expressed
in their existing VMware vCenter Server management hierarchy Management and Reporting
and network topology. • Access the Web-based vShield Manager interface remotely
from any Web browser
VMware vShield Zones consists of the VMware vShield Manager,
which provides centralized management of monitoring and • Configure administrators to be common with VMware vCenter
access policies across an entire deployment, and VMware vShield Server or distinct for separation of duties and roles
Zones appliances that provide the runtime enforcement.
• View activity hierarchically at individual virtual machine or
VMware vShield Manager is deployed as a virtual appliance and
aggregate levels and generate graphical or tabular reports
integrates automatically with VMware vCenter Server to present
policies and events in the context of the existing virtual • Retain log data for archival and compliance purposes
machines, networks, host, and clusters.
• Export events and data using syslog format
VMware vShield Zones virtual appliances are distributed and
deployed inline on the virtual switches on VMware ESX hosts to
Find Out More
provide runtime visibility and enforcement of traffic. Network
activity between zones and to the outside is logged and For information or to purchase VMware products, call 1-877-
classified according to application network protocol, and packets 4VMWARE (outside of North America dial +1-650-427-5000),
are filtered inline to block any disallowed protocols or access. visit www.vmware.com/products/vshield-zones/, or search
Events are consolidated back to the VMware vShield Manager, online for an authorized reseller. For detailed product
where activity across the entire datacenter can be logged, specifications and systems requirements, please refer to the
viewed and exported to third-party management solutions. VMware vShield Zones install and configure guide.
VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com
Copyright © 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be
trademarks of their respective companies. Item No: VMW_09Q3_DS_vSZ_USLET_EN_P2_R3