VMware presentation

homuskratNetworking and Communications

Nov 20, 2013 (3 years and 10 months ago)

125 views

© 2011 VMware Inc. All rights reserved

Confidential

VMware Direction

Jonathan Gohstand, Director, Security & Networking Product Marketing

2

Confidential

Agenda


VMware
S
ecurity
S
trategy Overview and Opportunity


Technical Integration Points


Channel Training Program Status


Technical Partner Program Status

3

Confidential

What’s the Current Situation?


IT plowed ahead with virtualization; security took a back seat


Bolt
-
on security is the typical situation (agents; DC perimeter
security, VLAN
-
based network appliances)


The uneasy truce sets in…


Private and public clouds create new issues


Self service paradigm and speed


Loss of data control


Difficulty in implementing decent compliance controls (e.g. agents)

4

Confidential

Today: Network & Security: Virtualize the Infrastructure

VDS

Datacenter Fabric Virtualization

VXLAN

Extensible, isolated VLANs

vShield

Edge: Secure VDC Access

App: VM Isolation

Endpoint: VM Protection

Partners

Insert partner appliances

At host, network, edge

5

Confidential

Integration Points for Security and Networking

Management and Context

Virtual DC 3

Virtual DC 2

Virtual DC 1

Intra
-
Guest VM

Access into the
workloads.

Eliminate agents

Virtual NIC

Access to network
data into/out of the
guest.

Network Visibility

Virtual DC Edge

Access to network
data into/out of the
Virtual Datacenter.

Edge Services

6

Confidential

Future: Move Towards Software
-
Defined Networks & Services

Network Services

Edge Services

Netsec Services

EPSec Services

Partner Services

VMware Cloud
Infrastructure Suite

-
Abstracts virtualized
networking and security
from VMware & partners

-
Delivers programmable
provider & tenant services

-
Enables “better than
physical” services via
greater context information
(moving away from bolt
-
on
services)


Business Drivers


Flexibility & faster
provisioning of workloads


Lower operational costs

7

Confidential

This Could be the Interesting Bit…


Areas where VMware can contribute


Resource efficiency (e.g. file scanning; mixed trust levels in a cluster)


“Better” security/compliance



Lower cost operations


Examples


Enable migration of isolation very close to the workloads


Context: What apps/DBs are being created; Who’s accessing what


Drive whitelisting approach


Infrastructure: Encryption services; file hashing services


8

Confidential

Where’s the Bun?...and What’s That Meat?

Go To Market: Channel
and Technical Partners

VMware Capabilities

Technical Integration
Partners

9

Confidential

Channel Partner Training Program


Under Development


Remove security and compliance as an inhibitor to virtualization
adoption


Provide an education program for channel partners so that they start to help
customers move to virtual in a secure, compliant manner


Educate partners on security and compliance in a virtual environment and how
VMware addresses these requirements


Focus on key VMware solutions (e.g. business critical apps, VDI)


Target Partners


Focused security resellers: enable them to maintain trusted advisor status as
their customers move from physical to virtual
environment. Optionally how to
install and operate VMware products (if they decide to
offer services)


VMware partners: Help them understand possible security roadblocks to their
key sales motions and how to deal with them. Optionally how to install and
operate VMware products (if they decide to tackle security themselves)


Systems Integrators: enable them to include vShield as part of their
config
/operate services

10

Confidential

Competency Course Structure


Draft
Curiculum

Pre
-
Sales

Virtualization Security Overview:
Principles and Issues

Compliance in virtual datacenter

VMware vSphere Hardening

VMware Security and Compliance
offerings

Protecting Business Critical Apps

Securing the Private Cloud

Protecting Virtual Desktops

Optional: Product Deep Dive for
vShield
, VCM and Horizon

Ecosystem Enablement and APIs

Configure and Operate

Post
-
Sales (Optional)

Getting Started

vShield Edge

vShield App

VCM

Horizon

Securing Virtual Desktops

Securing vSphere/
vCenter

11

Confidential

Technical Partnerships...

So Whatever Happened to VMsafe?


VMsafe was suspended some time ago


As new APIs are being developed, a small number of “design
partners” have been involved


What’s needed is a formal, scalable program for technical partners,
including certification criteria & test cases, bug tracking &
resolution, go
-
to
-
market support


We

re currently working on securing the necessary resources to
make such a program a reality


Will be part of the “VMware Ready” program


Watch this space….

12

Confidential

Summary…A Work in Progress


Significant opportunities


Lowering overhead costs & automating controls


Improving responsiveness


Gaining resource efficiency


Significant Challenges


New attack/compliance issues created, especially at the platform level


It’s not a security company


“We got this far OK…” a.k.a. “Are customers motivated enough?”


Customer risk/reward imbalance


Financial justification


Realistically partnerships are the only way forward…