SlideShare une entreprise Scribd logo

VMworld 2013: VMware Compliance Reference Architecture Framework Overview

VMworld
VMworld

VMworld 2013 Jerry Breaud, VMware Allen Shortnacy, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare

Technologie
1  sur  38
Télécharger pour lire hors ligne
VMware Compliance Reference Architecture Framework Overview Jerry Breaud, VMware Allen Shortnacy, VMware SEC5428 #SEC5428
2 Agenda  VMware Compliance Reference Architecture Framework  Compliance Reference Architecture Methodology  NSX Service Composer for Compliance Architectures  Network Virtualization  NSX Network Services  Other VMware Product Capabilities Relative to Compliance  Summary  Next Steps VMworld and Beyond
3 Competing Concerns – Pick Any 2 “Are you getting the maximum efficiency out of your infrastructure?” “How quickly can IT respond to LOB requests?” • Legislative Compliance • Security – Corp Assets & IP • Risk Reduction • SLAs & Business Continuity ?
4 Infrastructure Requirements  Access Control  Segmentation  Remediation  Automation  Policy Management  Audit Common Control Frameworks Regulations, Standards, Best Practices Reference Architectures PCI Zone VMware vSphere Security & Compliance Influence Design of the SDDC
5 VMware Compliance Reference Architectures Reference ArchitecturesVMware Partners Auditors Product Applicability Architecture Design Auditor Validated Referfence Architecture
6 Technology Solution Categories Mapped to Regulations Description ISO PCI HIPAASANSCSA FISM A LOW FISM A MOD FISM A HIGH FedRAM P LOW FedRAM P M OD PCI Requirements NIST RequirementsCommon Required Technical Security Solutions 1 VAM VulnerabilityAssessment and Management Identify and track vulnerabilities 6.2, 6.5, 6.6, 11.2 RA-5 2 PT Penetration Testing Validate vulnerabilities 11.3 CA-2 3 SEIM SecurityEvent Information Monitoring Log and correlate environment data 10, A.1.3 SI-4, AU-2/3/6/10/12 4 IPS Intrusion Prevention System Identify attacks 11.4 SI-3, SI-4 5 FIM File IntegrityMonitoring Identify changed files 11.5 SI-7 6 2FA Two Factor Authentication Authenticate users 8.3 IA-2 7 IdM IdentityManagement Provision and deprovision users 8.1, 8.2, 8.5.1 IA-4 8 AAA Authentication, Authorization, Accounting (3A) Identity interaction nonrepudiation 7, 8.5 IA-5, AC-3 9 FW Network (N) and Host (H) Firewall Segment and protect networks 1 SC-7 10 AV Server and Endpoint Antivirus Protect against malware 5 SI-3 11 BU SystemBackups Systems survivability 10.5.3, 12.9.1 CP-9 12 DARE Data At Rest Encryption Protect data 3.4, 3.5, 3.6 SC-12/13/28, IA-7 13 DIME Data In Motion Encryption Protect data 2.3, 4, 8.4 SC-9/12/13, IA-7 14 DBM Database Monitoring Protect database environment 10, A.1.3 SI-4 15 CM Configuration Management Protect infrastructure 2.1, 2.2 SI-2, SA-10, CM-1/2/6 16 PM Patch Management Protect infrastructure 6.1 CM-2, SI-2 17 WAF* Web Application Firewall Protect user services 6.6 SI-3, SI-4, SC-7 18 DLP** Data Leakage Protection Identify sensitive data * Specifically called out in some authorities and implied control in others. Highly recommended where the Internet will be the primary use case. ** Not specifically called out in any authority.
7 DLP Encryption BC DR Anti Virus Endpoint Protection Firewall AAA Identity and Access 2 Factor AuthN File Integrity Monitoring IPS/IDS SIEM Penetration Testing Vulnerability Assessment Patch Mngmnt Config Mngmnt DB/App Monitor Technology Solution Categories
8 Remediation Automation AuditPolicy Privileged User Control Segmentation Compliance Use Cases
9 Compliance Regulations HIPAA HITECH FISMA FedRAMP NERCFINRA FFIEC PCI DSS
10 Compliance Reference Architecture Methodology  Dynamic Composition with Line of Sight • Regulatory Specificity for Audit • Regulation Independent Use Case Controls • Technology Partner Choice • Process Methodology for Delivery and Maturity
11 1 Compliance Challenges: Many Systems - Dashboards of Wonder Vulnerability Mgmt System Antivirus System Firewall vCenter IDS System DLP System
12 VMware NSX VMware NSX Logical Switch Logical Router Logical Firewall Logical Load Balancer • No multicast requirement • Bridge Physical - Virtual • GSLB & L7 LB • SSL Termination Logical VPN • Site-to-Site • Remote Access Gateway • Distributed & Line Rate • Identity Aware • Distributed L3 • Perimeter Routing NSX API NSX Controller NSX vSwitch – vDS on ESXi NSX Service Composer Extensibility Any Network Hardware
13 NSX Service Composer Security services can now be consumed more efficiently in the software-defined data center. Apply. Apply and visualize security policies for workloads, in one place. Automate. Automate workflows across different services, without custom integration. Provision. Provision and monitor uptime of different services, using one method.
14 Concept – Apply Policies to Workloads Security Groups WHAT you want to protect Members (VM, vNIC…) and Context (user identity, security posture HOW you want to protect it Services (Firewall, antivirus…) and Profiles (labels representing specific policies) APPLY Define security policies based on service profiles already defined (or blessed) by the security team. Apply these policies to one or more security groups where your workloads are members.
15 Software Defined Data Center Anti-Virus (AV), Anti-Malware Application Delivery Controller (ADC) Application Whitelisting Application Firewall Data Loss Prevention (DLP) Encryption File Integrity Monitoring (FIM) Firewall (Host/Network) Identity and Access Management Intrusion Detection/Prevention System (IDS/IPS) Load Balancer Network Forensics Network Gateway (VXLAN) Network Port Profile Network Switch Policy and Compliance Solution Security Intelligence and Event Management (SIEM) User Access Control (closest to our SAM) Vulnerability Management WAN Optimizer Web Filter Extend Platform to Best of Breed Services Properties of virtual services: • Programmatic provisioning • Place any workload anywhere • Move any workload anywhere • Decoupled from hardware • Operationally efficient
16 NSX Integrated Partners NSX Controller & NSX Manager NSX API Partner Extensions L2 Gateway FirewallADC/LB IDS/IPS + Cloud Management Platforms AV/FIM Vulnerability Management Security Services
17 Priv User Network Activity Monitoring Solution Categories CMP vCD, vCAC, etc. NSX Service Composer Automation vCO, Scripts, etc. API REST, Java, .NET NW Iso VXLAN, NAT Firewall TCP, Identity VPN IPsec, SSL DLP At Rest, Wire Priv User AAA, Session Recording AV Malware, Whitelist FIM Config Files, Registry IPS/IDS Monitor, Prevent, Report Vulnerability Penetration Testing Next Gen FW App Aware, Fine Grained App Layer IPS Encryption VMFS, VMDK, OS Configuration Management Patching SIEM Syslog, Event Correlation Platform (Future NSX Enabled) Extensibility NSX NSX Enabled Consumption VMware & Platform Partner VMware NSX Enabled Partner VMware + Customer/ 3rd Party/ Open Src Platform Partner Logging
18 Compute Virtualization The Network is a Barrier to Software Defined Data Center Any Physical Infrastructure • Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive Software Defined Data Center SOFTWARE-DEFINED DATACENTER SERVICES VDC
19 Network and Security Virtualization Must… 1. Decouple Physical Virtual 2. Reproduce 3. Automate Network Operations Cloud Operations Hardware independence Operational benefits of virtualization No change to network from end host perspective Virtual Physical
20 VMware NSX VMware NSX Logical Switch Logical Router Logical Firewall Logical Load Balancer • No multicast requirement • Bridge Physical - Virtual • GSLB & L7 LB • SSL Termination Logical VPN • Site-to-Site • Remote Access Gateway • Distributed & Line Rate • Identity Aware • Distributed L3 • Perimeter Routing NSX API NSX Controller NSX vSwitch – vDS on ESXi NSX Service Composer Extensibility Any Network Hardware
21 Logical Switching and Routing • Tightly coupled with physical networks • Hairpins and bottlenecks reduce performance and scale Before • Completely decoupled from hardware – Dynamic routing, no Multicast • Line rate performance with distributed scale out architecture • Connect existing networks with logical networks – L2 bridging With NSX • Speed of provisioning applications across racks, rows or data centers (up to Metro distances) • Enable higher server utilization, leverage existing physical network, only require basic IP hardware for future purchases • Create on demand networks to meet application needs Benefits DynamicRouting DynamicRouting DynamicRouting Physical Workload
22 Logical Load Balancing • Physical appliances are costly and create bottlenecks • Rigid architectures tie the application down Before • Cloud level feature set for SLB and GSLB with full HA • TSAM with enhanced health checks, connection throttling and CLI • Simplified Deployment in one-armed or inline mode With NSX • On demand LB services for any application enabling speedy deployment • Pay as you go model for services • Manage multiple LB instances with centralized management Benefits Logical Network Web1a Web1cWeb1b
23 Logical VPN • VPN Concentrators become bottlenecks and chokepoints Before • Per Tenant VPN appliance when needed • High Performance – hardware acceleration for IPSec and SSL • Site-2-Site, Client and Cloud VPN extends Corporate LAN With NSX • Network can be extended when needed for different use cases • No investment needed in large VPN Concentrators upfront Benefits Public Cloud
24 NSX Next Generation Firewall • Scale out architecture “bolted-on” to L3 with limited performance • Limited visibility and control unless hair-pinning (E/W) to L3 • Error prone, static VLANs and IP/port based policies Before • Massive scale and line rate performance • Virtualization and identity context • Centralized management across entire Datacenter With NSX • Simplified operations – single policy definition Benefits Physical View Web App DB Web App DB Servers Users “skinny VLANs” Business and Virtual Context Logical View VMware Logical View
25 vCenter Infrastructure Navigator Capabilities Automated discovery and dependency mapping Speedy and accurate discovery and dependency mapping of application services across virtual infrastructure & adjoining physical servers one hop away Rapid updates that keep mapping information up-to-date
26 Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director) ! ! ! Overview Benefits  More than 80 pre-defined templates for country/industry specific regulations  Accurately discover and report sensitive data in unstructured files with analysis engine  Segment off VMs with sensitive data in separate trust zones  Quickly identify sensitive data exposures  Reduce risk of non-compliance and reputation damage  Improve performance by offloading data discovery functions to a virtual appliance NSX Data Security Visibility Into Sensitive Data to Address Regulatory Compliance
27 vShield Endpoint Partners VMware vSphere Introspection SVM OS Hardened AV VM APP OS Kernel BIOS VM APP OS Kernel BIOS VM APP OS Kernel BIOS
28 vCenter Operations and Log Insight Machine Data comprises: • Structured Data • vCenter Operations • Unstructured Data • Log Insight Log Insight and vCenter Operations together provide a complete solution for Cloud Operations Management
29 vCenter Operations Configuration Manager Harden the VMware Infrastructure • Harden the configuration for ESX, network, storage, etc. • Harden the vSphere guest VM settings • Harden vCD/vCenter settings Harden the Guest OS • Physical and Virtual; Desktop and Servers; Win, UNIX, Mac Virtual Datacenter 1 Virtual Datacenter 2 PCI – PoS PCI Zone Non-PCI Zone ESX Hardening Cluster ACluster B VMware vSphere + vCenter Vendor Hardening Guidelines CIS Benchmarks FISMAHIPAASOX NERC/ FERC NIST ISO 27002 GLBADISA PCI DSSPCI DSS
30 Applicability to PCI Requirements PCI Requirement Products 1 Install/maintain a firewall configuration to protect cardholder data vSphere, NSX App/Edge, VIN 2 Don’t use defaults for system passwords/security parameters ESXi, vCenter, VCM, NSX 3 Protect stored cardholder data NSX, VCM 4 Encrypt transmission of cardholder data on public networks NSX Edge 5 Use and regularly update anti-virus software or programs vShield Endpoint + Partners 6 Develop and maintain secure systems and applications vSphere, NSX , VIN, VCM, VUM 7 Restrict access to cardholder data by business need to know vSphere, NSX, vCM 8 Assign a unique ID to each person with computer access ESXi, vSphere, NSX, VCM 9 Restrict physical access to cardholder data 10 Track and monitor all access to network resources/cardholder data vSphere, NSX, VIN, VCM, Log Insight 11 Regularly test security systems and processes VIN, VCM 12 Maintain a policy that addresses information security A1 Shared hosting providers must protect the cardholder data vSphere, NSX, vCD, VCM
31 Competing Concerns – Take All 3! “Are you getting the maximum efficiency out of your infrastructure?” “How quickly can IT respond to LOB requests?” • Legislative Compliance • Security – Corp Assets & IP • Risk Reduction • SLAs & Business Continuity
32 Summary – Key Takeaways  VMware, its Technology Partners and Audit Partners are working to validate reference architectures pertaining to mainstream regulations  Guidance is intended to educate SDDC architects, Information Risk personnel and Auditors involved in customer environments  Best practices for VMware and Technology Partner products, their configurations and usage in order to meet regulatory controls  VMware Compliance Reference Architectures will evolve to support new versions of products and the regulations themselves
33 VMworld: Security and Compliance Sessions Category Topic NSX • 5318: NSX Security Solutions In Action (201) • 5753: Dog Fooding NSX at VMware IT (201) • 5828: Datacenter Transformation (201) • 5582: Network Virtualization across Multiple Data Centers (201) NSX Firewall • 5893: Economies of the NSX Distributed Firewall (101) • 5755: NSX Next Generation Firewalls (201) • 5891: Build a Collapsed DMZ Architecture (301) • 5894: NSX Distributed Firewall (301) NSX Service Composer • 5749: Introducing NSX Service Composer (101) • 5750: NSX Automating Security Operations Workflows (201) • 5889: Troubleshooting and Monitoring NSX Service Composer (301) Compliance • 5428: Compliance Reference Architecture Framework Overview (101) • 5624: Accelerate Deployments – Compliance Reference Architecture (Customer Panel) (201) • 5253: Streamlining Compliance (201) • 5775: Segmentation (301) • 5820: Privileged User Control (301) • 5837: Operational Efficiencies (301) Other • 5589: Healthcare Customer Case Study: Maintaining PCI, HIPAA and HITECH Compliance in Virtualized Infrastructure (Catbird – Jefferson radiology) • 5178: Motivations and Solution Components for enabling Trusted Geolocation in the Cloud - A Panel discussion on NIST Reference Architecture (IR 7904). (Intel and HyTrust) • 5546: Insider Threat: Best Practices and Risk Mitigation techniques that your VMware based IaaS provider better be doing! (Intel)
34 For More Information… VMware Collateral VMware Approach to Compliance VMware Solution Guide for PCI VMware Architecture Design Guide for PCI VMware QSA Validated Reference Architecture PCI Partner Collateral VMware Partner Solution Guides for PCI How to Engage? compliance-solutions@vmware.com @VMW_Compliance on Twitter
3535 Other VMware Activities Related to This Session  HOL: HOL-SDC-1315 vCloud Suite Use Cases - Control & Compliance HOL-SDC-1317 vCloud Suite Use Cases - Business Critical Applications HOL-PRT-1306 Compliance Reference Architecture- Catbird, HyTrust and LogRhythm  Group Discussions: SEC1002-GD Compliance Reference Architecture: Integrating Firewall, Antivirus, Logging and IPS in the SDDC with Allen Shortnacy
THANK YOU
VMware Compliance Reference Architecture Framework Overview Allen Shortnacy, VMware SEC5428 #SEC5428

Recommandé

Cross selling 5
Cross selling 5Cross selling 5
Cross selling 5Sen Nathan
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
Bc product overview_v2c
Bc product overview_v2cBc product overview_v2c
Bc product overview_v2cSaurav Aich
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikalafloridawusergroup
 

Recommandé

Cross selling 5
Cross selling 5Cross selling 5
Cross selling 5Sen Nathan
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
Bc product overview_v2c
Bc product overview_v2cBc product overview_v2c
Bc product overview_v2cSaurav Aich
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
Data power v7 update - Ravi Katikala
Data power v7 update - Ravi KatikalaData power v7 update - Ravi Katikala
Data power v7 update - Ravi Katikalafloridawusergroup
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-dataKevin Mayo
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
Caretower's Managed ePO Brochure 180215
Caretower's Managed ePO Brochure 180215Caretower's Managed ePO Brochure 180215
Caretower's Managed ePO Brochure 180215Merlin Govender
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Barracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageBarracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageINSPIRIT BRASIL
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...Nur Shiqim Chok
 
Air defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAir defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAdvantec Distribution
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP DrupalMike Lemire
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Big Fix Architectural Overview
Big Fix Architectural OverviewBig Fix Architectural Overview
Big Fix Architectural OverviewBrian Dickhaus
 
PIW ISE best practices
PIW ISE best practicesPIW ISE best practices
PIW ISE best practicesSergey Kucherenko
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 
IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0RMayo22
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis iseLino Quivén
 
SECURE ACCESS GATEWAYS
SECURE ACCESS GATEWAYSSECURE ACCESS GATEWAYS
SECURE ACCESS GATEWAYS Array Networks
 
Mechanism Of Polymorphic And Metamorphic Virus
Mechanism Of Polymorphic And Metamorphic VirusMechanism Of Polymorphic And Metamorphic Virus
Mechanism Of Polymorphic And Metamorphic Virusvivid_0416
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
 
Computer viruses
Computer virusesComputer viruses
Computer virusesPankaj Kumawat
 

Contenu connexe

Tendances

Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-dataKevin Mayo
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
Caretower's Managed ePO Brochure 180215
Caretower's Managed ePO Brochure 180215Caretower's Managed ePO Brochure 180215
Caretower's Managed ePO Brochure 180215Merlin Govender
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Barracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageBarracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageINSPIRIT BRASIL
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...Nur Shiqim Chok
 
Air defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAir defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAdvantec Distribution
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP DrupalMike Lemire
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Big Fix Architectural Overview
Big Fix Architectural OverviewBig Fix Architectural Overview
Big Fix Architectural OverviewBrian Dickhaus
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 
IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0RMayo22
 

Tendances (19)

Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
Caretower's Managed ePO Brochure 180215
Caretower's Managed ePO Brochure 180215Caretower's Managed ePO Brochure 180215
Caretower's Managed ePO Brochure 180215
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Barracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantageBarracuda web application_firewall_wp_advantage
Barracuda web application_firewall_wp_advantage
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
 
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...
[Cisco Connect 2018 - Vietnam] Shamil fernando hcmc next-gen cisco sd-wan (vi...
 
Air defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAir defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheet
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 
Fisma FedRAMP Drupal
Fisma FedRAMP DrupalFisma FedRAMP Drupal
Fisma FedRAMP Drupal
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
Big Fix Architectural Overview
Big Fix Architectural OverviewBig Fix Architectural Overview
Big Fix Architectural Overview
 
PIW ISE best practices
PIW ISE best practicesPIW ISE best practices
PIW ISE best practices
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
 
IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0IBM Endpoint Manager V9.0
IBM Endpoint Manager V9.0
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
 
SECURE ACCESS GATEWAYS
SECURE ACCESS GATEWAYSSECURE ACCESS GATEWAYS
SECURE ACCESS GATEWAYS
 

En vedette

Mechanism Of Polymorphic And Metamorphic Virus
Mechanism Of Polymorphic And Metamorphic VirusMechanism Of Polymorphic And Metamorphic Virus
Mechanism Of Polymorphic And Metamorphic Virusvivid_0416
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsAntiy Labs
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
VMworld 2016 Recap
VMworld 2016 RecapVMworld 2016 Recap
VMworld 2016 RecapKevin Groat
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
もう一つのHCI VxRackとVBlock
もう一つのHCI VxRackとVBlockもう一つのHCI VxRackとVBlock
もう一つのHCI VxRackとVBlockGaku Takahashi
 
Emc vmax3 technical deep workshop
Emc vmax3 technical deep workshopEmc vmax3 technical deep workshop
Emc vmax3 technical deep workshopsolarisyougood
 
Blue Medora - VMware vROps Management Pack for VCE Vblock Overview
Blue Medora - VMware vROps Management Pack for VCE Vblock OverviewBlue Medora - VMware vROps Management Pack for VCE Vblock Overview
Blue Medora - VMware vROps Management Pack for VCE Vblock OverviewBlue Medora
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxsolarisyougood
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DivePooja Patel
 
Emc recoverpoint technical
Emc recoverpoint technicalEmc recoverpoint technical
Emc recoverpoint technicalsolarisyougood
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015Dmitri Kalintsev
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 

En vedette (20)

Mechanism Of Polymorphic And Metamorphic Virus
Mechanism Of Polymorphic And Metamorphic VirusMechanism Of Polymorphic And Metamorphic Virus
Mechanism Of Polymorphic And Metamorphic Virus
 
Security Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and SystemsSecurity Challenges of Antivirus Engines, Products and Systems
Security Challenges of Antivirus Engines, Products and Systems
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments
 
VMworld 2016 Recap
VMworld 2016 RecapVMworld 2016 Recap
VMworld 2016 Recap
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSX
 
もう一つのHCI VxRackとVBlock
もう一つのHCI VxRackとVBlockもう一つのHCI VxRackとVBlock
もう一つのHCI VxRackとVBlock
 
Emc vmax3 technical deep workshop
Emc vmax3 technical deep workshopEmc vmax3 technical deep workshop
Emc vmax3 technical deep workshop
 
Blue Medora - VMware vROps Management Pack for VCE Vblock Overview
Blue Medora - VMware vROps Management Pack for VCE Vblock OverviewBlue Medora - VMware vROps Management Pack for VCE Vblock Overview
Blue Medora - VMware vROps Management Pack for VCE Vblock Overview
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep Dive
 
Emc recoverpoint technical
Emc recoverpoint technicalEmc recoverpoint technical
Emc recoverpoint technical
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSX
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
 
NSX-MH
NSX-MHNSX-MH
NSX-MH
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
 
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
#NET5488 - Troubleshooting Methodology for VMware NSX - VMworld 2015
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 

Similaire à VMworld 2013: VMware Compliance Reference Architecture Framework Overview

f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdfGrigoryShkolnik1
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”MarketingArrowECS_CZ
 
VMworld 2013: SDDC is Here and Now: A Success Story
VMworld 2013: SDDC is Here and Now: A Success Story VMworld 2013: SDDC is Here and Now: A Success Story
VMworld 2013: SDDC is Here and Now: A Success Story VMworld
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Amazon Web Services
 
Dynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersDynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersA10 Networks
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...Amazon Web Services
 
VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...
VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...
VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...VMworld
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...Jürgen Ambrosi
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined NetworkingPrasenjit Sarkar
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data powersflynn073
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Scott Sims
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesTuan Phan
 

Similaire à VMworld 2013: VMware Compliance Reference Architecture Framework Overview (20)

f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdf
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
 
NetScaler 11 Update
NetScaler 11 UpdateNetScaler 11 Update
NetScaler 11 Update
 
VMworld 2013: SDDC is Here and Now: A Success Story
VMworld 2013: SDDC is Here and Now: A Success Story VMworld 2013: SDDC is Here and Now: A Success Story
VMworld 2013: SDDC is Here and Now: A Success Story
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
Modern Security and Compliance Through Automation | AWS Public Sector Summit ...
 
Dynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersDynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data Centers
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
 
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...
 
VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...
VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...
VMworld 2013: Introduction to the vCloud Suite and the Software-Defined Data ...
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined Networking
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data power
 
Sophos XG Firewall
Sophos XG FirewallSophos XG Firewall
Sophos XG Firewall
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016
 
Fedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slidesFedramp developing-system-security-plan-slides
Fedramp developing-system-security-plan-slides
 

Plus de VMworld

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld
 
VMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld
 

Plus de VMworld (20)

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep Dive
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations!
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way!
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphere
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
 
VMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep DiveVMworld 2015: Virtual Volumes Technical Deep Dive
VMworld 2015: Virtual Volumes Technical Deep Dive
 

Dernier

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Dernier (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

VMworld 2013: VMware Compliance Reference Architecture Framework Overview

  • 1. VMware Compliance Reference Architecture Framework Overview Jerry Breaud, VMware Allen Shortnacy, VMware SEC5428 #SEC5428
  • 2. 2 Agenda  VMware Compliance Reference Architecture Framework  Compliance Reference Architecture Methodology  NSX Service Composer for Compliance Architectures  Network Virtualization  NSX Network Services  Other VMware Product Capabilities Relative to Compliance  Summary  Next Steps VMworld and Beyond
  • 3. 3 Competing Concerns – Pick Any 2 “Are you getting the maximum efficiency out of your infrastructure?” “How quickly can IT respond to LOB requests?” • Legislative Compliance • Security – Corp Assets & IP • Risk Reduction • SLAs & Business Continuity ?
  • 4. 4 Infrastructure Requirements  Access Control  Segmentation  Remediation  Automation  Policy Management  Audit Common Control Frameworks Regulations, Standards, Best Practices Reference Architectures PCI Zone VMware vSphere Security & Compliance Influence Design of the SDDC
  • 5. 5 VMware Compliance Reference Architectures Reference ArchitecturesVMware Partners Auditors Product Applicability Architecture Design Auditor Validated Referfence Architecture
  • 6. 6 Technology Solution Categories Mapped to Regulations Description ISO PCI HIPAASANSCSA FISM A LOW FISM A MOD FISM A HIGH FedRAM P LOW FedRAM P M OD PCI Requirements NIST RequirementsCommon Required Technical Security Solutions 1 VAM VulnerabilityAssessment and Management Identify and track vulnerabilities 6.2, 6.5, 6.6, 11.2 RA-5 2 PT Penetration Testing Validate vulnerabilities 11.3 CA-2 3 SEIM SecurityEvent Information Monitoring Log and correlate environment data 10, A.1.3 SI-4, AU-2/3/6/10/12 4 IPS Intrusion Prevention System Identify attacks 11.4 SI-3, SI-4 5 FIM File IntegrityMonitoring Identify changed files 11.5 SI-7 6 2FA Two Factor Authentication Authenticate users 8.3 IA-2 7 IdM IdentityManagement Provision and deprovision users 8.1, 8.2, 8.5.1 IA-4 8 AAA Authentication, Authorization, Accounting (3A) Identity interaction nonrepudiation 7, 8.5 IA-5, AC-3 9 FW Network (N) and Host (H) Firewall Segment and protect networks 1 SC-7 10 AV Server and Endpoint Antivirus Protect against malware 5 SI-3 11 BU SystemBackups Systems survivability 10.5.3, 12.9.1 CP-9 12 DARE Data At Rest Encryption Protect data 3.4, 3.5, 3.6 SC-12/13/28, IA-7 13 DIME Data In Motion Encryption Protect data 2.3, 4, 8.4 SC-9/12/13, IA-7 14 DBM Database Monitoring Protect database environment 10, A.1.3 SI-4 15 CM Configuration Management Protect infrastructure 2.1, 2.2 SI-2, SA-10, CM-1/2/6 16 PM Patch Management Protect infrastructure 6.1 CM-2, SI-2 17 WAF* Web Application Firewall Protect user services 6.6 SI-3, SI-4, SC-7 18 DLP** Data Leakage Protection Identify sensitive data * Specifically called out in some authorities and implied control in others. Highly recommended where the Internet will be the primary use case. ** Not specifically called out in any authority.
  • 7. 7 DLP Encryption BC DR Anti Virus Endpoint Protection Firewall AAA Identity and Access 2 Factor AuthN File Integrity Monitoring IPS/IDS SIEM Penetration Testing Vulnerability Assessment Patch Mngmnt Config Mngmnt DB/App Monitor Technology Solution Categories
  • 10. 10 Compliance Reference Architecture Methodology  Dynamic Composition with Line of Sight • Regulatory Specificity for Audit • Regulation Independent Use Case Controls • Technology Partner Choice • Process Methodology for Delivery and Maturity
  • 11. 11 1 Compliance Challenges: Many Systems - Dashboards of Wonder Vulnerability Mgmt System Antivirus System Firewall vCenter IDS System DLP System
  • 12. 12 VMware NSX VMware NSX Logical Switch Logical Router Logical Firewall Logical Load Balancer • No multicast requirement • Bridge Physical - Virtual • GSLB & L7 LB • SSL Termination Logical VPN • Site-to-Site • Remote Access Gateway • Distributed & Line Rate • Identity Aware • Distributed L3 • Perimeter Routing NSX API NSX Controller NSX vSwitch – vDS on ESXi NSX Service Composer Extensibility Any Network Hardware
  • 13. 13 NSX Service Composer Security services can now be consumed more efficiently in the software-defined data center. Apply. Apply and visualize security policies for workloads, in one place. Automate. Automate workflows across different services, without custom integration. Provision. Provision and monitor uptime of different services, using one method.
  • 14. 14 Concept – Apply Policies to Workloads Security Groups WHAT you want to protect Members (VM, vNIC…) and Context (user identity, security posture HOW you want to protect it Services (Firewall, antivirus…) and Profiles (labels representing specific policies) APPLY Define security policies based on service profiles already defined (or blessed) by the security team. Apply these policies to one or more security groups where your workloads are members.
  • 15. 15 Software Defined Data Center Anti-Virus (AV), Anti-Malware Application Delivery Controller (ADC) Application Whitelisting Application Firewall Data Loss Prevention (DLP) Encryption File Integrity Monitoring (FIM) Firewall (Host/Network) Identity and Access Management Intrusion Detection/Prevention System (IDS/IPS) Load Balancer Network Forensics Network Gateway (VXLAN) Network Port Profile Network Switch Policy and Compliance Solution Security Intelligence and Event Management (SIEM) User Access Control (closest to our SAM) Vulnerability Management WAN Optimizer Web Filter Extend Platform to Best of Breed Services Properties of virtual services: • Programmatic provisioning • Place any workload anywhere • Move any workload anywhere • Decoupled from hardware • Operationally efficient
  • 16. 16 NSX Integrated Partners NSX Controller & NSX Manager NSX API Partner Extensions L2 Gateway FirewallADC/LB IDS/IPS + Cloud Management Platforms AV/FIM Vulnerability Management Security Services
  • 17. 17 Priv User Network Activity Monitoring Solution Categories CMP vCD, vCAC, etc. NSX Service Composer Automation vCO, Scripts, etc. API REST, Java, .NET NW Iso VXLAN, NAT Firewall TCP, Identity VPN IPsec, SSL DLP At Rest, Wire Priv User AAA, Session Recording AV Malware, Whitelist FIM Config Files, Registry IPS/IDS Monitor, Prevent, Report Vulnerability Penetration Testing Next Gen FW App Aware, Fine Grained App Layer IPS Encryption VMFS, VMDK, OS Configuration Management Patching SIEM Syslog, Event Correlation Platform (Future NSX Enabled) Extensibility NSX NSX Enabled Consumption VMware & Platform Partner VMware NSX Enabled Partner VMware + Customer/ 3rd Party/ Open Src Platform Partner Logging
  • 18. 18 Compute Virtualization The Network is a Barrier to Software Defined Data Center Any Physical Infrastructure • Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive Software Defined Data Center SOFTWARE-DEFINED DATACENTER SERVICES VDC
  • 19. 19 Network and Security Virtualization Must… 1. Decouple Physical Virtual 2. Reproduce 3. Automate Network Operations Cloud Operations Hardware independence Operational benefits of virtualization No change to network from end host perspective Virtual Physical
  • 20. 20 VMware NSX VMware NSX Logical Switch Logical Router Logical Firewall Logical Load Balancer • No multicast requirement • Bridge Physical - Virtual • GSLB & L7 LB • SSL Termination Logical VPN • Site-to-Site • Remote Access Gateway • Distributed & Line Rate • Identity Aware • Distributed L3 • Perimeter Routing NSX API NSX Controller NSX vSwitch – vDS on ESXi NSX Service Composer Extensibility Any Network Hardware
  • 21. 21 Logical Switching and Routing • Tightly coupled with physical networks • Hairpins and bottlenecks reduce performance and scale Before • Completely decoupled from hardware – Dynamic routing, no Multicast • Line rate performance with distributed scale out architecture • Connect existing networks with logical networks – L2 bridging With NSX • Speed of provisioning applications across racks, rows or data centers (up to Metro distances) • Enable higher server utilization, leverage existing physical network, only require basic IP hardware for future purchases • Create on demand networks to meet application needs Benefits DynamicRouting DynamicRouting DynamicRouting Physical Workload
  • 22. 22 Logical Load Balancing • Physical appliances are costly and create bottlenecks • Rigid architectures tie the application down Before • Cloud level feature set for SLB and GSLB with full HA • TSAM with enhanced health checks, connection throttling and CLI • Simplified Deployment in one-armed or inline mode With NSX • On demand LB services for any application enabling speedy deployment • Pay as you go model for services • Manage multiple LB instances with centralized management Benefits Logical Network Web1a Web1cWeb1b
  • 23. 23 Logical VPN • VPN Concentrators become bottlenecks and chokepoints Before • Per Tenant VPN appliance when needed • High Performance – hardware acceleration for IPSec and SSL • Site-2-Site, Client and Cloud VPN extends Corporate LAN With NSX • Network can be extended when needed for different use cases • No investment needed in large VPN Concentrators upfront Benefits Public Cloud
  • 24. 24 NSX Next Generation Firewall • Scale out architecture “bolted-on” to L3 with limited performance • Limited visibility and control unless hair-pinning (E/W) to L3 • Error prone, static VLANs and IP/port based policies Before • Massive scale and line rate performance • Virtualization and identity context • Centralized management across entire Datacenter With NSX • Simplified operations – single policy definition Benefits Physical View Web App DB Web App DB Servers Users “skinny VLANs” Business and Virtual Context Logical View VMware Logical View
  • 25. 25 vCenter Infrastructure Navigator Capabilities Automated discovery and dependency mapping Speedy and accurate discovery and dependency mapping of application services across virtual infrastructure & adjoining physical servers one hop away Rapid updates that keep mapping information up-to-date
  • 26. 26 Cloud Infrastructure (vSphere, vCenter, vShield, vCloud Director) ! ! ! Overview Benefits  More than 80 pre-defined templates for country/industry specific regulations  Accurately discover and report sensitive data in unstructured files with analysis engine  Segment off VMs with sensitive data in separate trust zones  Quickly identify sensitive data exposures  Reduce risk of non-compliance and reputation damage  Improve performance by offloading data discovery functions to a virtual appliance NSX Data Security Visibility Into Sensitive Data to Address Regulatory Compliance
  • 27. 27 vShield Endpoint Partners VMware vSphere Introspection SVM OS Hardened AV VM APP OS Kernel BIOS VM APP OS Kernel BIOS VM APP OS Kernel BIOS
  • 28. 28 vCenter Operations and Log Insight Machine Data comprises: • Structured Data • vCenter Operations • Unstructured Data • Log Insight Log Insight and vCenter Operations together provide a complete solution for Cloud Operations Management
  • 29. 29 vCenter Operations Configuration Manager Harden the VMware Infrastructure • Harden the configuration for ESX, network, storage, etc. • Harden the vSphere guest VM settings • Harden vCD/vCenter settings Harden the Guest OS • Physical and Virtual; Desktop and Servers; Win, UNIX, Mac Virtual Datacenter 1 Virtual Datacenter 2 PCI – PoS PCI Zone Non-PCI Zone ESX Hardening Cluster ACluster B VMware vSphere + vCenter Vendor Hardening Guidelines CIS Benchmarks FISMAHIPAASOX NERC/ FERC NIST ISO 27002 GLBADISA PCI DSSPCI DSS
  • 30. 30 Applicability to PCI Requirements PCI Requirement Products 1 Install/maintain a firewall configuration to protect cardholder data vSphere, NSX App/Edge, VIN 2 Don’t use defaults for system passwords/security parameters ESXi, vCenter, VCM, NSX 3 Protect stored cardholder data NSX, VCM 4 Encrypt transmission of cardholder data on public networks NSX Edge 5 Use and regularly update anti-virus software or programs vShield Endpoint + Partners 6 Develop and maintain secure systems and applications vSphere, NSX , VIN, VCM, VUM 7 Restrict access to cardholder data by business need to know vSphere, NSX, vCM 8 Assign a unique ID to each person with computer access ESXi, vSphere, NSX, VCM 9 Restrict physical access to cardholder data 10 Track and monitor all access to network resources/cardholder data vSphere, NSX, VIN, VCM, Log Insight 11 Regularly test security systems and processes VIN, VCM 12 Maintain a policy that addresses information security A1 Shared hosting providers must protect the cardholder data vSphere, NSX, vCD, VCM
  • 31. 31 Competing Concerns – Take All 3! “Are you getting the maximum efficiency out of your infrastructure?” “How quickly can IT respond to LOB requests?” • Legislative Compliance • Security – Corp Assets & IP • Risk Reduction • SLAs & Business Continuity
  • 32. 32 Summary – Key Takeaways  VMware, its Technology Partners and Audit Partners are working to validate reference architectures pertaining to mainstream regulations  Guidance is intended to educate SDDC architects, Information Risk personnel and Auditors involved in customer environments  Best practices for VMware and Technology Partner products, their configurations and usage in order to meet regulatory controls  VMware Compliance Reference Architectures will evolve to support new versions of products and the regulations themselves
  • 33. 33 VMworld: Security and Compliance Sessions Category Topic NSX • 5318: NSX Security Solutions In Action (201) • 5753: Dog Fooding NSX at VMware IT (201) • 5828: Datacenter Transformation (201) • 5582: Network Virtualization across Multiple Data Centers (201) NSX Firewall • 5893: Economies of the NSX Distributed Firewall (101) • 5755: NSX Next Generation Firewalls (201) • 5891: Build a Collapsed DMZ Architecture (301) • 5894: NSX Distributed Firewall (301) NSX Service Composer • 5749: Introducing NSX Service Composer (101) • 5750: NSX Automating Security Operations Workflows (201) • 5889: Troubleshooting and Monitoring NSX Service Composer (301) Compliance • 5428: Compliance Reference Architecture Framework Overview (101) • 5624: Accelerate Deployments – Compliance Reference Architecture (Customer Panel) (201) • 5253: Streamlining Compliance (201) • 5775: Segmentation (301) • 5820: Privileged User Control (301) • 5837: Operational Efficiencies (301) Other • 5589: Healthcare Customer Case Study: Maintaining PCI, HIPAA and HITECH Compliance in Virtualized Infrastructure (Catbird – Jefferson radiology) • 5178: Motivations and Solution Components for enabling Trusted Geolocation in the Cloud - A Panel discussion on NIST Reference Architecture (IR 7904). (Intel and HyTrust) • 5546: Insider Threat: Best Practices and Risk Mitigation techniques that your VMware based IaaS provider better be doing! (Intel)
  • 34. 34 For More Information… VMware Collateral VMware Approach to Compliance VMware Solution Guide for PCI VMware Architecture Design Guide for PCI VMware QSA Validated Reference Architecture PCI Partner Collateral VMware Partner Solution Guides for PCI How to Engage? compliance-solutions@vmware.com @VMW_Compliance on Twitter
  • 35. 3535 Other VMware Activities Related to This Session  HOL: HOL-SDC-1315 vCloud Suite Use Cases - Control & Compliance HOL-SDC-1317 vCloud Suite Use Cases - Business Critical Applications HOL-PRT-1306 Compliance Reference Architecture- Catbird, HyTrust and LogRhythm  Group Discussions: SEC1002-GD Compliance Reference Architecture: Integrating Firewall, Antivirus, Logging and IPS in the SDDC with Allen Shortnacy
  • 37.
  • 38. VMware Compliance Reference Architecture Framework Overview Allen Shortnacy, VMware SEC5428 #SEC5428