Blue Lane VirtualShield for VMware Infrastructure 3

• Blue Lane VirtualShield for VMware Infrastructure 3 [2-Processor License]
  
  
• Blue Lane VirtualShield for VMware Infrastructure 3 [License for instance of VirtualShield Manager]
  
  
• Blue Lane VirtualShield for VMware Infrastructure 3 [Updates and 8x5 Online Customer Support For 2-Processor License (1-Year)]
  
  

• Protects virtual servers regardless of physical location or patch-level
• Eliminates remote threats without blocking legitimate application requests or requiring server reboots
• Up-to-date protection with no configuration changes and no agent installation on the host operating system
• Delivers appropriate protection for specific applications without requiring any manual tuning

VirtualShield Dynamic Content ensures up-to-date virtual server protection without interruption to availability.

Dynamic Protocol Handlers

• Full context decoding within and across sessions for over 70 protocols
• Eliminates exploit-bypass situations and false-negatives
• Addresses IP-, TCP- and UDP-level evasion techniques such as IP fragmentation and TCP segmentation

Inline Patches

• Individual inline patches correlate one-to-one with the software vendor security patch
• Preserves application availability by emulating the corrective action of the vendor patch, rather than employing signatures that are subject to false-positives
• Vulnerability-specific, rather than attack-specific, so current and future attack variants and vectors are addressed in a single instance

Inline Application Policies

• Enforces good server hygiene by preventing prohibited activities and disabling services
• Provides remediation for a class of vulnerabilities that software patches do not address

The Core Platform provides the unique capabilities for VirtualShield to track virtual server inventory, monitor traffic within the hypervisor, and correct vulnerabilities on the fly with insignificant latency.

Session & Asset Manager

• Manages inventory of virtual servers, applications, ports and protocols
• Maintains full session context of all relevant server transactions

Inline Correction Engine

• Complete repository of callable functions common to inline patches
• Can modify traffic, such as truncating strings or converting Unicode to ASCII
• Enables Inline Patches to accurately emulate software patches

Transparent TCP/IP Transformer

• Provides the ability to modify data in midstream without disrupting server sessions
• Inserts transparently into ESX Server without impact to guest VMs
• High throughput and low latency, scaling proportionately with ESX Server resource controls

Purpose-built ESX Server 3 Plug-in
Integrates seamlessly with the hypervisor
No physical appliance placement needed or hardware assist required

Virtual Server Discovery
Continually detects and catalogs applications, services and operating system versions to accurately account for all virtual servers, including those just loaded from a SAN or physically relocated by VMotion
Eliminates configuration and tuning burden of traditional security solutions

End-point Awareness
Complete server asset inventory is mapped to application-specific protection profiles
Server-bound traffic is checked only within appropriate application protocols, ensuring precise detection and correction logic
100% accuracy—no false positives, no false negatives

Automated Provisioning
Newly detected servers are automatically protected, ensuring a secure virtual environment regardless of unpatched vulnerabilities
Reduces operational costs associated with physical patch management

Dynamically Loadable Content
New inline patches, policies, and application coverage can be added to the core platform on the fly without restarting any service

Zero Footprint
Up-to-date protection with no configuration changes and no agent installation on the host operating system

Zero Downtime
Eliminates remote threats without blocking legitimate application requests or requiring server reboots

Zero Tuning
Delivers appropriate protection for specific applications without requiring any manual tuning

1) VirtualShield is licensed in increments of two (2) processor sockets; each license supports up to 2 processors
- e.g., a 2-processor server running VirtualShield requires one license
- e.g., a 4-processor server running VirtualShield requires two licenses

2) A processor is defined as a single physical chip with its own socket, running up to four (4) cores per processor

3) VirtualShield can be deployed on any combination of servers assigned to a single VirtualShield Manager, up to the number of licenses purchased

4) VirtualShield is licensed to protect only virtual machines that are local to the licensed processors
- Configurations using VirtualShield to protect virtual machines running on remote processors require licenses for those processors

Protected Operating Systems & Applications
Operating Systems: Network & Core Services

• Microsoft Windows NT Server, Microsoft Windows 2000, Microsoft Windows Server 2003
• Solaris (7, 8, 9, 10), Novell Suse (8, 9, 10), redhat (EL 2, 3, 4), FreeBSD

Database Servers

• Microsoft SQL Server 2000, Microsoft SQL Server 2005

Email Servers

• Microsoft Exchange Server (5.0, 5.5, 2003), Sendmail.org, Courier IMAP, Cyrus

Application Servers

• Apache, Microsoft (IIS v1-v6), iPlanet

Other Applications

• Samba, Washington University FTP, BIND, Microsoft Partner Program, Oracle Partner Network EMGC Partner, Qualys, Redhat Ready, vmware technology partner

VirtualShield System Requirements

• Compatible with VMware ESX 3.0.1 or greater
• Minimum 1GB Memory (512MB reserved)
• Minimum 1 Virtual CPU (resources can be scaled depending on ESX server load)
• Supports: vSwitch bridging, 802.1q VLANS, multiple vSwitch configurations

VirtualShield Manager System Requirements

• Compatible with VMware ESX 3.0.1 or greater
• Minimum 2GB Memory (1GB reserved)
• Minimum 1 Virtual CPU (resources can be scaled depending on ESX server load, number of protected virtualized servers and events)
• Supports up to 100 VirtualShields