Other product variants may be available, please contact us or request a call back if you cannot see what you are looking for.

Product Information

With the VMware vShield product family you can enhance your VMware virtual infrastructure’s application and data security and improve compliance and control. Secure virtual machines at all levels - at the host, network, application, data and endpoint. With vShield you can apply security that travels with virtual machines as they migrate across physical hosts and can run applications efficiently whilst maintaining trust and network segmentation of users and data.

The following vShield products are available:

VMware vShield App - application protection against network-based threats
VMware vShield App with Data Security - adds sensitive data discovery capabilities
VMware vShield Edge - network security for the virtual datacenter perimeter
VMware vShield Endpoint - offload and streamline anti-virus and anti-malware functions
VMware vShield Manager - included with all vShield products, provides a central point of control
VMware vShield Bundle - includes all vShield products - vShield App with Data Security, vShield Edge, vShield Endpoint and vShield Manager.

New Features

What's new in VMware vShield 5

• New product - vShield App with Data Security - adds sensitive data discovery. For example find credit card numbers in virtualised workloads to help compliance with regulations such as PCI-DSS. Supports scanning of .doc, .xls, .pdf, .txt, .zip and more.
• New product - vShield Bundle - includes all vShield products in one easy to order bundle package.
• Role based access control - provides clear separation of workflow for virtual infrastructure administrators and security administrators, helping to improve security of applications and data.
• Layer 2 firewall - protect against password sniffing, DHCP snooping, ARP spoofing/poisoning and more
• Improved scalability and performance - helps meet requirements for enterprise-class cloud deployments
• Flexible IP addressing - take advantage of the ability to use the same IP address is multiple tenant zones
• Application-aware firewalling - improves security by only opening ports and sessions when needed for common applications including Oracle, Microsoft Exchange and Microsoft RPC.

Features

For Network Edge - vShield Edge

Firewall

• Perimeter (Layer 3) firewall, which does not require network address translation (NAT)
• Stateful inspection firewall, with inbound and outbound connection control rules based on the following parameters: IP address – source/destination IP address, Ports – source/destination port, Protocol – type (TCP or UDP).

Network address translation

• IP address translation to and from the virtualised environment
• Masquerading of virtual datacenter IP addresses to untrusted locations

Dynamic host configuration protocol

• Automatic IP address provisioning to virtual machines in vSphere environments
• Administrator-defined parameters (such as address pools, lease times and dedicated IP addresses)

Site-to-Site VPN

• Secure communication between virtual datacenters (or edge security virtual machines)
• Internet Protocol Security (IPsec) VPN with support for certificate authentication, as well as shared key, based on the Internet Key Exchange (IKE) protocol

Web load balancing

• Inbound load balancing for all traffic including Web traffic (HTTP)
• Round-robin algorithm
• Support for “sticky' sessions

Edge flow statistics

• Metering of virtual datacenter resource utilisation, with attribution back to the tenant
• Statistics accessible through REST APIs and leveraged in service provider chargeback applications

Policy management

• Full-featured management through vShield Manager; many features also accessible through vCenter Server interface
• Customisable interface for management using REST APIs
• Support for integration with enterprise IT security management tools

Logging and auditing

• Based on industry-standard syslog format
• Accessible through REST APIs and vShield Manager user interface
• Administrator-defined logging on and off for key edge security events (errors, warnings, etc.): Firewall: at rule level, NAT: at rule level, VPN: site-to-site, connection name, Web load balancer: at pool level, specific Web requests including URL or folder, DHCP: at service level, bindings (release and renewals).

For Applications and Data - vShield App

Sensitive data discovery - VMware vShield App with Data Security only

• Policy management console lets administrators select regulations to be used in compliance scans
• More than 80 templates of regulations, such as PII (Personally Identifiable Information), PCI-DSS (PCI-Data Security Standard) cardholder data, PHI (Protected Health Information), and others from around the world (North America, EMEA, Asia Pacific)
• Output report identifies which scanned resources contain data that violates selected compliance regulations
• Functionality can be programmed using REST APIs or the operator console
• Infected virtual machines are quarantined and remediated through VMware vCenter Configuration Manager

Firewalls

• Hypervisor-level firewall provides inbound and outbound connection control enforced at the virtual NIC level through hypervisor inspection, supporting multi-homed virtual machines
• Layer 2 firewall (also known as a transparent firewall) protects against multiple types of attacks, such as password sniffing, DHCP snooping, Address Resolution Protocol (ARP) spoofing or poisoning attacks. It also provides complete isolation of Simple Network Management Protocol (SNMP) traffic
• Protection can be enforced according to network, application port, protocol type (TCP, UDP) or application type
• Dynamic protection of virtual machines as they migrate
• IP-based, stateful firewall and application layer gateway supports a broad range of protocols including Oracle, Sun Remote Procedure Call (RPC), Microsoft RPC, Lightweight Directory Access Protocol (LDAP) and SMTP, improving security by opening sessions (ports) only as needed. For a complete list of supported protocols, see the VMware vShield Administration Guide.

Flow monitoring

• Administrators can observe network activity between virtual machines to help define and refine firewall policies, identify botnets and secure business processes through detailed reporting of application traffic (application, sessions and bytes)

Security groups

• Administrators can define business-relevant groupings of any virtual machines by their virtual NICs

Policy management

• vShield Manager provides control over product features, many of which are also accessible through the vCenter Server interface
• Policy enforcement of security groups, vCenter Server groupings and TCP-5 tuple (source IP, destination IP, source port, destination port and protocol)
• REST APIs provide a programmable interface for management and policy enforcement
• Support for integration with enterprise security management tools

IP addressing

• Flexible IP addressing, including the ability to use the same IP address in multiple tenant zones to simplify provisioning

Logging and auditing

• Logging is based on industry-standard syslog format
• REST APIs and vShield Manager provide access to logging and auditing tools
• Administrator defines logging on and off for firewalls at rule level

For Endpoint - vShield Endpoint

Antivirus and anti-malware offloading

• Offloads virus scanning activities via the vShield Bundle ESX module to a secure virtual appliance where the virus scanning engine, as well as the stored antivirus signatures are located
• File, memory and process scanning, as well as other tasks, are offloaded from virtual machines to a secure virtual appliance via a thin client agent and partner ESX module
• Endpoint Security (EPsec) manages communication between virtual machines and the secure virtual appliance using introspection at the hypervisor layer
• Antivirus engine and signature files are updated only within the secure virtual appliance, but policies (administrator-defined collections of regulations) can be applied across all virtual machines on a vSphere host.

Trigger remediation by secure virtual appliance

• Retains partner’s antivirus engine policies to dictate whether a malicious file should be deleted, quarantined or otherwise handled
• Thin agent used for file remediation activity within the virtual machine

Partner integrations

• Integration with secure virtual appliance solutions from VMware partners is facilitated through the vShield Bundle EPsec API for introspection into file activity via the hypervisor layer

vShield manager, policy management and automation

• Provides full-featured configuration of endpoint deployment
• REST APIs allow customised and automated integration of endpoint capabilities into solutions - monitoring reports provided and vShield Manager can be leveraged as a vCenter plugin

Logging and auditing

• Event logging is based on industry-standard syslog standard.