Securing your virtual environment can at times be a very complex process.This is especially true with cloud environments or multiple tenant environments. Also, there is a good chance that there will be some security concerns about high consolidation rates. There are several good 3rd party options from the primary security vendors (Symantec,McAfee, Sophos, etc…) as well as some up and coming startups (Catbird). As well, VMware offers a suite of products, vShield Family, to help manage your virtual environment. This suite includes the following:
- vShield App: Applications protections against network-based threats. Basically this monitors all traffic between your vm’s will applying a policy that limits what can be transferred based on policy’s. Think established DMZ not talking to Medical records.
- vShield Edge: Perimeter based network security. Firewall, Network Address Translation (NAT), Dynamic Host Configuration Protocol (DHCP), Site-to-Site VPN, Web Load Balancing, Port Group Isolation, Policy Management, Logging, and Auditing. Could replace hardware applainces such as f5.
- vShield Endpoint: Offloading of AV processing. Can only be used with vSphere 4.1.
- vShield Zones: Hypervisor-Level Firewall protection between virtual machines.
- vShield Manager: Management Interface for all of the vShield suite and 3rd party security services.
vShield App and vShield Edge are both $4,688.00 MSRP for a 25 Virtual machine pack with 1 year of support. While vSphere Endpoint is $1563.00 for a 25 virtual machine back.