Book Image

VMware vCloud Security

Book Image

VMware vCloud Security

Overview of this book

Security is a major concern, in particular now that everything is moving to the cloud. A private cloud is a cloud computing platform built on your own hardware and software. The alternative is to deploy the services you need on a public cloud infrastructure provided by an external supplier such as Amazon Web Services, Rackspace Cloud, or HP Public Cloud. While a public cloud can afford greater flexibility, a private cloud gives you the advantage of greater control over the entire stack. "VMware vCloud Security" focuses on some critical security risks, such as the application level firewall and firewall zone, virus and malware attacks on cloud virtual machines, and data security compliance on any VMware vCloud-based private cloud. Security administrators sometimes deploy its components incorrectly, or sometimes cannot see the broader picture and where the vCloud security products fit in. This book is focused on solving those problems using VMware vCloud and the vCloud Networking and Security product suite, which includes vCloud Networking and Security App, vShield Endpoint, and vCloud Networking and Security Data Security. Ensuring the security and compliance of any applications, especially those that are business critical, is a crucial step in your journey to the cloud. You will be introduced to security roles in VMware vCloud Director, integration of LDAP Servers with vCloud, and security hardening of vCloud Director. We'll then walk through a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. We'll create access control policies based on logical constructs such as VMware vCenter Server containers and VMware vCloud Networking and Security security groups but not just physical constructs, such as IP addresses. You'll learn about the architecture of EPSEC and how to implement it. Finally, we will understand how to define data security policies, run scans, and analyze results.
Table of Contents (13 chapters)
VMware vCloud Security
About the Author
About the Reviewers

EPSEC – key benefits

The vCloud Networking and Security Endpoint product allows you to offload the following security functions from the VM to a dedicated appliance on the host:

  • Protection: Virus definitions can be kept up-to-date easily as they are stored on an always-on appliance. So if an attacker is targeting a particular VM, the virus engine is not compromised.

  • Efficiency: You don't need to install an agent on each guest on the host. An agent is provided with a driver, which is included in VMware Tools. You just need one appliance per host. So you need just one scanning engine and one signature database per host. There is also no antivirus storm.

  • Assurance: As there is no need to install the software, deployed VMs are protected as soon as they are switched on.

  • Centralized management: Using a single management console, vCloud security administrators can manage policies and see if the antivirus is functioning correctly.

In a nutshell, it provides:

  • On-access scans

  • On-demand scans

  • Remediation...