VMware, Inc.
3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com
Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed
at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be
trademarks of their respective companies. Item No: VMW_10Q3_DS_PROD_VSHIELD_EDGE_USLET_EN_R6
VMware vShield Edge
Web Load Balancing
• Inbound load balancing for all traffic including Web traffic
(HTTP, HTTPS)
• Round-robin algorithm
• Support for “sticky” sessions
Port Group Isolation
• Enforced at hypervisor layer to restrict traffic within a virtual
datacenter to specified port groups
• Same effect as VLANs in virtual or physical switch environments
Edge Flow Statistics
• Virtual datacenter resource utilization metered and attributed
back to tenant
• Statistics accessible through REST APIs and leveraged in
service provider chargeback applications
Policy Management
• Full-featured management through vShield Manager; many
features also accessible through vCenter Server interface
• Customizable interface for management using REST APIs
• Support for integration with enterprise IT security
management tools
Logging and Auditing
• Based on industry standard syslog format
• Accessible through REST APIs and vShield Manager UI
• Administrator-defined logging on/off for key edge security
events (errors, warnings, etc.):
– Firewall: at rule level
– NAT: at rule level
– VPN: site-to-site connection name
– Web load balancer: At pool level, specific Web requests
including URL/folder
– DHCP: At service level, bindings (release/renewals)
Find Out More
For information or to purchase VMware products,
call 877-4-VMWARE (outside of North America dial
650-427-5000), visit
www.vmware.com/products
,
or search online for an authorized reseller. For detailed
product specifications and systems requirements, refer
to the VMware vShield Edge Administration Guide
•
Rapidly and securely provision virtual datacenter perimeters
–
vShield Edge allows organizations to easily create secure,
logical, hardware-independent perimeters (“edges”) around
virtual datacenter environments, making it easier to leverage
shared network resources in multi-tenant IT infrastructures.
•
Protect data confidentiality over shared networks
– vShield
Edge provides site-to-site VPN with 256-bit encryption to
protect the confidentiality of all data transmitted across
virtual datacenter perimeters.
•
Ensure performance and availability of Web services
–
vShield Edge efficiently manages inbound Web traffic across
virtual machine clusters and includes Web load balancing
capabilities that customers can deploy in conjunction with
port group isolation and edge security, or on its own.
•
Facilitate compliance management
– vShield Edge provides
the necessary controls such as detailed event logging and flow
statistics that enterprises need to demonstrate compliance with
corporate policies, along with industry and government regulations.
Key Features
Stateful Inspection Firewall
Inbound and outbound connection control with rules based on
the following parameters:
•
IP address
– source/destination IP address
•
Ports
– source/destination port
•
Protocol
– type (TCP or UDP)
Network Address Translation
• IP address translation to/from the virtualized environment
• Masquerading of virtual datacenter IP addresses to
untrusted locations
Dynamic Host Configuration Protocol
• Automatic IP address provisioning to virtual machines in
vSphere environments
• Administrator-defined parameters (e.g., address pools,
lease times, dedicated IP addresses, etc.)
Site-to-Site VPN
• Secure communication between virtual datacenters
(or edge security virtual machines)
• IPsec VPN, based on the Internet Key Exchange (IKE) protocol