P R O D U C T D A T A S H E E T / 1
D A T A S H E E T
AT A G L ANCE
VMware vShield App, part of the VMware vShield
family of virtualization security products, protects
applications in the virtual datacenter from network-
based threats. vShield App gives organizations deep
visibility into network communications between
virtual machines and enables granular policy
enforcement with security groups. The solution
also eliminates the hardware and policy sprawl
associated through traditional measures, resulting
in a cost-effective solution that helps customers to
go beyond the limitations of physical security.
KE y B EN EFITS
• Increase visibility and control over network
communications between virtual machines.
• Eliminate the need for dedicated hardware
and VLANs to separate security groups from
one another.
• Optimize hardware resource utilization while
maintaining strong security.
• Simplify compliance with comprehensive logging
of all virtual machine network activity.
VMware vShield App
Protect Applications from Network-based Attacks
What Is VMware
vShield App?
VMware vShield App is a hypervisor-based application-aware
firewall solution for virtual datacenters. vShield App plugs
directly into VMware vSphere™ to protect against internal
network-based threats and reduce the risk of policy violations
within the corporate security perimeter using application-aware
firewalling with deep packet inspection and connection control
based on source and destination IP addresses.
vShield helps to simplify policy control by enabling the rapid
creation of business-relevant security groups and includes flow
monitoring to analyze virtual machine network traffic and
dynamically enforce security group policies. Administrators
can centrally manage vShield App through the included vShield
Manager console, which integrates seamlessly with VMware
vCenter™ Server to facilitate unified security management for
virtual datacenters.
How Does VMware vShield
App Work?
vShield App installs on each vSphere host, controlling and
monitoring all network traffic on the host, even for packets that
never cross a physical network interface card (NIC). vShield App
can create and enforce policies based on administrator-defined,
business-relevant security groups instead of physical boundaries
or static assumptions about application deployments.
vShield App provides a centralized interface that leverages
vCenter Server to consistently apply these policies across
multiple vSphere hosts in the virtual datacenter.
How Is VMware vShield
App Used?
•
Eliminate blind spots
– vShield App helps administrators
define and enforce granular policies for all traffic that crosses a
virtual NIC, increasing visibility over internal virtual datacenter
traffic while helping to eliminate detours to physical firewalls.
•
Maintain change-aware protection
– vShield App helps to
ensure that network topology changes do not impact
application security with continuous firewall protection for
virtual machines as they migrate from host to host.
VMware vShield App enables granular policy enforcement using security groups.
