VMware vCloud Networking and Security

Feature: Edge (formerly known as vShield Edge)

The Edge Gateway component of vCloud Networking and Security provides an efficient and cost-effective Security service gateway to protect the peripheral network of the virtual data center. Edge virtual devices provide firewall and integrated gateway services for virtual data centers, such as NAT, Server Load balancer, VPN, and DHCP, and are fully integrated with VMware vCenter Server and VMware vCloud ctor.

• You no longer need dedicated hardware that integrates firewalls, Server Load balancer, VPN, and DHCP.
• By creating logical security boundaries that provide isolation for virtual data centers, you can support multi-tenant environments and securely share network resources.
• Use the load balancing function to efficiently manage inbound Web traffic across VM clusters to ensure the performance and availability of Web Services.
• Enhance understanding and control of network edge location security.

App (formerly called vShield App)

Use a virtual NIC-level firewall to segment and isolate key applications in a virtual data center. This allows you to create an elastic logical trust area to protect you from network threats. With the help of security groups, you can gain an in-depth understanding of network communication content and enforce refined policies.

• When migrating virtual machines between hosts, use the application-level firewall to maintain isolation and Segmentation
• Eliminate blind spots, and customers can learn more through detailed traffic statistics and reports.
• Record firewall activities and manage changes to accelerate and improve audits and improve compliance

VCloud network connection and Security Technology

Integrated with a variety of technologies, such as peripheral protection, Port-level firewalls, and NAT and DHCP services, they can provide security protection that supports virtualization and simplify application deployment, and enforce the boundaries required by compliance standards. After you upgrade to a comprehensive vCloud network connection and security product, you will be able to add a variety of advanced services, such as VXLAN, VPN, firewall high availability, network isolation and Web load balancing.

VXLAN

VXLAN is the basis for creating an elastic and movable virtual data center. VXLAN technology can be used to pool computing resources across discontinuous clusters or units, and then divide the resource pool into logical networks connected to applications. Different from VLAN, VXLAN virtual networks can be expanded across virtual resource pools and physical boundaries. Therefore, VXLAN is more efficient, scalable, elastic, and manageable.

VXLAN is used to create a 2nd-layer Logical Network and encapsulate it in standard 3rd-layer IP packets. Without any VLAN tags, The VXLAN logical network can be distinguished by the "segment ID" in each framework. In this way, a large number of isolated 2nd-layer VXLAN networks can coexist in the general 3rd-layer infrastructure, and are completely isolated from each other and from the underlying network.

• Optimize computing resource utilization of data centers by supporting "scaling clusters" across physical boundaries
• Optimizing Network operations by running VXLAN on a standard 3rd-layer IP network, removing the need to build and manage a 2nd-layer basic transport layer
• Run VXLAN on the Standard switch hardware. No software upgrade or special code version is required on the switch.

Data Security (formerly known as vShield Data Security)

Data Security can scan sensitive Data (such as credit card information) in virtual workloads and report violations (such as PCI-DSS, this allows IT organizations to quickly learn about compliance with global regulations.

• Determine Sensitive Business Information
• Predefined templates for specific regulations in various countries/regions and industries can quickly identify and report sensitive data leaks.
• Improves performance by detaching the data discovery feature to a virtual device

VCloud Ecosystem Framework

VCloud Ecosystem Framework provides customers with assurance that they can fully utilize their existing security control mechanisms in the virtual and cloud computing infrastructure. Partners can use this framework for integration at multiple levels:

• Virtual NIC (vNIC)
• Virtual Network edge
• Policy Management Panel

Management and Reporting

With VMware vCenter Server™Seamlessly integrated with vCloud ctor, vCNS provides a central control point for deployment, management, reporting, recording, and integration of 3rd-party security and gateway services. In addition, Role-Based Access Control separates duties from compliance.

Comparison of vCloud Networking and Security features (subject can be modified as needed)

"" Indicates all supported; "-" indicates not supported

Product	Standard Edition	Advanced Edition
Firewall
Virtual Private Network (VPN)
VXLAN
VCloud Ecosystem Framework
Network Address Translation
Dynamic Host Control Protocol
High Availability (HA)
Load Balancing
Data Security
Endpoint	Bundled in vSphere 5.1 *