VMWorld: Security Now Embedded In VMware's Cloud


Security and cloud architecture don't have to be mutually exclusive. And executives say that's certainly not the case in VMware's vCloud service.

That was the primary point that Vishal Kumar, senior product manager for VMware, emphasized in his VMworld presentation, "Securing Your Cloud," in which he strongly promoted the security features embedded in vCloud, VMware's cloud computing service.

Incorporated into the fabric of vCloud is a comprehensive security suite, VMware VShield family of products, consisting of endpoint, application and edge network security features that all "work in concert with each other," Kumar said.

Similar to any physical security suite, vShield's security features include authentication and authorization, as well as an access control function, all of which come with built-in user roles that ship with the product. They also have the capability for system administrators and organization administrators to create their own custom roles.

Organization administrators can allocate rights and access to different parts of their organization, such as policies for e-mails.

The custom role feature gives organizational administrators the ability to specifically tailor rules to an individual and define around 50 different rights within that role, as well as determine other requirements such as password complexity rules, Kumar said.

In addition to the authentication piece is a networking security component, known as vShield Edge, a hypervisor-based, application-aware firewall that features IPSEC VPN, DHCP, NAT, and packet inspection. Among other things, the Edge component allows administrators to perform network address translation, limit and control IP addresses and set up NAC rules.

"There are a lot of different advantages," Kumar said. "It's taking what is essentially a service, and turning it into a virtualized service. We make it very easy to provision services on the fly, all from single pane of glass."

Kumar also touted vCloud's Defense in Depth capabilities, which, among other things, define how heavy operations can be controlled, such as specifying how many heavy operations can occur within the organization.

The Defense in Depth feature also ensures that internal communications are encrypted and secured and prevents malicious content from entering the cloud.

"You can have scripts embedded outside the boundary. This can cause disruption on the backend," he said.

Kumar also mentioned that vShield gives users the ability to access detailed logs for auditing reporting as well the ability to create a multi-tenancy cloud.

Ultimately, Kumar said that VMware wanted to compel more end users to make the transition to the cloud. And the ability to secure their cloud data seemed to be a good way to spur them along.

"We want to get IT out of the business of running large complicated data centers," he said. "We want to do this in a way where the end user feels like they have control over their infrastructure."