Release: VMware vShield Edge 1.0

Posted by virtualization.info Staff   |   Tuesday, September 7th, 2010   |  

During the recently ended VMworld conference (see virtualization.info live coverage), VMware announced a remarkable number of new products. One of them is vShield Edge 1.0.

VMware acquired the vShield security technology from Blue Lane Technologies in October 2008. The only product offered so far has been Zones, a virtual firewall that uses stateful inspection and application layer gateway approaches to monitor and filter virtual network traffic between multiple virtual machines deployed on the same virtualization host.
vShield Zones didn’t mature much in almost two years, and VMware is offering it for free as part of vSphere Advanced, Enterprise and Enterprise Plus editions.

A major limitation of Zones is the inability to filter traffic entering and leaving the virtual network, which is a critical need in multi-tenant cloud computing environments like the ones created by the new vCloud Director.
VMware overcame this limitation by releasing extending the vShield product family with this new solution called Edge.

Zones and Edge share the same firewall engine, but while the former is attached to a specifc virtualization host, the latter is attached to a specific portgroup.
In this role, the engine has been enriched by a few key new capabilities:

  • Site-to-Site VPN (IPSec only)
  • NAT and DHCP services
  • Web load balancing (HTTP/S, with Round-Robin algorithm and sticky sessions)
  • Logging on local or remote Syslog facilities (Firewall and NAT rules, VPN connections, load balancing sessions, DHCP bindings)
  • API

Because of its key importance in the VMware vCloud infrastructure, vShield Edge also allows to meter network utilization and account it to specific tenants when it’s integrated with vCloud Director.

VMware_vShieldEdge10_GUI.png

The VPN component has some limitations: it only supports pre-shared key mode, AES or 3DES encryption, IP unicast traffic, and no dynamic routing protocol between the vShield Edge and remote VPN routers.
Also, there’s no mention about IPv6. Hopefully the product supports this kind of traffic.

The way it’s deployed implies that vShield Edge can isolate different portgroups in a way that reminds the VLANs on physical network switches.
Anyway, to have this feature, customers need to deploy a specific Loadable Kernel Module (LKM) on each virtualization host they want to control. The enforcement of other features don’t have this requirement.

VMware_vShieldEdge10_Architecture.png

To control Edge, Zones, and the other new security products announced at VMworld, VMware is using an additional component called vShield Manager. This is a centralized policy management console that doesn’t require any specific license.  
vShield Manager can be accessed through a web interface or the VMware SDK as it offers a specific API.
Such API allows advanced manipulation of all information produced by the other vShield products, like rules and the logs.

vShield Edge 1.0 pricing starts at $4,538, which includes protection for 25 virtual machines and 1 year basic support (12×5), which is not exactly an affordable solution for SMBs.



blog comments powered by Disqus


virtualization.info Newest articles
Brian Gammage puts some order in VMware’s strategy

May 24th, 2012

Today Milan hosted the VMware Forum 2012, during the opening keynote Brian Gammage, VMware’s Chief Market Technologist, tried to collect all the news and declarations we heard in the last…

VMware acquires Wanova

May 23rd, 2012

Yesterday VMware announced the acquisition of Wanova Inc. a company whose main product is called Mirage.
Mirage is a centralized management and recovery solution for physical desktop images over the…

Paper: VMware vSphere Metro Storage Cluster Case Study

May 23rd, 2012

Yesterday VMware published a paper focused on VMware vMSC (vSphere Metro Storage Cluster), a new configuration within the VMware Hardware Compatibility List intended for environments where disaster/downtime avoidance is a…

EMC acquires Syncplicity

May 22nd, 2012

Yesterday, during its annual conference in Las Vegas, EMC announced the acquisition of Syncplicity, a cloud-storage privately held startup founded in 2008 and based in Menlo Park, California.
Terms…

Release: Oracle VM Server for x86 3.1

May 21st, 2012

On May 18th Oracle announced the general availability of version 3.1 of its x86 enterprise virtualization solution VM Server.
This release follows 3.0 announced on August 24th 2011.
All the new…

VMware shows View 5.1 performance improvements

May 21st, 2012

In this post, published on May 18 in VROOM! Blog, the VMware’s Performance Team presented some of the most significant enhancements and optimizations brought to Teradici‘s PCoIP protocol in the…

NVIDIA introduces World’s Firs Virtualized GPU

May 17th, 2012

On May 15th NVIDIA unveiled the NVIDIA® VGX™ platform that will be available later this year through NVIDIA’s hardware OEM and VDI partners.
This new platform promises to deliver…

Microsoft announces Assessment and Planning Toolkit 7.0 Beta Program

May 17th, 2012

Microsoft announced this week the new Beta version of its capacity planning tool Microsoft Assessment and Planning (MAP) 7.0 Beta.
The Beta program opened on May 15th and the review…

VMware announces vFabric Suite 5.1

May 15th, 2012

Today VMware announced VMware vFabric Suite 5.1, expected to be generally available in Q2 2012.
vFabric Suite 5.1 includes vFabric Application Director, to automate the deployment and management of vFabric…

VMware CTO talks about R&D plans for the future

May 15th, 2012

On April 4 Stephen Herrod, VMware’s CTO, has attended, as guest speaker, at a VMUG meeting in Italy.
One of the key point of the speech, documented in one hour-long…

Citrix Hosted Server VDI Tech Preview

May 14th, 2012

Last week Citrix announced a new tech preview for Hosted Server VDI technology that allows cloud providers to leverage Microsoft SPLA to host VDI-style desktops obtaining a pay-as-you-go monthly subscription licensing…

Release: Atlantis ILIO Diskless VDI 3.2

May 11th, 2012

On May 7 Atlantis Computing announced the general availability of its Atlantis ILIO Diskless VDI 3.2, this product, tailored in particular for VMware View 5.1, enables virtual desktops deployment…

Citrix unveils Project Aruba

May 11th, 2012

On May 7 Citrix announced a technology preview of Project Aruba that extends Citrix VDI all-in-one proposal for the SMB market, VDI-in-a-Box, with personal vDisk technology.
VDI-in-a-Box, inherited from Kaviza…

Cloud Sidekick announced Early Access release of Cato EE

May 10th, 2012

On May 7 Cloud Sidekick announced the Early Access Program release of Cato Enterprise Edition (EE) which extends the Community Edition (CE) with Storm Deployment Automation and support for…

 
Monthly Archive