2
vGW delivers total virtual data center protection and cloud
security through visibility, compliance, and control:
• Visibility
—full view to all applications flowing between VMs
and how they are used. Complete VM and VM group inventory,
including virtual network settings. Deep knowledge of VM state,
including installed applications, operating systems, and patch
level, through VMI.
• Compliance
—enforcement of corporate and regulatory policies
for the presence of required or banned applications via VMI.
Some practical applications of compliance enforcement such
as assurance of segregation of duties to ensure that VMs are
assigned to the right trust zones inside the virtual environment.
Pre-built compliance assessment based on common industry
best practices and leading regulatory standards.
• Control
—a VMsafe-certified, stateful firewall provides access
control over all traffic via policies that define which ports,
protocols, destination VMs, etc. should be blocked. Further
inspection of allowed traffic can be conducted by protocol or
application in order to identify intrusion attempts, malformed
packets, or the presence of malware.
Figure 1: A dashboard view of virtual network security and
compliance states
Architecture and Key Components
NIC
Intranet Application
NIC
Database
VM
SAP
VM
WWW
VM
WWW
VM
WWW
VM
Virtual
Switch
Virtual
Switch
Virtual Firewall
secure inter-VM communication, stopping infections.
Secure VMotion by “attaching” an enforceable policy to the migrating VM.
Virtual
Firewall
1
1
2
2
NIC
Physical Server #2
Physical Network
Physical Server #1
NIC
Desktop
VM
Desktop
VM
Virtual
Switch
Virtual
Switch
Virtual
Firewall
1
Virtual
Center
WWW
VM
WWW
VM
Live
Migration
Figure 2: The vGW secures highly dynamic VMs through change and motion