VMware presentation

Report
VMware Direction
Jonathan Gohstand, Director, Security & Networking Product Marketing
Confidential
© 2011 VMware Inc. All rights reserved
Agenda




2
VMware Security Strategy Overview and Opportunity
Technical Integration Points
Channel Training Program Status
Technical Partner Program Status
Confidential
What’s the Current Situation?
 IT plowed ahead with virtualization; security took a back seat
 Bolt-on security is the typical situation (agents; DC perimeter
security, VLAN-based network appliances)
• The uneasy truce sets in…
 Private and public clouds create new issues
• Self service paradigm and speed
• Loss of data control
• Difficulty in implementing decent compliance controls (e.g. agents)
3
Confidential
Today: Network & Security: Virtualize the Infrastructure
Partners
Insert partner appliances
At host, network, edge
vShield
Edge: Secure VDC Access
App: VM Isolation
Endpoint: VM Protection
VXLAN
Extensible, isolated VLANs
VDS
Datacenter Fabric Virtualization
4
Confidential
Integration Points for Security and Networking
Intra-Guest VM
Access into the
workloads.
Eliminate agents
Virtual DC 1
Virtual NIC
Access to network
data into/out of the
guest.
Network Visibility
Virtual DC 2
Virtual DC Edge
Access to network
data into/out of the
Virtual Datacenter.
Edge Services
Virtual DC 3
Management and Context
5
Confidential
Future: Move Towards Software-Defined Networks & Services
Business Drivers
• Flexibility & faster
provisioning of workloads
• Lower operational costs
VMware Cloud
Infrastructure Suite
- Abstracts virtualized
networking and security
from VMware & partners
6
Confidential
Partner Services
EPSec Services
Netsec Services
Edge Services
- Enables “better than
physical” services via
greater context information
(moving away from bolt-on
services)
Network Services
- Delivers programmable
provider & tenant services
This Could be the Interesting Bit…
 Areas where VMware can contribute
• Resource efficiency (e.g. file scanning; mixed trust levels in a cluster)
• “Better” security/compliance
• Lower cost operations
 Examples
• Enable migration of isolation very close to the workloads
• Context: What apps/DBs are being created; Who’s accessing what
• Drive whitelisting approach
• Infrastructure: Encryption services; file hashing services
7
Confidential
Where’s the Bun?...and What’s That Meat?
Go To Market: Channel
and Technical Partners
VMware Capabilities
Technical Integration
Partners
8
Confidential
Channel Partner Training Program – Under Development
 Remove security and compliance as an inhibitor to virtualization
adoption
• Provide an education program for channel partners so that they start to help
customers move to virtual in a secure, compliant manner
• Educate partners on security and compliance in a virtual environment and how
VMware addresses these requirements
• Focus on key VMware solutions (e.g. business critical apps, VDI)
 Target Partners
• Focused security resellers: enable them to maintain trusted advisor status as
their customers move from physical to virtual environment. Optionally how to
install and operate VMware products (if they decide to offer services)
• VMware partners: Help them understand possible security roadblocks to their
key sales motions and how to deal with them. Optionally how to install and
operate VMware products (if they decide to tackle security themselves)
• Systems Integrators: enable them to include vShield as part of their
config/operate services
9
Confidential
Competency Course Structure – Draft Curiculum
Pre-Sales
Post-Sales (Optional)
Virtualization Security Overview:
Principles and Issues
Getting Started
Compliance in virtual datacenter
Configure and Operate
VMware vSphere Hardening
vShield Edge
VMware Security and Compliance
offerings
vShield App
Protecting Business Critical Apps
VCM
Securing the Private Cloud
Horizon
Protecting Virtual Desktops
Securing Virtual Desktops
Optional: Product Deep Dive for
vShield, VCM and Horizon
Securing vSphere/vCenter
Ecosystem Enablement and APIs
10
Confidential
Technical Partnerships...
So Whatever Happened to VMsafe?
 VMsafe was suspended some time ago
 As new APIs are being developed, a small number of “design
partners” have been involved
 What’s needed is a formal, scalable program for technical partners,
including certification criteria & test cases, bug tracking &
resolution, go-to-market support
 We’re currently working on securing the necessary resources to
make such a program a reality
• Will be part of the “VMware Ready” program
 Watch this space….
11
Confidential
Summary…A Work in Progress
 Significant opportunities
• Lowering overhead costs & automating controls
• Improving responsiveness
• Gaining resource efficiency
 Significant Challenges
• New attack/compliance issues created, especially at the platform level
• It’s not a security company
• “We got this far OK…” a.k.a. “Are customers motivated enough?”
• Customer risk/reward imbalance
• Financial justification
 Realistically partnerships are the only way forward…
12
Confidential

similar documents