ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

Nakivo Backup and Replication - #1 Backup solution for Virtual, physical, cloud, NAS and SaaS

Securing a virtual DMZ environment using vCloud Networking and Security – Free PDF from VMware

By | Last Updated:

Shares

New technical PDF from VMware which helps with a design of a DMZ by using software protection that comes with VMware vSphere. By using the vCloud Networking and Security (vCNS). The vCNS is a product bundled with VMware vSphere (from Essentials Plus and higher) and vCloud Suite, and it's destined to secure VMware vSphere environments. vCNS has been updated with the release of vSphere 5.1 to be fully compatible with vCD 5.1 as well.

It's almost step-by-step document, but essentially you got the picture on how to design and use the vCNS to built your own DMZ in order to secure your environment.

vCloud Networking and Security

You'll learn how to use the vCloud Networking and security edge firewall, load balancing and VPN in order to secure DMZ application. The Fully Collapsed DMZ design can lower the CAPEX and OPEX.

The design is built on two major security components:

  • VMware vCloud Networking and Security App firewall 
  • VMware vCloud Networking and Security Edge gateway

vCloud Networking Security DMZ Network Design

This guide explains the concepts and the roles of those products in the design. You'll also learn how all this it gets integrated into vCenter and each of the vSphere hosts.

Spoof Guard – you'll learn about this component as well, called Spoof Guard. It's an advanced protection built into the vCNS App Firewall which protects against man-in-the-middle attacks, like ARP cache poisoning.  The admin has a possibility to manually or automatically inspect and reject new MAC/IP pairs.

Wikipedia:

VMware vCloud Networking and SecurityPacket crafting is a technique that allows network administrators or hackers to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic. Testing may target the firewall, IDS, TCP/IP stack, router or any other component of the network. Packets are usually created by using a packet generator or packet analyzer which allows for specific options and flags to be set on the created packets.

You can download the vCloud Networking Security DMZ Design PDF from this VMware Page.

Check out my Free VMware Tools page and Free Technical PDF page to find out about how to tweak vSphere deployments to achieve best performance.

Shares
Vote !

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x16, Veeam Vanguard x9, VCAP-DCA/DCD, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.