Tip

How VMware vShield Zones aids VM security, monitoring

What is vShield Zones?

With VMware's vShield Zones, you can monitor network traffic in a virtualized environment and ensure regulatory compliance by segmenting users and sensitive data on a network.VMware's vShield Zones is VMware's virtualization security offering that is based on technology that VMware bought from Blue Lane Technologies in October 2008.

Just as many companies need to create demilitarized zones (DMZs) for their physical servers, vShield Zones lets them create security zones for virtual servers. An added benefit of vShield Zones is that companies can receive a tremendous amount of network traffic flow-monitoring, analysis, and reporting.

    Requires Free Membership to View

How vShield Zones works
VShield performs Stateful Packet Inspection (SPI) and tracks dynamic connections such as FTP. Better yet, vShield understands your virtual infrastructure and works with vCenter to track traffic between virtual machines and event, VMotion-associated traffic.

VMWARE FEATURES AND PRODUCTS GUIDE:

VMware virtualization products and features overview

VMware vSphere features

VMware ESX features

VMware ESXi features


VMware VMotion and live migration

How Storage VMotion works

Pros and cons of VMware HA

VMware Consolidated Backup: When should you use it?
 

VMware vShield Zones


VMware Fault Tolerance benefits and requirementsUsing

VMware Distributed Power Management

With vShield, you can create various levels of administrative permission and assign that to your hierarchy of network and VMware administrators.

VShield Zones works by having a single virtual machine (VM) act as the vShield management station. vShield monitoring VMs are then deployed to monitor each virtual switch (vSwitch) on each ESX Server. To do so, each vSwitch to be monitored is actually cloned and the vShield monitor is connected between the cloned vSwitch (with the VMs) and the original vSwitch. The data collected is sent back to the vShield management station where it is logged and analyzed. You can create policies on the management station to police your virtual infrastructure network traffic and report on both allowed and denied network traffic.

VMware's vShield Zones is offered in three of the six vSphere Editions: Advanced, Enterprise and Enterprise Plus. Additionally, VMware's vCenter is required. And check out this writeup on vShield Zones on SearchVMware.com.

For more information, read all about DPM at VMware's vShield Zones product page and the vShield Zones 1.0 FAQ.

Return to the guide's main page for more on VMware virtualization products and features .

About the author
David Davis is the director of infrastructure at TrainSignal.com -- the global leader in video training for IT pros. He has several certifications including vExpert, VMware Certified Profession (or VCP), CISSP, and CCIE #9369. Additionally, Davis has authored hundreds of articles and six video training courses at Train Signal, where one of the most popular course is the VMware vSphere 4 video training course. His website is VMwareVideos.com. You can follow Davis on Twitter or connect with him on LinkedIn.


This was first published in November 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.