With VMware's vShield Zones, you can monitor network traffic in a virtualized environment and ensure regulatory compliance by segmenting users and sensitive data on a network.VMware's vShield Zones is VMware's virtualization security offering that is based on technology that VMware bought from Blue Lane Technologies in October 2008.
Just as many companies need to create demilitarized zones (DMZs) for their physical servers, vShield Zones lets them create security zones for virtual servers. An added benefit of vShield Zones is that companies can receive a tremendous amount of network traffic flow-monitoring, analysis, and reporting.
VShield performs Stateful Packet Inspection (SPI) and tracks dynamic connections such as FTP. Better yet, vShield understands your virtual infrastructure and works with vCenter to track traffic between virtual machines and event, VMotion-associated traffic.
With vShield, you can create various levels of administrative permission and assign that to your hierarchy of network and VMware administrators.
VShield Zones works by having a single virtual machine (VM) act as the vShield management station. vShield monitoring VMs are then deployed to monitor each virtual switch (vSwitch) on each ESX Server. To do so, each vSwitch to be monitored is actually cloned and the vShield monitor is connected between the cloned vSwitch (with the VMs) and the original vSwitch. The data collected is sent back to the vShield management station where it is logged and analyzed. You can create policies on the management station to police your virtual infrastructure network traffic and report on both allowed and denied network traffic.
VMware's vShield Zones is offered in three of the six vSphere Editions: Advanced, Enterprise and Enterprise Plus. Additionally, VMware's vCenter is required. And check out this writeup on vShield Zones on SearchVMware.com.
Return to the guide's main page for more on VMware virtualization products and features .About the author
David Davis is the director of infrastructure at TrainSignal.com -- the global leader in video training for IT pros. He has several certifications including vExpert, VMware Certified Profession (or VCP), CISSP, and CCIE #9369. Additionally, Davis has authored hundreds of articles and six video training courses at Train Signal, where one of the most popular course is the VMware vSphere 4 video training course. His website is VMwareVideos.com. You can follow Davis on Twitter or connect with him on LinkedIn.
This was first published in November 2009