© 2011 VMware Inc. All rights reserved

Confidential

VMware Direction

Jonathan Gohstand, Director, Security & Networking Product Marketing

2 Confidential

Agenda VMware Security Strategy Overview and Opportunity

Technical Integration Points

Channel Training Program Status

Technical Partner Program Status

3 Confidential

What’s the Current Situation?

IT plowed ahead with virtualization; security took a back seat

Bolt-on security is the typical situation (agents; DC perimeter security, VLAN-based network appliances)

• The uneasy truce sets in…

Private and public clouds create new issues

• Self service paradigm and speed

• Loss of data control

• Difficulty in implementing decent compliance controls (e.g. agents)

4 Confidential

Today: Network & Security: Virtualize the Infrastructure

vSphere

Network Virtualization

Security Virtualization

VDSDatacenter Fabric Virtualization

VXLANExtensible, isolated VLANs

vShieldEdge: Secure VDC Access

App: VM Isolation

Endpoint: VM Protection

PartnersInsert partner appliances

At host, network, edge

5 Confidential

Integration Points for Security and Networking

Management and Context

Virtual DC 3Virtual DC 2Virtual DC 1

Intra-Guest VM

Access into the workloads. Eliminate agents

Virtual NIC

Access to network data into/out of the guest. Network Visibility

Virtual DC Edge

Access to network data into/out of the Virtual Datacenter. Edge Services

6 Confidential

Future: Move Towards Software-Defined Networks & Services

vSphereNetwork VirtualizationSecurity Virtualization

vSphere

Cloud Infrastructure SuiteNetworking & Security

Net

wor

k S

ervi

ces

Edg

e S

ervi

ces

Net

sec

Ser

vice

s

EP

Sec

Ser

vice

s

Par

tner

Ser

vice

s

VMware Cloud Infrastructure Suite- Abstracts virtualized

networking and security from VMware & partners

- Delivers programmable provider & tenant services

- Enables “better than physical” services via greater context information (moving away from bolt-on services)

Business Drivers• Flexibility & faster

provisioning of workloads• Lower operational costs

7 Confidential

This Could be the Interesting Bit…

Areas where VMware can contribute

• Resource efficiency (e.g. file scanning; mixed trust levels in a cluster)

• “Better” security/compliance

• Lower cost operations

Examples

• Enable migration of isolation very close to the workloads

• Context: What apps/DBs are being created; Who’s accessing what

• Drive whitelisting approach

• Infrastructure: Encryption services; file hashing services

8 Confidential

Where’s the Bun?...and What’s That Meat?

Go To Market: Channel and Technical Partners

VMware Capabilities

Technical Integration Partners

9 Confidential

Channel Partner Training Program – Under Development

Remove security and compliance as an inhibitor to virtualization adoption

• Provide an education program for channel partners so that they start to help customers move to virtual in a secure, compliant manner

• Educate partners on security and compliance in a virtual environment and how VMware addresses these requirements

• Focus on key VMware solutions (e.g. business critical apps, VDI)

Target Partners

• Focused security resellers: enable them to maintain trusted advisor status as their customers move from physical to virtual environment. Optionally how to install and operate VMware products (if they decide to offer services)

• VMware partners: Help them understand possible security roadblocks to their key sales motions and how to deal with them. Optionally how to install and operate VMware products (if they decide to tackle security themselves)

• Systems Integrators: enable them to include vShield as part of their config/operate services

10 Confidential

Competency Course Structure – Draft Curiculum

Pre-SalesVirtualization Security Overview:

Principles and Issues

Compliance in virtual datacenter

VMware vSphere Hardening

VMware Security and Compliance offerings

Protecting Business Critical Apps

Securing the Private Cloud

Protecting Virtual Desktops

Optional: Product Deep Dive for vShield, VCM and Horizon

Ecosystem Enablement and APIs

Configure and Operate

Post-Sales (Optional)Getting Started

vShield Edge

vShield App

VCM

Horizon

Securing Virtual Desktops

Securing vSphere/vCenter

11 Confidential

Technical Partnerships...So Whatever Happened to VMsafe?

VMsafe was suspended some time ago

As new APIs are being developed, a small number of “design partners” have been involved

What’s needed is a formal, scalable program for technical partners, including certification criteria & test cases, bug tracking & resolution, go-to-market support

We’re currently working on securing the necessary resources to make such a program a reality

• Will be part of the “VMware Ready” program

Watch this space….

12 Confidential

Summary…A Work in Progress

Significant opportunities

• Lowering overhead costs & automating controls

• Improving responsiveness

• Gaining resource efficiency

Significant Challenges

• New attack/compliance issues created, especially at the platform level

• It’s not a security company

• “We got this far OK…” a.k.a. “Are customers motivated enough?”

• Customer risk/reward imbalance

• Financial justification

Realistically partnerships are the only way forward…