© 2011 vmware inc. all rights reserved confidential vmware direction jonathan gohstand, director,...
TRANSCRIPT
© 2011 VMware Inc. All rights reserved
Confidential
VMware Direction
Jonathan Gohstand, Director, Security & Networking Product Marketing
2 Confidential
Agenda VMware Security Strategy Overview and Opportunity
Technical Integration Points
Channel Training Program Status
Technical Partner Program Status
3 Confidential
What’s the Current Situation?
IT plowed ahead with virtualization; security took a back seat
Bolt-on security is the typical situation (agents; DC perimeter security, VLAN-based network appliances)
• The uneasy truce sets in…
Private and public clouds create new issues
• Self service paradigm and speed
• Loss of data control
• Difficulty in implementing decent compliance controls (e.g. agents)
4 Confidential
Today: Network & Security: Virtualize the Infrastructure
vSphere
Network Virtualization
Security Virtualization
VDSDatacenter Fabric Virtualization
VXLANExtensible, isolated VLANs
vShieldEdge: Secure VDC Access
App: VM Isolation
Endpoint: VM Protection
PartnersInsert partner appliances
At host, network, edge
5 Confidential
Integration Points for Security and Networking
Management and Context
Virtual DC 3Virtual DC 2Virtual DC 1
Intra-Guest VM
Access into the workloads. Eliminate agents
Virtual NIC
Access to network data into/out of the guest. Network Visibility
Virtual DC Edge
Access to network data into/out of the Virtual Datacenter. Edge Services
6 Confidential
Future: Move Towards Software-Defined Networks & Services
vSphereNetwork VirtualizationSecurity Virtualization
vSphere
Cloud Infrastructure SuiteNetworking & Security
Net
wor
k S
ervi
ces
Edg
e S
ervi
ces
Net
sec
Ser
vice
s
EP
Sec
Ser
vice
s
Par
tner
Ser
vice
s
VMware Cloud Infrastructure Suite- Abstracts virtualized
networking and security from VMware & partners
- Delivers programmable provider & tenant services
- Enables “better than physical” services via greater context information (moving away from bolt-on services)
Business Drivers• Flexibility & faster
provisioning of workloads• Lower operational costs
7 Confidential
This Could be the Interesting Bit…
Areas where VMware can contribute
• Resource efficiency (e.g. file scanning; mixed trust levels in a cluster)
• “Better” security/compliance
• Lower cost operations
Examples
• Enable migration of isolation very close to the workloads
• Context: What apps/DBs are being created; Who’s accessing what
• Drive whitelisting approach
• Infrastructure: Encryption services; file hashing services
8 Confidential
Where’s the Bun?...and What’s That Meat?
Go To Market: Channel and Technical Partners
VMware Capabilities
Technical Integration Partners
9 Confidential
Channel Partner Training Program – Under Development
Remove security and compliance as an inhibitor to virtualization adoption
• Provide an education program for channel partners so that they start to help customers move to virtual in a secure, compliant manner
• Educate partners on security and compliance in a virtual environment and how VMware addresses these requirements
• Focus on key VMware solutions (e.g. business critical apps, VDI)
Target Partners
• Focused security resellers: enable them to maintain trusted advisor status as their customers move from physical to virtual environment. Optionally how to install and operate VMware products (if they decide to offer services)
• VMware partners: Help them understand possible security roadblocks to their key sales motions and how to deal with them. Optionally how to install and operate VMware products (if they decide to tackle security themselves)
• Systems Integrators: enable them to include vShield as part of their config/operate services
10 Confidential
Competency Course Structure – Draft Curiculum
Pre-SalesVirtualization Security Overview:
Principles and Issues
Compliance in virtual datacenter
VMware vSphere Hardening
VMware Security and Compliance offerings
Protecting Business Critical Apps
Securing the Private Cloud
Protecting Virtual Desktops
Optional: Product Deep Dive for vShield, VCM and Horizon
Ecosystem Enablement and APIs
Configure and Operate
Post-Sales (Optional)Getting Started
vShield Edge
vShield App
VCM
Horizon
Securing Virtual Desktops
Securing vSphere/vCenter
11 Confidential
Technical Partnerships...So Whatever Happened to VMsafe?
VMsafe was suspended some time ago
As new APIs are being developed, a small number of “design partners” have been involved
What’s needed is a formal, scalable program for technical partners, including certification criteria & test cases, bug tracking & resolution, go-to-market support
We’re currently working on securing the necessary resources to make such a program a reality
• Will be part of the “VMware Ready” program
Watch this space….
12 Confidential
Summary…A Work in Progress
Significant opportunities
• Lowering overhead costs & automating controls
• Improving responsiveness
• Gaining resource efficiency
Significant Challenges
• New attack/compliance issues created, especially at the platform level
• It’s not a security company
• “We got this far OK…” a.k.a. “Are customers motivated enough?”
• Customer risk/reward imbalance
• Financial justification
Realistically partnerships are the only way forward…