Securing Hybrid Clouds with VMware vshield Edge VPNs. A Guide for Providers of vcloud Powered Services
|
|
- Marshall Lynch
- 7 years ago
- Views:
Transcription
1 Securing Hybrid Clouds with VMware vshield Edge VPNs A Guide for Providers of vcloud Powered Services Technical WHITE PAPER
2 Securing Hybrid Clouds with VMware vshield Edge VPNs Table of Contents Introduction VMware vshield Edge... 3 Virtual Private Networks Enable Hybrid Clouds Use Cases Prerequisites Establishing Single-Site and Multi-Site VPNs Establishing Enterprise-to-Site VPNs Conclusion...10 For More Information VMware Contact Information Providing Feedback TECHNICAL WHITE PAPER / 2
3 Securing Hybrid Clouds with VMware vshield Edge VPNs Introduction Security is a top concern among organizations evaluating cloud service providers. While most service providers allow customers to implement their own security measures, few of them have comprehensive security tools to offer their customers. Among these tools, one of the most important to customers and service providers alike is the ability to securely interconnect physical and virtual datacenters with virtual private networks (VPNs). VPNs are important tools that enable enterprise IT organizations to securely connect their own physical, virtual, and cloud environments to virtual datacenters hosted by service providers and thus create secure hybrid clouds. With connectivity to public clouds secured by VPN, organizations can freely move everything including test, development, production, and overflow workloads into the cloud without having to worry about loss or corruption of data in transit. From the enterprise datacenter s perspective, a virtual datacenter in the public cloud is simply another subnet in its network topology. For cloud service providers, supporting VPNs makes it easier to attract customers and garner more of their workloads, increasing revenue and strengthening partnerships with customers. Fortunately, providers of vcloud Powered services have the VPN capability of VMware vshield Edge integrated into VMware vcloud Director 1.5. Using a self-service GUI, customers can securely interconnect their enterprise datacenters with virtual datacenters in the cloud. With vshield Edge, customers can first secure their virtual datacenters using the product s perimeter security features, and then secure communication between datacenters using the product s VPN capabilities. The result is that customers can treat their service providers as seamless extensions of their own datacenters, making cloud adoption straightforward and secure. This white paper reviews the capabilities of vshield Edge, and the common use cases for using VPNs in hybrid cloud environments. It then proceeds to illustrate the simplicity and ease with which customers of vcloud Powered services can securely interconnect their datacenters. VMware vshield Edge VMware vshield Edge is a network security solution for virtual datacenters hosted by vcloud Director 1.5 to provide customers with their own dedicated set of securely isolated virtual resources. It provides essential security capabilities such as network security gateway services and Web load balancing for performance and availability vshield Edge works in concert with vcloud Director to automate and accelerate the secure provisioning of datacenters in multitenant cloud infrastructures. Functions such as gateway services are accessible through vcloud Director GUIs, and some (such as Web load balancing) require accessing vshield Edge GUIs. vcloud Director separates duties for security and virtual infrastructure administrators, limiting access only to authorized administrators. VMware vshield Edge provides firewall, VPN, Web load balancing, network address translation (NAT), and DHCP services to virtual datacenters. Deployed as a virtual appliance, it can be positioned to protect the perimeter of a virtual datacenter while acting as the termination point for VPNs. It can also be used to implement network segmentation within virtual datacenters, allowing network infrastructure to scale along with virtual infrastructure. vshield Edge can be used to securely interconnect multiple virtual datacenters, and because it implements an industry-standard IPsec-based VPN, it can connect to physical VPN appliances at enterprise datacenter sites. The integration of vshield Edge and vcloud Director is important for both providers of vcloud Powered services and their customers. The integration: Allows security features to be provisioned by customers with a self-service model Reduces administration overhead for providers of vcloud Powered services Limits sharing of customer information (such as pre-shared VPN keys) with the service provider, increasing TECHNICAL WHITE PAPER / 3
4 Securing Hybrid Clouds with VMware vshield Edge VPNs security for customers Allows virtual networks to be scaled along with virtual infrastructure by allowing additional vshield Edge appliances to be deployed as needed Provides customer usage information to VMware vcenter Chargeback for customer billing purposes While the integration with vcloud Director does enable self-service provisioning of many vshield Edge features, it does not support self service for Web load balancing or static routing (firewalling without also using NAT). These features could be offered as additional value-added services by providers of vcloud Powered services. Both Load Balancing and VPN options require a vshield Edge premium license. Virtual Private Networks Enable Hybrid Clouds Hybrid clouds interconnect multiple clouds over public networks, whether the clouds are private clouds hosted at customer sites, or multiple public clouds. The functionality of vshield Edge VPNs allows multiple clouds to be interconnected securely, thus making them work as if they are extensions of a single datacenter. The network topologies include the following: Multi-Site vcloud Deployment vshield Edge VPNs can connect multiple VMware vcloud deployments. For example, an enterprise private cloud can be securely connected to the organization s virtual datacenter in a service provider s public cloud (Figure 1). Similarly, virtual datacenters hosted by multiple vcloud Powered service providers can be interconnected. These examples secure communication between clouds over public networks. Single-Site VMware vcloud Deployment vshield Edge VPNs can connect different virtual datacenters hosted by the same service provider, even hosted in the same vcloud Director instance (Figure 1). This example secures communication between networks hosted on shared infrastructure. Provider of vcloud Powered Services Secure Single-Site Virtual Private Network Enterprise Datacenter with vcloud Deployment Secure Multi-Site Virtual Private Networks vshield Edge Applance Figure 1. Multi-site and single-site deployments interconnect multiple vshield Edge appliances. T ECHNICAL W HI T E P A P E R / 4
5 Securing Hybrid Clouds with VMware vshield Edge VPNs Enterprise Site to vcloud Deployment vshield Edge VPNs can securely connect enterprises with fixed router or firewall-based VPNs to virtual datacenters hosted by providers of vcloud Powered services (Figure 2). Because vshield Edge supports industry-standard IPsec-based VPNs, a wide range of devices, including those from Check Point, Cisco, and Juniper, can be used to terminate the VPN at the enterprise location Provider of vcloud Powered Services Enterprise Datacenter with Physical VPN Appliance vshield Edge Applance Secure Virtual Private Network Enterprise Datacenter Physical IPsec VPN Appliance Figure 2. Enterprise site to vcloud deployments connect physical VPN appliances to vshield Edge instances. Use Cases The network topologies that providers of vcloud Powered services are most likely to encounter involve two use cases for vshield Edge VPNs: Connecting multiple virtual datacenters regardless of location. This single use case supports both multi-site and single-site vcloud deployments and connecting private clouds in enterprise environments with virtual datacenters hosted by providers of vcloud Powered services. Connecting enterprise datacenters with virtual datacenters. This is a common use case for organizations wishing to augment their own capacity with the capacity of a public cloud. From the standpoint of implementing these use cases with vshield Edge VPNs, the main difference is the endpoints. In the first case, both endpoints are vshield Edge appliances located at the perimeter of a virtual datacenter. In the second case, a vshield Edge appliance establishes a VPN with a physical device located in an enterprise datacenter. Prerequisites In order to establish a site-to-site VPN, a small number of prerequisites must be fulfilled: Each VPN appliance, whether a vshield Edge instance or a physical appliance, must have a fixed IP address that makes the appliances visible to each other. In the case of multi-site VPNs, this requires public IP addresses. In the case of single-site VPNs, private addresses can be used as long as the appliances are on the same network or the addresses are routable. The vshield Edge appliance must allow the following protocols to pass: Encapsulating Security Payload (ESP) (protocol 50), Internet Key Exchange (IKE) (UDP port 500), and UDP port 4500 for NAT traversal. Note that establishing a VPN does not automatically establish perimeter security. The vshield Edge appliance must be configured to deny any unauthorized traffic in order to fully secure the remote site. TECHNICAL WHITE PAPER / 5
6 Securing Hybrid Clouds with VMware vshield Edge VPNs About NAT Traversal The use cases discussed in this paper handle NAT Traversal, a situation where there network address translation is interposed between the two vshield Edge gateway devices. NAT Traversal overcomes the problems inherent in encrypting IPsec ESP packets that include translated addresses that must be modified in the payload, thus causing checksum errors and other incompatibilities. NAT Traversal provides the mechanism for network peers to discover if there are NAT devices between them, and allows the peers to set up a UDP tunnel to transport the ESP packet. NAT Traversal does this by inserting a UDP header and a NAT Traversal header between the original IP header and ESP header. These added fields provide enough information for the recipient to reconstruct the original packet, and intermediate NAT devices can then perform port-translations using the UDP header. NAT Traversal and all the other IPsec protocols including IKE and ESP only pass between the vshield Edge devices. The internal virtual machines communicating to the vshield Edge devices do not need to be aware of the existence of the tunnel. Establishing Single-Site and Multi-Site VPNs This is the simplest use case because when the two VPN endpoints are supported by vshield Edge the software can automatically exchange shared-secret authentication credentials and the VPN setup is almost fully automated. The topology, including IP addressing, for this example is illustrated in Figure /24 vshield Edge Appliance Public Network vshield Edge Applance /24 Figure 3. Single-site and multi-site VPN example topology and addressing. 1. In the vcloud Director Organization Portal, open the Configure Services dialog for the virtual datacenter s external network. 2. In the Configure Services dialog, enable the site-to-site VPN and add a tunnel to another network. TECHNICAL WHITE PAPER / 6
7 Securing Hybrid Clouds with VMware vshield Edge VPNs 3. Give the VPN a descriptive name, and choose A Network in Another Organization to prepare a multi-site VPN, or A Network in This Organization to prepare a VPN within the same virtual datacenter. 4. The dialog that pops up will ask for credentials for the remote site s vcloud Director Organization Portal. It then uses the credentials to log into the remote site, prepare it to accept the VPN, and exchange sharedsecret authentication credentials. TECHNICAL WHITE PAPER / 7
8 Securing Hybrid Clouds with VMware vshield Edge VPNs 5. Another dialog will pop up asking to confirm the remote peer network, and once this is selected the site-tosite VPN will be operational. Confirm that this is the case on both sites being interconnected by checking Operational status on the Site-to-Site VPN tab. Establishing Enterprise-to-Site VPNs This use case is slightly more complex because the VPN appliance at the enterprise location must be configured following the manufacturer s instructions before the VPN is established from the vshield Edge appliance. The topology and addressing for this example is illustrated in Figure 4. Enterprise Datacenter /24 Physical IPsec VPN Appliance Public Network vshield Edge Applance /24 Figure 4. Enterprise-to-site VPN example topology and addressing. 1. Configure an IPsec VPN on the physical appliance at the enterprise site. Use shared secret authentication and capture the shared secret for use when configuring the vshield Edge appliance. Certificate-based authentication is supported by vshield Edge, however the interface provided to organization administrators does not support this function. If certificate-based authentication is needed, the cloud service provider would have to set up the VPN manually. TECHNICAL WHITE PAPER / 8
9 Securing Hybrid Clouds with VMware vshield Edge VPNs 2. Open the Configure Services dialog from the virtual datacenter s external network. Enable the site-to-site VPN. 3. Set up the VPN to A Remote Network. Give the VPN a descriptive name, and select A Remote Network. Fill in the information describing the enterprise VPN appliance, select an encryption protocol to match the enterprise VPN appliance s setup, and provide the shared secret that was captured during the physical appliance setup. TECHNICAL WHITE PAPER / 9
10 Securing Hybrid Clouds with VMware vshield Edge VPNs 4. Once the site-to-site VPN is set up the tunnel status will be reported as Operational in the Configure Services dialog Conclusion The industry-standard, IPsec-based VPN functionality built into vshield Edge enables providers of vcloud Powered services to break down a barrier that keeps enterprises from fully embracing public clouds: security. Using vshield Edge appliances to protect the perimeter of virtual datacenters, and then to interconnect them using VPNs, customers have the capability to establish the same security in their cloud deployments as they do in their physical ones. With customers using a self-service interface to support their own security needs, and chargeback mechanisms in place, providers of vcloud Powered services have another value-added service that can attract more business and build stronger relationships with customers. For More Information For more information on VMware vshield Edge, please visit For more information on vshield Edge VPNs, please refer to VMware vshield Edge and vshield App Reference Design Guide at VMware Contact Information For additional information, VMware s global network of solutions providers is ready to assist. If you would like to contact VMware directly, you can reach a sales representative at VMWARE ( outside North America) or sales@vmware.com. When ing, please include the state, country, and company name from which you are inquiring. Providing Feedback VMware appreciates your feedback on the material included in this guide, and in particular, would be grateful for any guidance on the following topics: How useful was the information in this guide? What other specific topics would you like to see covered? Please send your feedback to vcloudpowered@vmware.com, with Securing Hybrid Clouds with VMware vshield Edge VPNs in the subject line. Thank you for your help in making this guide a valuable resource. TECHNICAL WHITE PAPER / 10
11 VMware, Inc Hillview Avenue Palo Alto CA USA Tel Fax Copyright 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item No: VMW-WP-VSPP-vSHLD-VPN-USLET-101
VMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationHelping Customers Move Workloads into the Cloud. A Guide for Providers of vcloud Powered Services
Helping Customers Move Workloads into the Cloud A Guide for Providers of vcloud Powered Services Technical WHITE PAPER Table of Contents Introduction.... 3 About VMware vcloud Connector.... 3 Use Cases....
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationVMware vcloud Networking and Security
VMware vcloud Networking and Security Efficient, Agile and Extensible Software-Defined Networks and Security BROCHURE Overview Organizations worldwide have gained significant efficiency and flexibility
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall Overview This document describes how to implement IPSec with pre-shared secrets
More informationvcloud Air - Virtual Private Cloud OnDemand Networking Guide
vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall Overview This document describes how to implement IPSec with pre-shared secrets establishing
More informationExpert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts
Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor
More informationVMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION
TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationWhat s New in VMware vcloud Director 1.5
vcloud Director 1.5 Technical WHITE PAPER Table of Contents Introduction.... 3 Improving Agility in the Cloud.... 4 Fast Provisioning Using Linked Clones... 4 Behind the Scenes.... 5 Cross Datastore Linked
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationvshield Administration Guide
vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationMonitoring Hybrid Cloud Applications in VMware vcloud Air
Monitoring Hybrid Cloud Applications in ware vcloud Air ware vcenter Hyperic and ware vcenter Operations Manager Installation and Administration Guide for Hybrid Cloud Monitoring TECHNICAL WHITE PAPER
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationWhat s New in VMware Site Recovery Manager 6.1
What s New in VMware Site Recovery Manager 6.1 Technical Overview AUGUST 2015 Table of Contents Introduction... 2 Storage profile based protection... 2 Stretched Storage and Orchestrated vmotion... 5 Enhanced
More informationIPsec VPN Application Guide REV: 1.0.0 1910010876
IPsec VPN Application Guide REV: 1.0.0 1910010876 CONTENTS Chapter 1. Overview... 1 Chapter 2. Before Configuration... 2 Chapter 3. Configuration... 5 3.1 Configure IPsec VPN on TL-WR842ND (Router A)...
More informationvcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product?
CHEAT SHEET INTERNAL USE ONLY VMware vcloud Networking and Security Sales and Partner Use Only What is the VMware vcloud Networking and Security Product? VMware has combined its security and advanced networking
More informationConfiguring an IPSec Tunnel between a Firebox & a Check Point FireWall-1
Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel with a WatchGuard Firebox II or Firebox III (software version 4.5 or later)
More informationvshield Quick Start Guide
vshield Manager 5.0 vshield App 5.0 vshield Edge 5.0 vshield Endpoint 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationConfiguring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0
Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0 Abstract Avaya IP Softphone R3 V2.1 now supports H.323 VoIP applications running over different
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to Dropbox
Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox VMware Identity Manager SEPTEMBER 2015 V1 Configuring Single Sign-On from VMware Identity Manager to Dropbox Table of Contents
More informationUsing IPsec VPN to provide communication between offices
Using IPsec VPN to provide communication between offices This example provides secure, transparent communication between two FortiGates located at different offices using route-based IPsec VPN. In this
More informationConfigure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1
Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1 This document describes how to configure an IPSec tunnel between a WatchGuard Firebox Vclass appliance (Vcontroller version
More informationVMware vcloud Architecture Toolkit Public VMware vcloud Service Definition
VMware vcloud Architecture Toolkit Version 2.0.1 October 2011 This product is protected by U.S. and international copyright and intellectual property laws. This product is covered by one or more patents
More informationVMware vcloud Air Security TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER The Shared Security Model for vcloud Air The end-to-end security of VMware vcloud Air (the Service ) is shared between VMware and the customer. VMware provides security for the aspects
More informationConfiguring a Check Point FireWall-1 to SOHO IPSec Tunnel
Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel This document describes the procedures required to configure an IPSec VPN tunnel between a WatchGuard SOHO or SOHO tc and a Check Point FireWall-1.
More informationvshield Quick Start Guide
vshield Manager 5.0.1 vshield App 5.0.1 vshield Edge 5.0.1 vshield Endpoint 5.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationVirtual Data Centre. User Guide
Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10
More informationMicrosoft Azure Configuration
Microsoft Azure Configuration Azure Setup for VNS3 2015 copyright 2015 1 Table of Contents Introduction 3 Create Azure Private VLAN 10 Launch VNS3 Image from Azure Marketplace 15 VNS3 Configuration Document
More informationWhat s New with VMware vcloud Director 5.1
What s New with VMware vcloud Director 5.1 Feature Overview TECHNICAL WHITE PAPER JULY 2012 Table of Contents What s New with VMware vcloud Director 5.1.... 3 Software-Defined IaaS.... 3 Hardware and OS
More informationVMware vsphere 5.0 Evaluation Guide
VMware vsphere 5.0 Evaluation Guide Auto Deploy TECHNICAL WHITE PAPER Table of Contents About This Guide.... 4 System Requirements... 4 Hardware Requirements.... 4 Servers.... 4 Storage.... 4 Networking....
More informationHow To Establish IPSec VPN between Cyberoam and Microsoft Azure
How To Establish IPSec VPN between Cyberoam and Microsoft Azure How To Establish IPSec VPN Connection between Cyberoam and Microsoft Azure Applicable Version: 10.00 onwards Overview Microsoft Azure is
More informationConfiguration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview
Configuration Guide How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios Overview The iphone is a line of smartphones designed and marketed by Apple Inc. It runs Apple s IOS mobile
More informationReadyNAS Remote White Paper. NETGEAR May 2010
ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that
More informationBuilding scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF
Building scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF Presenter information Tomas Kirnak Network design Security, wireless Servers Virtualization MikroTik Certified Trainer Atris,
More informationHyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud
Hyper-V Network Virtualization Gateways - nappliance White Paper July 2012 Introduction There are a number of challenges that enterprise customers are facing nowadays as they move more of their resources
More informationHow do I set up a branch office VPN tunnel with the Management Server?
Fireware How To VPN How do I set up a branch office VPN tunnel with the Management Server? Introduction Using the WatchGuard Management Server, you can make fully authenticated and encrypted IPSec tunnels
More informationI. What is VPN? II. Types of VPN connection. There are two types of VPN connection:
Table of Content I. What is VPN?... 2 II. Types of VPN connection... 2 III. Types of VPN Protocol... 3 IV. Remote Access VPN configuration... 4 a. PPTP protocol configuration... 4 Network Topology... 4
More informationvshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0
vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationPublic Cloud Service Definition
Public Version 1.5 TECHNICAL WHITE PAPER Table Of Contents Introduction... 3 Enterprise Hybrid Cloud... 3 Public Cloud.... 4 VMware vcloud Datacenter Services.... 4 Target Markets and Use Cases.... 4 Challenges
More informationvsphere Replication for Disaster Recovery to Cloud
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 5.8 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationConfiguring SonicOS for Microsoft Azure
Configuring SonicOS for Microsoft Azure December 2015 Topics: Purpose Deployment Considerations Supported Platforms Configuring a Policy-based VPN Configuring a Route-based VPN Purpose This details how
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationVMware vshield Zones R E V I E W E R S G U I D E
VMware vshield Zones R E V I E W E R S G U I D E Table of Contents Getting Started..................................................... 3 About This Guide...................................................
More informationMobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE
Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE Solution Overview The VMware View Mobile Secure Desktop solution is a powerful architecture intended
More informationVMware Solutions for Small and Midsize Business
SOLUTION BRIEF VMware Solutions for Small and Midsize Business Protect Your Business, Simplify and Save on IT, and Empower Your Employees AT A GLANCE VMware is a leader in virtualization and cloud infrastructure
More informationKeith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com
1 Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com Agenda Cloud Computing VMware and Security Network Security Use Case Securing View Deployments Questions 2 IT consumption
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationFireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway
Fireware How To VPN How do I set up a manual branch office VPN tunnel? Introduction You use Branch Office VPN (BOVPN) with manual IPSec to make encrypted tunnels between a Firebox and a second IPSec-compliant
More informationHow To Protect Your Virtual Infrastructure From Attack From A Cyber Threat
VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to WebEx
Configuring Single Sign-on from the VMware Identity Manager Service to WebEx VMware Identity Manager SEPTEMBER 2015 V 2 Configuring Single Sign-On from VMware Identity Manager to WebEx Table of Contents
More informationConfiguring Windows 2000/XP IPsec for Site-to-Site VPN
IPsec for Site-to-Site VPN November 2002 Copyright 2002 SofaWare Technologies Inc, All Rights Reserved. Reproduction, adaptation, or translation with prior written permission is prohibited except as allowed
More informationDeployment Guide. Deploying F5 BIG-IP Global Traffic Manager on VMware vcloud Hybrid Service
Deployment Guide Deploying F5 BIG-IP Global Traffic Manager on VMware vcloud Hybrid Service A. Introduction VMware vcloud Hybrid Service is an effective, flexible and reliable platform for enterprise customers
More informationThe VPNaaS Plugin for Fuel Documentation
The VPNaaS Plugin for Fuel Documentation Release 1.2-1.2.0-1 Mirantis Inc. January 14, 2016 CONTENTS 1 Document purpose 1 1.1 Key terms, acronyms and abbreviations................................. 1 1.2
More informationVM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware
VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based
More informationConfiguring IPsec VPN with a FortiGate and a Cisco ASA
Configuring IPsec VPN with a FortiGate and a Cisco ASA The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another site
More informationImplementing a Hybrid Cloud Strategy
Implementing a Hybrid Cloud Strategy Using vcloud Air, VMware NSX and vrealize Automation TECHNICAL WHITE PAPER Table of Contents Purpose and Overview.... 3 Executive Summary.... 3 The Conceptual Architecture....
More informationData Center Migration Lift and Shift Use Case Scenario
Why Datacenter Migration Is Challenging for Enterprises Datacenter migration projects are usually complex and involve considerable planning and coordination between multiple teams, including network, security,
More informationVMware vcloud Service Definition for a Public Cloud. Version 1.6
Service Definition for a Public Cloud Version 1.6 Technical WHITE PAPER 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
More informationvcloud Air Advanced Networking Services Guide
vcloud Air Advanced Networking Services Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationQuick Start - Virtual Private Cloud in Germany and Australia
Quick Start - Virtual Private Cloud in Germany and Australia vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationData Center Micro-Segmentation
Data Center Micro-Segmentation A Software Defined Data Center Approach for a Zero Trust Security Strategy W H I T E P A P E R Table of Contents Executive Summary... 3 The Software Defined Data Center is
More informationHIPAA/HITECH Compliance Using VMware vcloud Air
Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the
More informationDeploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels
Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels This article provides a reference for deploying a Barracuda Link Balancer under the following conditions: 1. 2. In transparent (firewall-disabled)
More informationNetwork Address Translation (NAT) Good Practice Guideline
Programme NPFIT Document Record ID Key Sub-Prog / Project Infrastructure Security NPFIT-FNT-TO-IG-GPG-0011.06 Prog. Director Chris Wilber Status Approved Owner James Wood Version 2.0 Author Mike Farrell
More informationWhite Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments
White Paper SSL vs. IPSec Streamlining Site-to-Site VPN Deployments May 2011 SiteDirect Access. Security. Delivery. Introduction Traditionally, corporate users rely on IPSec for site-to-site access. However,
More informationVMware vcloud Director for Service Providers
Architecture Overview TECHNICAL WHITE PAPER Table of Contents Scope of Document....3 About VMware vcloud Director....3 Platform for Infrastructure Cloud...3 Architecture Overview....3 Constructs of vcloud
More informationHow To Control Vcloud Air From A Microsoft Vcloud 1.1.1 (Vcloud)
SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,
More informationHow To Establish IPSec VPN connection between Cyberoam and Mikrotik router
How To Establish IPSec VPN connection between Cyberoam and Mikrotik router Applicable Version: 10.00 onwards Scenario Establish IPSec VPN connection between Cyberoam and Mikrotik router using Preshared
More informationVirtualized Network Services SDN solution for enterprises
Virtualized Network Services SDN solution for enterprises Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise s locations
More informationUse Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W
Article ID: 5037 Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote resources by establishing
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationInstalling Intercloud Fabric Firewall
This chapter contains the following sections: Information About the Intercloud Fabric Firewall, page 1 Prerequisites, page 1 Guidelines and Limitations, page 2 Basic Topology, page 2 Intercloud Fabric
More informationVirtualized Network Services SDN solution for service providers
Virtualized Network Services SDN solution for service providers Nuage Networks Virtualized Network Services (VNS) is a fresh approach to business networking that seamlessly links your enterprise customers
More informationConfiguring IPSec VPN Tunnel between NetScreen Remote Client and RN300
Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 This example explains how to configure pre-shared key based simple IPSec tunnel between NetScreen Remote Client and RN300 VPN Gateway.
More informationBasic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation
Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution
More informationHybrid Cloud for Development and Testing with VMware vcloud Air
Hybrid Cloud for Development and Testing with VMware vcloud Air January 2015 White paper Introduction Organizations struggle to meet the demand for scalable and resilient infrastructure to develop and
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationvrealize Operations Management Pack for vcloud Air 2.0
vrealize Operations Management Pack for vcloud Air 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To
More informationVMware vshield App Design Guide TECHNICAL WHITE PAPER
ware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide Overview ware vshield App is one of the security products in the ware vshield family that provides protection to applications
More informationCCNA Security 1.1 Instructional Resource
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
More informationCertes Networks Layer 4 Encryption. Network Services Impact Test Results
Certes Networks Layer 4 Encryption Network Services Impact Test Results Executive Summary One of the largest service providers in the United States tested Certes Networks Layer 4 payload encryption over
More informationvsphere Replication for Disaster Recovery to Cloud
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationConfiguring Single Sign-on from the VMware Identity Manager Service to ServiceNow
Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow VMware Identity Manager AUGUST 2015 V1 Configuring Single Sign-On from VMware Identity Manager to ServiceNow Table of Contents
More informationTelepresence in an IPv6 World. Simplify the Transition
Telepresence in an IPv6 World Simplify the Transition IPV6 has the potential to transform communications, collaboration, learning, entertainment, physical security and more. What You Will Learn If you
More informationWhite Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More informationBranch Office Desktop
Branch Office Desktop VMware View with Riverbed Steelhead EX + Granite HOW-TO GUIDE Solution Overview Today, there are millions of branch offices worldwide that represent a significant management challenge
More informationHow to Create a Multi-user Content Management Platform with Drupal in a vcloud Environment. A VMware Cloud Evaluation Reference Document
How to Create a Multi-user Content Management Platform with Drupal in a vcloud Environment A VMware Cloud Evaluation Reference Document Contents About Cloud Computing Cloud computing is an approach to
More informationRouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance
RouteFinder Internet Security Appliance IPSec VPN Client Setup Examples Reference Guide RouteFinder IPSec VPN Client Setup Examples PN S000397A Revision A This publication may not be reproduced, in whole
More informationFirewall Troubleshooting
Firewall Troubleshooting (Checkpoint Specific) For typical connectivity issues where a firewall is in question follow these steps to eliminate any issues relating to the firewall. Firewall 1. From the
More informationEstablishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client
Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client Generally speaking, remote users need to use a VPN client software for establishing a VPN connection to their home/work router
More informationVPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
VPNs Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationMicrosegmentation Using NSX Distributed Firewall: Getting Started
Microsegmentation Using NSX Distributed Firewall: VMware NSX for vsphere, release 6.0x REFERENCE PAPER Table of Contents Microsegmentation using NSX Distributed Firewall:...1 Introduction... 3 Use Case
More informationvcloud Suite Licensing
vcloud Suite 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
More informationvrealize Automation Load Balancing
vrealize Automation Load Balancing Configuration Guide Version 6.2 T E C H N I C A L W H I T E P A P E R A U G U S T 2 0 1 5 V E R S I O N 1. 0 Table of Contents Introduction... 4 Load Balancing Concepts...
More information