HP Virtualized Network Protection Service HP Networking Consulting Technology Consulting Service overview With the proliferation of Virtual Datacenters (vdcs) and cloud computing environments, secure virtual networks are essential to help ensure that virtualized assets and information are protected against inherited legacy threats and vulnerabilities, as well as threats unique to a virtualized environment. The Virtualized Network Protection (VNP) Service provides a secure network baseline for these environments and incorporates a defense-in-depth strategy to harden a virtual network. The components of this strategy include: Network separation for multi-tenant/multiorganization environments Multiple virtual LANs (VLANs) to separate traffic, including vmotion, management, storage, and virtual machine (VM) traffic Secure Network Communication Configuration to disable functionality such as MAC address changes and forged transmits These components, along with many others, help to improve the security of the virtualized network and thus the overall security posture of the vdc or cloud infrastructure The VNP Service is designed to implement a hardened virtual network that can be utilized in a vdc or cloud environment. This design is based on the HP Network Protection Optimization Reference Architecture. The VNP Service is based on a predefined set of security controls that incorporates both HP and VMware best practices for a hardened virtualized network environment. This service provides the following components: VMware vsphere Threat Review VMware vsphere Security Policies VLAN Best Practices Hardening VMware vshield Deployment purchase agreement with HP.
VMware Hardening Compliance Checker Validation Report This service is a custom scoped, custom priced statement of work (SOW) service. Service benefits Increased trust and reliance on information systems by employees, business partners, and customers Adherence to legal and regulatory requirements for security due diligence Higher availability and reliability of critical enterprise information and applications Lower overall cost of security management and system ownership A comprehensive assessment with HP s proven security expertise Reduced time needed to assess and harden a network using HP developed hardening scripts and tools Consistent, repeatable hardening process and results Hardening customized to the unique business requirements of your network Utilization of industry- and auditor-recognized security benchmarks HP Technology Consulting led configuration and implementation Service feature highlights Assessment planning/kickoff Virtualized Network Protection hardening Virtualized Network Protection reporting Deliverables review Specifications Service features Feature Assessment planning/kickoff Virtualized Network Protection hardening Virtualized Network Protection reporting Deliverables review Delivery specification As a prerequisite, an HP network consultant (NC) service specialist will conduct a meeting to review the Customer's environment and discuss preconfiguration activities, including the collection of required information. HP will confirm with the Customer that any service prerequisites have been met. HP will schedule the delivery of the service at a time mutually agreed upon by HP and the Customer, which shall be during local HP standard business hours excluding HP holidays, unless otherwise agreed by HP. Any services provided outside of HP standard business hours may be subject to additional charges. The service includes a review of the preconfiguration checklist with the Customer. It also includes the confirmation of platform readiness for VNP and the installation of vshield and PowerCLI, if necessary. In the last component of this step, HP will conduct a review of the proposed virtualized network hardening configuration with the Customer. This process involves the execution of both scripted and manual configuration steps and utilizes hardening scripts and vshield Edge to implement the Virtualized Network Protection (VNP) service. This process includes the running of a VNP reporting script to demonstrate that the hardened virtualized network configuration has been completed. It also includes the execution of a Compliance Checker script to show where the Customer s virtualized network stands with respect to a specific Governance, Risk, and Compliance area. Deliverables include: A hardened virtualized network environment A Virtualized Network Protection Report to demonstrate what configuration options have been utilized to harden the virtualized network purchase agreement with HP. 2
A Compliance Checker Report to show hardened configuration with respect to a specific compliance criteria A knowledge transfer session to help ensure that the Customer will have enough knowledge to fully utilize the VNP environment Customer requirements The Customer will: Purchase or provide all hardware, software, licenses, staff, current maintenance contracts, and environments necessary for HP to provide these services Provide HP personnel with access to Customer s building facilities, computer room facilities, systems, passwords, etc., as needed, during standard business hours as well as after standard hours, if necessary Provide a suitable work area commensurate with the number of onsite HP consultants; the work area will include desks, chairs, and telephones, and Internet/HP network access through a virtual private network (VPN) Perform any backups needed before changes are made and back up the target systems and work implemented by HP Contact an HP service specialist within 30 days of purchase date to schedule this service Assign a project sponsor who will: Be available to HP personnel throughout the life of the project Act as an escalation point when conflicts cannot be resolved by the project manager Assign a project manager who will: Be responsible for all Customer aspects of this project Have authorization to make all decisions relative to the project, including identification and assignment of Customer resources Be available to HP consulting personnel throughout the project s lifecycle Have authorization to sign status reports, approve consultant hours, and approve project changes Coordinate all interviews and collaboration events Be responsible for acceptance of the deliverables and verify compliance of each deliverable with the acceptance criteria as defined Have authorization to approve project changes Assign managers and other personnel, as appropriate, to work with HP throughout the project s lifecycle Perform all entries and approval tracking for the Customer internal change management process Be responsible for the accuracy, completeness, and the timely provision of all information provided by the Customer; if information is incomplete or incorrect, any delay and anything required to correct problems created by the use of such incomplete or inaccurate information will be treated as a Customer requested change request to the SOW and subject to the change process Allow HP full and unrestricted access to all locations where the service is to be performed purchase agreement with HP. 3
Service limitations Good faith cooperation. HP and the Customer acknowledge that successful completion of this project will require full and mutual good faith cooperation. Where agreement, approval, acceptance, consent, or similar action by either party is required by any provision of the SOW, such action will not be unreasonably delayed or withheld. The Customer agrees that to the extent its failure to meet its responsibilities results in a failure or delay by HP in performing its obligations under the agreed statement of work, HP will not be liable for such failure or delay. Any services or deliverables not documented in the SOW are considered outside the scope of this service. All deliverable documentation created for this engagement will be available in electronic format. The engagement planning software used for this engagement will be Microsoft Project. Services are deemed accepted upon performance. Any changes or modifications to the scope and extent of this service will require a change request and authorization of additional funds. A change request will be governed by the change management process, and agreement by both parties. HP Virtualized Network Protection Service does not address the overall infrastructure hardening requirements that would be delivered in a Data Center Transformation of a Cloud Protection engagement. The VNP Service is limited in scope to the following: VMware vsphere Security Policies Network Traffic Bridge, Firewall, and/or Isolation Zone Boundary Policy VMware vsphere Hardening Policy Network Enforcement Rule Policy VMware vsphere vshield & VLAN Configuration VMware Administrator Interview vshield Edge - Network Separation VLAN Configurations Configuration of vshield Manager Virtualization Layer Threat Review & Validation VMware vsphere Hardening Script CISO Interview VMware vsphere Hardening Compliance Checker Assessment Report Gold VMware vsphere Compliance Hardening Script General provisions/other exclusions HP reserves the right to charge, on a time and materials basis, for any additional work over and above the service pricing that may be requested by the Customer or may result from work required to address service prerequisites or other requirements that are not met by the Customer. HP reserves the right to re-price this service if the Customer does not schedule and provide for subsequent delivery within 30 days of purchase. HP s ability to deliver this service is dependent upon the Customer s full and timely cooperation with HP, as well as the accuracy and completeness of any information and data the Customer provides to HP. The Virtualized Network Protection Service is custom-scoped and priced based on a customer s unique assessment needs as a time and material service. HP Technology Services are governed by the HP Single Order Terms for Consulting/Support or the Customer's purchase agreement with HP. purchase agreement with HP. 4
Travel charges may apply; please consult your local office. Ordering information To obtain further information for HP Virtualized Network Protection Service, contact a local HP sales representative. For more information For more information on HP Services, contact any of our worldwide sales offices or visit the following website: www.hp.com/services/alwayson Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty or condition, express or implied, in fact or in law. HP shall not be liable for technical or editorial errors or omissions contained herein. purchase agreement with HP. 4AA4-3294ENW, September 2012