Securing Virtualization in the Cloud-Ready Data Center
Nov 28, 2012
With the rapid growth in the adoption of server virtualization new requirements for securing the data center have emerged. Today’s data center contains a combination of physical servers and virtual servers. With the advent of distributed applications traffic often travels between virtual servers and might not be seen by physical security devices. This means that security solutions for both environments are needed. As organizations increasingly implement cloud computing security for the virtualized environment is as integral a component as traditional firewalls have been in physical networks.
Juniper's Integrated Portfolio Delivers a Solution
With a long history of building security products Juniper Networks understands the security requirements of the new data center, and Juniper’s solutions are designed to address these changing needs. The physical security portfolio includes the Juniper Networks SRX3000 and SRX5000 line of services gateways, and the Juniper Networks STRM Series Security Threat Response Managers. These physical devices are integrated with the Juniper Networks vGW Virtual Gateway software firewall that integrates with the VMware vCenter and the VMware ESXi server infrastructure.
Fundamental to virtual data center and cloud security is the control of access to virtual machines (VMs) and the applications running on them, for the specific business purposes sanctioned by the organization. At its foundation, the vGW is a hypervisor-based, VM safe certified, stateful virtual firewall that inspects all packets to and from VMs, blocking all unapproved connections. Administrators can enforce stateful virtual firewall policies for individual VMs, logical groups of VMs, or all VMs. Global, group, and single VM rules ensure easy creation of “trust zones” with strong control over high value VMs, while enabling enterprises to take full advantage of many virtualization benefits. vGW integration with the STRM and SRX Series provides a complete solution for the mixed physical and virtualized workloads.
The vGW Virtual Gateway queries the SRX Series gateway for its zone, interface, network, and routing configuration. The vGW then uses that information with the vGW management system to create VM Smart Groups so that users of vGW can see VM-to zone attachments, create additional inter-VM zone policies, and incorporate zone knowledge into compliance checks. This solution enables security administrators to guarantee that consistent security is enforced from the perimeter to the server VM. The SRX Series delivers zone-based segregation at the data center perimeter. The vGW integrates the knowledge collected in SRX Series zones to ensure that zone integrity is enforced on the hypervisor. This combination delivers stateful firewall and optional malware detection for inter-zone and inter-VM traffic as well as compliance monitoring and enforcement of SRX Series zones within the virtualized environment.
Juniper's Configuration Guide Show How It's Done By combining the vGW Virtual Gateway with high-end SRX Series Services Gateways, and by leveraging the STRM Series Security Threat Response Managers for centralized logging and monitoring, Juniper offers the most comprehensive security suite for all critical workloads in a solution that provides consistent security policy throughout the physical network and within the virtualized network, to deliver best in-class security for the data center, meeting the needs of today’s data center which is increasingly a combination of physical servers and virtual workloads, architected for cloud computing and requiring a flexible suite of robust security options.
To help with integration of Juniper Networks virtualization security solution Juniper has created a configuration guide that spells out implementation details on how the SRX Series Services Gateways and STRM Series Security Threat Response Mangers can be integrated with vGW Virtual Gateway to provide seamless, physical, and virtual security, and enhance compliance in the cloud-ready data center. For more information see the configuration guide here, Securing Virtualization in the Cloud-Ready Data Center.