With the general availability of VMware vSphere 4 a few weeks ago, I just wanted to highlight for the security community that VMware vShield Zones is also part of that release and now generally available!

Zones is a new product for VMware and one of the newest members of the vSphere 4
product family, based on technology from our acquisition of Blue Lane
Technologies.  We had a lot of interest from customers around vShield Zones and
had over 200 customers around the world registered for our recent private
beta.  It is part of the vSphere package starting with the Advanced Edition and above.

VMware vShield Zones 1.0 offers the following key features and
benefits for vSphere 4 environments:

Central Management of Logical Zone
Boundaries and Segmentation

  • Leverage existing virtual
    infrastructure containers –  hosts, virtual switches, VLANs – as logical trust
    or organizational  zones

  • Define policies to bridge,
    firewall, or isolate network  traffic between zone boundaries
  • Manage and deploy policies
    across entire VMware vCenter  Server deployment
  • Integrate with VMware vCenter
    Server and automatically  deploy on existing virtual networks
  • Scan and discover existing
    applications running on  virtual machines to identify application

Network Enforcement and Flow Monitoring

  • Classify traffic by network
    or application protocol (e.g.  HTTP, RDP, SNMP)
  • Performantly filter traffic
    with stateful packet  inspection (SPI)
  • Track dynamic port
    connections for protocols such as  FTP
  • Track network connections
    across VMware VMotion migration  events.
  • Easily convert observed
    network flows into precise  network enforcement rules.
  • Monitor both allowed and
    disallowed activity

Management and

  • Access the Web-based vShield
    Manager interface remotely  from any Web browser
  • Configure administrators to
    be common with VMware vCenter  Server or distinct for separation of duties and
  • View activity hierarchically
    at individual virtual  machine or aggregate levels and generate graphical or
    tabular  reports

  • Retain log data for archival
    and compliance  purposes

  • Export events and data using
    syslog format

More information about vShield Zones can be found at the product page
here: http://www.vmware.com/products/vshield-zones/

vShield Zones 1.0 is downloadable as part of
the VMware vSphere evaluation at: https://www.vmware.com/tryvmware/index.php?p=vsphere&lp=1

Documentation and release notes about vShield
Zones 1.0 can be found at: http://www.vmware.com/support/pubs/vsz_pubs.html