Home > Blogs > VMware Security & Compliance Blog > Monthly Archives: July 2010

Monthly Archives: July 2010

A New Generation of vShield Security Products

UPDATE: Newer URLs provided below for joining the beta

We are pleased to announce the availability of beta for two new vShield products:

  •  vShield App 1.0 dynamically protects applications within the virtual data center (vDC) from internal threats by ensuring proper segmentation and enforcing rules on business-defined Security Groups.
  •  vShield Edge 1.0 provides a set of perimeter services akin to a DMZ, protecting a customer virtual datacenter or organization and intended to be the boundary between the Service Provider (internal or public) and a tenant organization. vShield Edge also provides network services such as DHCP, VPN, NAT and load balancing.

VMware vShield App is a hypervisor-based, application-aware firewall for virtual data centers (vDCs) which runs on vSphere™ 4 hosts. vShield App protects against web based threats and reduces the risk of policy violations within the vDC with essential security capabilities:

  • Application aware firewall with deep packet inspection
  • Flow monitoring to analyze inter-VM traffic to dynamically enforce security policies
  • Security Groups to simplify policy definition based on business needs
  • Stateful firewall: basic connection control based on source/destination IP address 

vShield App reduces the need for physical firewalls and addresses blind spots by enforcing security policies for inter-VM traffic. Once created, firewall rules accompany VMs dynamically. This change-aware protection prevents sprawl of firewall rules. The hypervisor-based firewall provides introspection of all traffic at the hypervisor layer and eliminates the need for VM connection control using host-based firewalls. This approach improves performance and provides centralized control over all inter-VM traffic. 

vShield Edge eliminates sprawl in hardware and static firewall rules, while also reducing costs and complexity. The distributed architecture drives vDC traffic to its own dedicated network security gateway eliminating performance bottlenecks. vShield Edge accelerates IT compliance and satisfies audit requirements through detailed logging of edge security events and by enabling appropriate views and controls to different administrative groups.

Both vShield App and vShield Edge are managed using vShield Manager and integrate tightly with VMware vSphere and VMware vCenter Server. 

vShield App and vShield Edge are now in a widespread public beta and may be obtained at the following URLs:

We welcome you to try out these products and provide us your feedback.