Home > Blogs > VMware Security & Compliance Blog

A New Generation of vShield Security Products

UPDATE: Newer URLs provided below for joining the beta

We are pleased to announce the availability of beta for two new vShield products:

  •  vShield App 1.0 dynamically protects applications within the virtual data center (vDC) from internal threats by ensuring proper segmentation and enforcing rules on business-defined Security Groups.
  •  vShield Edge 1.0 provides a set of perimeter services akin to a DMZ, protecting a customer virtual datacenter or organization and intended to be the boundary between the Service Provider (internal or public) and a tenant organization. vShield Edge also provides network services such as DHCP, VPN, NAT and load balancing.

VMware vShield App is a hypervisor-based, application-aware firewall for virtual data centers (vDCs) which runs on vSphere™ 4 hosts. vShield App protects against web based threats and reduces the risk of policy violations within the vDC with essential security capabilities:

  • Application aware firewall with deep packet inspection
  • Flow monitoring to analyze inter-VM traffic to dynamically enforce security policies
  • Security Groups to simplify policy definition based on business needs
  • Stateful firewall: basic connection control based on source/destination IP address 

vShield App reduces the need for physical firewalls and addresses blind spots by enforcing security policies for inter-VM traffic. Once created, firewall rules accompany VMs dynamically. This change-aware protection prevents sprawl of firewall rules. The hypervisor-based firewall provides introspection of all traffic at the hypervisor layer and eliminates the need for VM connection control using host-based firewalls. This approach improves performance and provides centralized control over all inter-VM traffic. 

vShield Edge eliminates sprawl in hardware and static firewall rules, while also reducing costs and complexity. The distributed architecture drives vDC traffic to its own dedicated network security gateway eliminating performance bottlenecks. vShield Edge accelerates IT compliance and satisfies audit requirements through detailed logging of edge security events and by enabling appropriate views and controls to different administrative groups.

Both vShield App and vShield Edge are managed using vShield Manager and integrate tightly with VMware vSphere and VMware vCenter Server. 

vShield App and vShield Edge are now in a widespread public beta and may be obtained at the following URLs:

We welcome you to try out these products and provide us your feedback.

This entry was posted in Uncategorized on by .

About Charu Chaubal

Charu Chaubal is the Director of Technical Marketing for the Cloud Platform Business Unit at VMware, and runs the team that works on the vSphere product line. He has been at the company since 2006, and has been responsible for customer education and sales enablement for a wide range of datacenter technologies, such as hypervisor security, hyperconverged storage, and virtualization of data science applications. Previously, he worked at Sun Microsystems, where he had over 7 years experience with architecting distributed resource management and HPC infrastructure software solutions.