Product Announcements

A Final Thought on vShield Zones

vShield Zones: Gain Visibility for Security and Compliance

By Jerome Bomengo (VMware SE)

With all the new functionality that shipped in vSphere 4, it’s easy to overlook a small yet powerful feature like vShield Zones.  vShield Zones came to VMware by way of the Blue Lane acquisition in October 2008 and is part of VMware’s ongoing effort to strengthen and secure the platform.    

VMware vShield Zones is a dynamic, self-learning, self-configuring firewall service for vSphere 4.  vShield Zones gives administrators the ability to deploy each VM (or group of VMs) behind a stateful firewall without modifying existing network configurations.  vShield Zones enforces individual VM security requirements within the private cloud even when VMotioned to a non-compliant ESX host.  Security policies can be created by leveraging existing vCenter containers including; hosts, virtual switches, and VLANs, or traffic can be allowed or denied based on network or application protocol (HTTP(S), SMTP, RDP, etc.).  vShield Zones security policies are managed through VMware vCenter 4.0 and access can be delegated to specific individuals within the organization.  Built-in auditing capabilities and the ability to export events and data in syslog format makes compliance straightforward and verifiable.

VMware vShield Zones ships as a pre-configured Virtual Appliance and is available free of charge to customers who own vSphere Advanced, Enterprise, and Enterprise Plus licenses.   More information about vShield Zones can be found at the product page here:
vShield Zones 1.0 is downloadable as part of the VMware vSphere evaluation at:
Documentation and release notes about vShield Zones 1.0 can be found at:

Related Articles