Upload
vuongquynh
View
259
Download
1
Embed Size (px)
Citation preview
RSA Solutions for VMware and Vblock Dominique Dessy – Senior Technical Consultant
Agenda
• What is a Vblock?• RSA’s Approach to Securing Vblock• Typical use cases
• Rapid deployment model of virtualized infrastructure
• Pre-integrated and validated solutions reduce total cost of ownership
• Service-level driven through predictable performance and operational characteristics
• Improved compliance/security and reduced risk
VblockA New Way of Delivering IT to Business
VblockA New Way of Delivering IT to Business
• Best of breed technologies– Compute: Cisco UCS– Network: Cisco Nexus family, Cisco MDS 9000
series– Storage: EMC Symmetrix V-Max or EMC
Unified Storage (Celerra and CLARiiON)– Hypervisor: VMware vSphere 4– Management: Cisco UCS Manager, EMC Ionix
Unified Infrastructure Manager, VMware vCenter
– Security: RSA
4
RSA’s Approach to Securing Vblock
• Extend customer’s existing RSA investments to the virtual infrastructure and deliver new capabilities
• Layer onto Vblock architecture: – User authentication– Compliance monitoring and
reporting– Infrastructure security – Data loss prevention
• Validate RSA with Vblock Infrastructure Packages in the VCE Lab
5
RSA’s Approach to Securing Vblock
6
Secure the core Vblock platform (VMware, Cisco, EMC components)
1
Secure each application validated with Vblock(e.g., VMware View, SAP)
2
Central SecurityManagementand Reporting
Secure the Core Vblock Platform
Secure Administrative User Access• RSA SecurID authentication for:
• ESX Service Console• vSphere Management Assistant
Security Monitoring & Reporting• RSA enVision monitoring for:
• vCenter• ESX and ESXi• EMC Symmetrix, CLARiiON and Celerra
storage• Cisco UCS
7
Validated with Vblock
Secure the Core Vblock Platform
8
RSA enVisionRSA SecurID
Strong authentication before access to ESX Service Console and vSphere Management Assistant
Comprehensive visibility into security events
Security incident management, compliance reporting
Security and compliance officer
vSphere Management Assistant
vSphere
Storage
UCS
Vmware Administrator
Validated with Vblock
RSA enVision Collector
• enVision Collector uses the VMware SDK to retrieve the logs from vCenter and all ESX/ESXi servers
Collector connection
RSA enVision system
enVision Dashboard: Monitoring Vblock Event Sources by Event Category
10
enVision Dashboard: Vblock VCE Event Sources Activity by Event Category
Applying Patch to Production System
Unauthorized Administrator
Protecting Management Console
Use Case Scenarios
17
Lost Laptop
So how does VDI make me more secure?
18
Secure Network
How VDI addresses the Lost Laptop Scenario
19
Virtual DesktopNo USB or only secure USB allowed via DLPNetwork access controlled via VMware vShield ZonesThe process is fully logged by SIEM
Laptop with NOsensitive data
Virtual Desktop with access to sensitive data
Application with sensitive data
SSL + 2FA
ScenarioProtecting Your Management Console
• Remote desktop into your Management LAN via VPN
20
Management LAN
ESX Service Console
vCenter Server
Vblock Management Console
SSL VPN supporting RSA SecurID
A common way to apply patches is to try them out in a test environmentIn a virtual world you can clone the system, data and all
ScenarioApply Patch to Production System
Clone virtual environment1
This is difficult and time-consuming in a production environment, but very easy in a virtual environment
Test Patch2Apply Patch to production environment3Is this an authorized procedure?
Is the test environment sufficiently protected & controlled?
Who accessed the data in the test environment?
Was the VM destroyed after it was used?
Production Environment Test Environment
HR Application Server VM
HR Database Server VM
HRDB
Name, SSN, DoB, etc
HR Application Server VM
HR Database Server VM
HRDB
Name, SSN, DoB, etc
PATCHPATCH
21
ScenarioApply Patch to Production System
Production Environment Test Environment
HR Application Server VM
HR Database Server VM
HRDB
Name, SSN, DoB, etc
HR Application Server VM
HR Database Server VM
HRDB
Name, SSN, DoB, etc
PATCHPATCH
Clone virtual environment1 Test Patch2Apply Patch to production environment3
VM ClonedRSA enVision can log the administrative activity from vCenter, like the VM being cloned
Patch AppliedIf the test environment is properly protected, then it will also be monitored by RSA enVision
VM ClonedPatch Applied RSA enVision
If this is out of policy we can alert a security analyst
Patch Applied VM Deleted
22
ScenarioUnauthorized Administrator
PCI Zone Non-PCI Zone
RSA enVision
Store Management Windows VM
Transaction DB
Credit Card numbers
Transaction Management Application
In a PCI environment, you need to validate that only authorized administrators are modifying the system
Suppose permissions are set up incorrectly, and an unauthorized administrator can move a VM
VM Movedby kpbrady
AuthorizedPCI Admin? Active
Directory
RSA enVision logs what activities were performed and by whom
RSA enVision can check against a “watchlist” of authorized PCI administratorsIf the administrator is not authorized, RSA enVision can alert a security analyst
23
What’s available today?
• RSA enVision support for Vblock– Cisco UCS– Cisco network– EMC Ionix UIM– EMC storage solutions
• Symmetrix• Clariion• Celerra
• RSA Solution for VMware View– RSA DLP Endpoint– RSA SecurID agent built-in to VMware View– RSA enVision Collector for VMware vCenter– RSA enVision support for VMware View
RSA SecurBook for VMware View
• RSA Solutions – Multi-product solutions– Validated in the RSA Solutions
Center• RSA SecurBooks
– Guides for planning, deploying, and administering RSA solutions.
– Comprehensive reference architecture, screenshots, practical guidance
25
Learn More
New RSA Landing Page at VMware.com
• RSA contenthttp://www.vmware.com/go/rsa
RSA Video • Build a Solid Foundation for Secure
Virtualization with RSA
http://www.rsa.com/mediaplayer/N_Mehta_2thepoint.htm
RSA SecurBook for VMware View • A Guide for Deploying and Administering
the RSA Solution for VMware View https://www.rsa.com/go/Securbook/Securbook_VM_land.htm
RSA White Papers• Securing the Administration of Virtualization
http://www.rsa.com/solutions/technology/secure/ar/10781_EMA_RSA-SecuringAdminVirtualization.pdf
RSA Webinars• Securing VMware Desktop and Server
Environments with RSAhttp://www.emc.com/events/2010/q1/03-
25-10-securing-vmware-with-rsa-part-4.htm
RSA Security Brief • Security Compliance in a Virtual World
http://www.rsa.com/node.aspx?id=1212
26