RSA Solutions for VMware and Vblock Dominique Dessy – Senior Technical Consultant

Agenda

• What is a Vblock?• RSA’s Approach to Securing Vblock• Typical use cases

• Rapid deployment model of virtualized infrastructure

• Pre-integrated and validated solutions reduce total cost of ownership

• Service-level driven through predictable performance and operational characteristics

• Improved compliance/security and reduced risk

VblockA New Way of Delivering IT to Business

VblockA New Way of Delivering IT to Business

• Best of breed technologies– Compute: Cisco UCS– Network: Cisco Nexus family, Cisco MDS 9000

series– Storage: EMC Symmetrix V-Max or EMC

Unified Storage (Celerra and CLARiiON)– Hypervisor: VMware vSphere 4– Management: Cisco UCS Manager, EMC Ionix

Unified Infrastructure Manager, VMware vCenter

– Security: RSA

4

RSA’s Approach to Securing Vblock

• Extend customer’s existing RSA investments to the virtual infrastructure and deliver new capabilities

• Layer onto Vblock architecture: – User authentication– Compliance monitoring and

reporting– Infrastructure security – Data loss prevention

• Validate RSA with Vblock Infrastructure Packages in the VCE Lab

5

RSA’s Approach to Securing Vblock

6

Secure the core Vblock platform (VMware, Cisco, EMC components)

1

Secure each application validated with Vblock(e.g., VMware View, SAP)

2

Central SecurityManagementand Reporting

Secure the Core Vblock Platform

Secure Administrative User Access• RSA SecurID authentication for:

• ESX Service Console• vSphere Management Assistant

Security Monitoring & Reporting• RSA enVision monitoring for:

• vCenter• ESX and ESXi• EMC Symmetrix, CLARiiON and Celerra

storage• Cisco UCS

7

Validated with Vblock

Secure the Core Vblock Platform

8

RSA enVisionRSA SecurID

Strong authentication before access to ESX Service Console and vSphere Management Assistant

Comprehensive visibility into security events

Security incident management, compliance reporting

Security and compliance officer

vSphere Management Assistant

vSphere

Storage

UCS

Vmware Administrator

Validated with Vblock

RSA enVision Collector

• enVision Collector uses the VMware SDK to retrieve the logs from vCenter and all ESX/ESXi servers

Collector connection

RSA enVision system

enVision Dashboard: Monitoring Vblock Event Sources by Event Category

10

enVision Dashboard: Vblock VCE Event Sources Activity by Event Category

Applying Patch to Production System

Unauthorized Administrator

Protecting Management Console

Use Case Scenarios

17

Lost Laptop

So how does VDI make me more secure?

18

Secure Network

How VDI addresses the Lost Laptop Scenario

19

Virtual DesktopNo USB or only secure USB allowed via DLPNetwork access controlled via VMware vShield ZonesThe process is fully logged by SIEM

Laptop with NOsensitive data

Virtual Desktop with access to sensitive data

Application with sensitive data

SSL + 2FA

ScenarioProtecting Your Management Console

• Remote desktop into your Management LAN via VPN

20

Management LAN

ESX Service Console

vCenter Server

Vblock Management Console

SSL VPN supporting RSA SecurID

A common way to apply patches is to try them out in a test environmentIn a virtual world you can clone the system, data and all

ScenarioApply Patch to Production System

Clone virtual environment1

This is difficult and time-consuming in a production environment, but very easy in a virtual environment

Test Patch2Apply Patch to production environment3Is this an authorized procedure?

Is the test environment sufficiently protected & controlled?

Who accessed the data in the test environment?

Was the VM destroyed after it was used?

Production Environment Test Environment

HR Application Server VM

HR Database Server VM

HRDB

Name, SSN, DoB, etc

HR Application Server VM

HR Database Server VM

HRDB

Name, SSN, DoB, etc

PATCHPATCH

21

ScenarioApply Patch to Production System

Production Environment Test Environment

HR Application Server VM

HR Database Server VM

HRDB

Name, SSN, DoB, etc

HR Application Server VM

HR Database Server VM

HRDB

Name, SSN, DoB, etc

PATCHPATCH

Clone virtual environment1 Test Patch2Apply Patch to production environment3

VM ClonedRSA enVision can log the administrative activity from vCenter, like the VM being cloned

Patch AppliedIf the test environment is properly protected, then it will also be monitored by RSA enVision

VM ClonedPatch Applied RSA enVision

If this is out of policy we can alert a security analyst

Patch Applied VM Deleted

22

ScenarioUnauthorized Administrator

PCI Zone Non-PCI Zone

RSA enVision

Store Management Windows VM

Transaction DB

Credit Card numbers

Transaction Management Application

In a PCI environment, you need to validate that only authorized administrators are modifying the system

Suppose permissions are set up incorrectly, and an unauthorized administrator can move a VM

VM Movedby kpbrady

AuthorizedPCI Admin? Active

Directory

RSA enVision logs what activities were performed and by whom

RSA enVision can check against a “watchlist” of authorized PCI administratorsIf the administrator is not authorized, RSA enVision can alert a security analyst

23

What’s available today?

• RSA enVision support for Vblock– Cisco UCS– Cisco network– EMC Ionix UIM– EMC storage solutions

• Symmetrix• Clariion• Celerra

• RSA Solution for VMware View– RSA DLP Endpoint– RSA SecurID agent built-in to VMware View– RSA enVision Collector for VMware vCenter– RSA enVision support for VMware View

RSA SecurBook for VMware View

• RSA Solutions – Multi-product solutions– Validated in the RSA Solutions

Center• RSA SecurBooks

– Guides for planning, deploying, and administering RSA solutions.

– Comprehensive reference architecture, screenshots, practical guidance

25

Learn More

New RSA Landing Page at VMware.com

• RSA contenthttp://www.vmware.com/go/rsa

RSA Video • Build a Solid Foundation for Secure

Virtualization with RSA

http://www.rsa.com/mediaplayer/N_Mehta_2thepoint.htm

RSA SecurBook for VMware View • A Guide for Deploying and Administering

the RSA Solution for VMware View https://www.rsa.com/go/Securbook/Securbook_VM_land.htm

RSA White Papers• Securing the Administration of Virtualization

http://www.rsa.com/solutions/technology/secure/ar/10781_EMA_RSA-SecuringAdminVirtualization.pdf

RSA Webinars• Securing VMware Desktop and Server

Environments with RSAhttp://www.emc.com/events/2010/q1/03-

25-10-securing-vmware-with-rsa-part-4.htm

RSA Security Brief • Security Compliance in a Virtual World

http://www.rsa.com/node.aspx?id=1212

26