31,19 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Security is a major concern, in particular now that everything is moving to the cloud. A private cloud is a cloud computing platform built on your own hardware and software. The alternative is to deploy the services you need on a public cloud infrastructure provided by an external supplier such as Amazon Web Services, Rackspace Cloud, or HP Public Cloud. While a public cloud can afford greater flexibility, a private cloud gives you the advantage of greater control over the entire stack.
"VMware vCloud Security" focuses on some critical security risks, such as the application level firewall and firewall zone, virus and malware attacks on cloud virtual machines, and data security compliance on any VMware vCloud-based private cloud. Security administrators sometimes deploy its components incorrectly, or sometimes cannot see the broader picture and where the vCloud security products fit in. This book is focused on solving those problems using VMware vCloud and the vCloud Networking and Security product suite, which includes vCloud Networking and Security App, vShield Endpoint, and vCloud Networking and Security Data Security.
Ensuring the security and compliance of any applications, especially those that are business critical, is a crucial step in your journey to the cloud. You will be introduced to security roles in VMware vCloud Director, integration of LDAP Servers with vCloud, and security hardening of vCloud Director. We'll then walk through a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. We'll create access control policies based on logical constructs such as VMware vCenter Server containers and VMware vCloud Networking and Security security groups but not just physical constructs, such as IP addresses. You'll learn about the architecture of EPSEC and how to implement it. Finally, we will understand how to define data security policies, run scans, and analyze results.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 109
Veröffentlichungsjahr: 2013
Ähnliche
Table of Contents
VMware vCloud Security
VMware vCloud Security
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: October 2013
Production Reference: 2171013
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78217-096-9
www.packtpub.com
Cover Image by Aniket Sawant (<[email protected]>)
Credits
Author
Prasenjit Sarkar
Reviewers
Harish Chilkoti
Muhammad Zeeshan Munir
Preetam Zare
Acquisition Editors
Erol Staveley
Ashwin Nair
Commissioning Editor
Poonam Jain
Technical Editors
Krutika Parab
Hardik B. Soni
Copy Editors
Gladson Monteiro
Alfida Paiva
Mradula Hegde
Project Coordinator
Akash Poojary
Proofreader
Maria Gould
Indexer
Mariammal Chettiyar
Graphics
Ronak Dhruv
Valentina Dsilva
Disha Haria
Production Coordinator
Arvindkumar Gupta
Cover Work
Arvindkumar Gupta
Foreword
Security is the biggest concern in cloud environments for end users as well as cloud administrators. VMware has security solutions that try to solve all the security concerns.
Prasenjit is a technical evangelist who has authored some books that help readers to understand the key concepts and design considerations. Prasenjit provides the technical guidance in implementing VMware's cloud datacenters.
This book gives readers a step-by-step guide to install, configure, and understand the security in vCloud datacenters. The book starts with the basic architecture of vCloud Director and key concepts associated with it, and goes on to explain the setup and configuration of the vCloud Director. After installing vCloud Director, the book talks about how to secure the interior of your virtual datacenter using vCloud Networking and Security App. There are good details on how to manage the vCloud Networking and Security App firewall. The book then talks about how vShield Endpoint strengthens security for virtual machines by offloading antivirus and anti-malware agent processing to a dedicated Security Virtual Appliance. The book also has details about how to protect the sensitive data using VMware vCloud Networking and Security Data Security.
I believe this book would be very useful for the novice as well as the experienced reader. This is not yet another how-to book. The author has written the book based on his experience when implementing VMware's cloud datacenter, so he is aware of the challenges and issues faced when designing cloud datacenters. I hope that readers will get a thorough understanding of the cloud security configuration and that would eventually make cloud computing more secure.
Harish Chilkoti
About the Author
Prasenjit Sarkar is a senior member of the technical staff in VMware Service Provider Cloud R&D, where he provides architectural oversight and technical guidance to design, implement, and test VMware's Cloud datacenters. He is an author, R&D guy, and a blogger focusing on virtualization, cloud computing, storage, networking, and other enterprise technologies.
He has more than 10 years of expert knowledge in R&D, professional services, alliances, solution engineering, consulting, and technical sales, with expertise in architecting and deploying virtualization solutions, and rolling out new technology and solution initiatives. His primary focus is on VMware vSphere Infrastructure and the public cloud using VMware vCloud Suite.
One of his other focuses is to own the entire life cycle of a VMware-based IaaS (SDDC), in particular, vSphere, vCloud Director, vShield Manager, and vCenter Operations. He is one of the VMware vExperts in 2012 and 2013 and well known for his acclaimed virtualization blog, http://stretch-cloud.info. Prasenjit holds certifications from VMware, Cisco, Citrix, RedHat, Microsoft, IBM, HP, and Exin. Prior to joining VMware, Prasenjit has served other fine organizations (such as Capgemini, HP, and GE) as a solution architect and infrastructure architect.
You can follow him on Twitter at @stretchcloud.
Acknowledgement
I would like to thank and dedicate this book to my family. Without their endless and untiring support, this book would not have been possible.
I want to thank Michael Haines for his review and guidance. Michael is a Senior Cloud Networking and Security Architect and Engineer for the Global Technical Services Engineering team at VMware. Michael provides security architecture and development of VMware's Cloud solutions for service providers, enterprise customers, and partners throughout Europe and Asia Pacific. He is also responsible for providing deep technical expertise and interfacing directly with engineering and product Management to support and develop current and future vCloud Networking and Security products and initiatives.
About the Reviewers
Harish Chilkoti is a staff engineer at VMware. He has been with VMware since 2006. Harish joined VMware fresh out of college after completing a Bachelor's degree in Computer Science and Engineering. He has worked in all the areas related to virtual networking; server virtualization, cloud computing, and resource management to name a few. He has been part of VMware's journey from server virtualization to cloud computing. He has worked on all major product releases in VMware starting from ESX 3.0. He has a solid background in virtual networking and has seen how virtual networking evolved over a period to be known as SDN, Network Virtualization. His areas of interests are programming, virtualization, distributed systems, and networking.
Muhammad Zeeshan Munir is a freelance ICT consultant and solution architect. He has established his career as a System Administrator in 2004, and since then has acquired and executed many successful projects in the multi-million dollar ICT industry. With more than 10 years' experience, he now provides ICT consultancy services to different clients in Europe. He regularly contributes to different wikis and produces various video tutorials, which can be found on his website, http://zee.linxsol.com/system-administration. He has traveled all over the world and speaks English, Urdu, Punjabi, and Italian.
To my parents, who taught me how to write.
Preetam Zare is a technical architect who specializes in virtualization. He has worked in a variety of technical roles for over 13 years and achieved several industry certifications including VMware Certified Professional – Datacenter Virtualization (VCP3/4/5 – DV) and VMware Certified Advanced Professional 5 – Datacenter Design (VCAP5-DCD). He also blogs at vcp5.wordpress.com during his free time, and loves to share knowledge. He has been awarded vExpert by VMware in the years 2012 and 2013 for his contribution to a wider community. You can follow his blog at vcp5.wordpress.com and follow him on Twitter at @techstarts.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
Instant Updates on New Packt Books
Get notified! Find out when new books are published by following @PacktEnterprise on Twitter, or the Packt Enterprise Facebook page.
Preface
Welcome to VMware vCloud Security. In this book, you will learn how to mitigate the security threats on a private cloud running VMware vCloud Director. This book will enable the reader with the knowledge, skills, and abilities to build a highly secured private cloud running VMware vCloud. We will also look at a detailed step-by-step coverage with screenshots, which are usually not available in Cloud Security product manuals.
You will learn how to configure and manage vCloud Networking and Security App, which is a hyper-based firewall. You will also learn how to use vShield Endpoint, which can help you to strengthen your cloud security by mitigating threats from virus and malware attack.
In the last chapter, you will learn some advanced concepts of cloud assessment for maintaining compliance standards that are available across the world. You will also learn how to run a data security scan and review the violation report that is generated by vCloud Networking and Security Data Security and take necessary action to mitigate those risks.
What this book covers
Chapter 1, Installation and Configuration of VMware vCloud Director, covers installing vCloud Director and configuring it for first-time use. It also introduces security roles in VMware vCloud Director, integration of LDAP servers with vCloud, and security hardening of vCloud Director.
Chapter 2, Securing Your vCloud using vCloud Networking and Security, will walk you through a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. It also focuses on creating access control policies based on logical constructs such as VMware vCenter Server containers and VMware vCloud Networking and Security Security Groups, but not just physical constructs such as IP addresses.
Chapter 3, Mitigating Threats Using VMware vShield Endpoint, will help you to strengthen security for virtual machines while improving performance for Endpoint protection. It also talks about vShield Endpoint that offloads antivirus and anti-malware agent processing to a dedicated Security Virtual Appliance that is delivered and supported by VMware partners. In this chapter, you will see the architecture of EPSEC and how to implement it.
Chapter 4, Overview of VMware vCloud Networking and Security Data Security, will talk about visibility of sensitive data stored within your organization's virtualized environments. It shows you how to use reports from data scans performed by vCloud Networking and Security Data Security, and ensures that sensitive data is adequately protected. It also shows you how to assess compliance with regulations around the world. In this chapter, you will see how to define data security policies, run scans, and analyze results.
What you need for this book
You need VMware vSphere 5.1, which includes VMware vSphere ESXi, vCenter Server, any SSH Client (Putty), and vSphere Client. Also, you need the VMware vCloud Director and vCloud Networking and Security (vCNS) product suite.
Who this book is for
This book is a valuable addition for technical professionals with Cloud Security administration skills and some amount of VMware vCloud experience, who wish to learn about advanced Cloud Networking and Security products and where they fit and how to configure them as well to mitigate risks in the VMware vCloud based private cloud.
