Data Center Transformation
Automated and simplified stateful policy controls
Security has to be software defined

Traditional data centers were typically built on technology silos that were stacked on top of each other (network, server, storage, and security) and then propagated to other locations. Maintaining these silo infrastructures became hard to manage, rigid, and costly. With technology advancements in software-defined infrastructures, cloud computing, and cheaper bandwidth, organizations across the globe are both consolidating and modernizing their data centers to accelerate application and IT delivery, reduce costs, and achieve better scalability, efficiency in resource utilization and automation.

Modern infrastructures are being built with end-to-end automation through the use of APIs, policy, and orchestration for greater business agility. For example, IT has defined workload templates, service tiers, service catalogs, and enabled business owners to self-service their infrastructure needs through portals. Compute, storage, and networking have been built into these automation workflows, but traditional hardware-centric security solutions (such as NGFWs) have left organizations with largely inflexible and static policy controls that hamper the amount of security automation that can be delivered.

Additionally, many organizations optimize shared infrastructure resources based on application performance demand and requirements, moving VMs and workloads across the virtual and cloud infrastructure as needed. This operational efficiency breaks traditional security constructs since many of the existing tools cannot support dynamic synchronization of state that can allow efficient, secure migration of workloads.

The vArmour Solution

vArmour designed the industry’s first distributed security system built entirely in software with highly programmable APIs that tie into existing automation workflows and DevOps processes in private clouds and virtual data centers. vArmour enables application owners and operators to embed security functions within each workload so that security policies travel with the workload regardless of its location.

For example, as application owners are spinning up new workloads with cloud orchestration platforms such as VMware vCenter or Kubernetes, vArmour ingests metadata about the workload - whether the asset is a web server, database or application. Based on the specific metadata captured, vArmour dynamically applies the appropriate policies based on the application owner’s intent for the workload. That is, application owners can create Layer 7 policy controls (segmentation or microsegmentation) that are based on business and application-layer context instead of traditional coarse-grained policies limited to ports and protocols. Traditionally, assets with varying security requirements were often isolated by being placed in different VLANs with new firewall rules, IP subnets, and default gateways that became operationally unmanageable.

Figure: Software-based microsegmentation controls as part of DevOps process
Scale-out deployment

All in software, vArmour DSS is easy to deploy with a transparent Layer 2 insertion. With its distributed security processing architecture, vArmour DSS only needs to inspect traffic within individual hypervisors unlike traditional NGFWs solutions that require traffic steering to evaluate policy enforcement across network segments, which impacts performance. Additionally, vArmour DSS enables policies to scale-out globally across a heterogeneous infrastructure while also being centrally managed to streamline operations. In this way, security resources can be scaled-out in a similar fashion to compute resources.

Integrates with cloud orchestration and automation tools

vArmour DSS offers a full-featured JSON/REST APIs that integrates seamlessly with third party cloud orchestration, automation, and DevOps tools such as VMware vRealize Orchestrator, Puppet, Chef, Kubernetes, and others. Leveraging these APIs, operators can streamline security policy creation and management by embedding security policies into DevOps processes to speed application delivery.

Infrastructure independence

vArmour DSS distributes security processing next to the asset it’s protecting whether it’s a workload, application,or containerized service without requiring kernel access. Single distributed policy controls travel with the asset regardless of location or ties to physical appliances. vArmour DSS also provides native support for live migration (such as VMware vMotion) ensuring policy controls and enforcement move with the workload within and across hypervisors without disruption to the application.

  • Application agility through programmable, stateful policy controls being built-in to DevOps workflows without manual, complex firewall change management processes or new network segments deployed
  • Business-driven security controls based on the application requirements and policies written in the language of the business owner
  • Efficient security operations through simplified policy management and scale-out security processing based on compute needs