Reflex's dynamic policy enforcement solution goes beyond the conventional notion of 'purpose-built firewalls' that simply monitor and control traffic between virtual machines or implement static security policies at the virtual machine level. vTrust for Reflex Virtualization Management Center provides true data center policy enforcement across the entire virtualized environment whether it is hosted locally or in internal and external cloud environments.
The new vTrust dynamic policy enforcement functionality in Reflex VMC answers a direct need for organizations implementing virtualized data centers. Reflex’s solution not only enforces security policy but also extends to data center and even general business policy, providing a central point of management for granular policy control without the need to manually modify rules.
Richard Ptak, founder and analyst at Ptak Noel & Associates
vTrust provides agile virtualization management through asset classification, virtual trust zones, dynamic network control, and adaptive roaming policies that move with assets regardless of physical location, or network connection.
vTrust for Reflex VMC enables enterprises to:
- Improve efficiency through data center automation and reduced IT staffing costs
- Ensure compliance with corporate policy and government mandates
- Manage the virtual enterprise based on existing organizational business processes
- Automate data center operations across all virtual resources whether hosted or in a public or private cloud
- Dynamic Policy Enforcement and Management — the ability to specify government regulation, corporate compliance, data center policy, best practice or security rules that adapt and move with the virtual assets (virtual machines, virtual network, group of VMs, hosts, clusters, vLAN, etc.), thus policy is enforced regardless of location, type of network connection, or type of virtual switch
- Policy Extends into the Cloud — vTrust can facilitate and automate the use of cloud and SaaS services by providing a cloud security API that enables enterprises and hosting/cloud solution providers to secure individual virtualization resources in the cloud
- Virtual Segmentation — create virtual trust zones on shared resources by dynamically partitioning the virtual infrastructure into separate virtual resources with different network communication policies (firewall rules)
- Virtual Quarantine — enforce data center policy when VMs are provisioned (VMs must meet certain criteria to be allowed on the network). Easily detect rogue or unauthorized guests or virtual machines which do not meet regulatory or compliance requirements
- Virtual Networking Policies — create and enforce a DMZ, block specific kinds of network traffic between virtual machines (P2P, IM, FTP, etc.), ensure only specific protocols are used on specific ports or networks, etc.
vmTagging™ (Virtual Meta Tagging)
Reflex's addition of dynamic policy enforcement through vTrust enables IT organizations to create and enforce virtualization policies and manage the virtual enterprise based on existing organizational business processes. Unlike other virtual security products, which define firewall rules based on more volatile virtual properties such as IP address or MAC address, Reflex enables administrators can utilize vmTagging (Virtual Meta Tagging) to organize and group virtual assets and then define policy or best practice based on the asset properties or classification. Polices based on vmTagsTM are automatically updated as the environment changes, allowing policy to be just as agile as the virtual environment it protects.
VQL™ (Virtualization Query Language)
Reflex leverages its patent-pending Virtualization Query Language™ (VQL) for specifying policies or for VQL also enables virtualization administrators to query the virtual infrastructure “on the fly” for any type of information. For example, virtual assets may be classified by line of business, type of application, organization, geographic location, operating system, patch level, or any other taxonomy as required by business processes. VQL allows the virtual environment to dynamically adapt to changing needs without requiring a change to the policies.
VMware VMsafe™ Technology for VMware vSphere™ 4
vTrust leverages VMware VMsafe™ technology, which will be included with VMware vSphere™ 4, to go well beyond the virtual firewall, to provide dynamic policy enforcement at the kernel level of the hypervisor.