Juniper networks VGW User Manual

VGW VIRTUAL GATEWAY

DATASHEET

Product Overview

The vGW Virtual Gateway combines

best-in-class virtual ﬁrewall to meet

the unique security challenges of virtual

data centers and clouds. IT teams can

now secure their virtual environment

by enforcing a rule-based ﬁrewall

for each VM. Because the vGW has

been purpose-built with virtualization

features in mind, it synchronizes

automatically with VMware vCenter,

secures VMotion, and uses VMsafe to

provide breakthrough levels of security

and performance.

The vGW delivers superior protection,

throughput, scalability, automated

deployment and operations, and value

for virtualized environments. Enterprises

can now achieve the full ROI of

virtualization by maximizing the number

of secure VMs on each physical host

and virtualizing mission-critical systems.

And for the ﬁrst time, they can maintain

equal security and regulatory compliance

across physical and virtual networks.

Product Description

Juniper Networks® vGW Virtual Gateway rounds out a virtualization security solution that

includes a high-performance hypervisor-based stateful firewall complete virtual network

visibility, monitoring, and reporting. The vGW brings forward powerful new features that

automate security and compliance enforcement within virtual networks and clouds. By

leveraging virtual machine introspection (VMI) data and intelligence, and coupling it with

Juniper ’s wide-ranging knowledge of the security and virtual network environment, vGW

creates an extensive database of control points by which security policies and compliance

rules can be defined.

The vGW makes this rich data available in intuitive UIs that let administrators build

the entire range of policies from corporate rules on global protocol handling (e.g.,

block Kazaa) to discrete regulatory compliance policies for how virtual machines

should be configured (e.g., must have antivirus installed). Compliance assessment and

security enforcement happen automatically and in lockstep with changes in the virtual

environment. New VMs, for example, will be scanned and quarantined if out of compliance

with policies. The same applies to VMs whose “state” changes such that the security

posture is weakened. The vGW VMware VMsafe-certified security operates from deep

within the virtualization fabric as part of the hypervisor. Consequently, the software

delivers unprecedented levels of security, far beyond what is possible with traditional

physical network security products.

Security and compliance concerns are top of mind in virtualization and cloud

deployments. Juniper’s experience and innovative research in virtualization security has

resulted in a powerful software suite capable of monitoring and protecting virtualized

environments without negatively impacting performance. A hypervisor-based, VMsafe-

certified, virtualization security approach, in combination with “X-ray” level knowledge of

each virtual machine through VMI, gives the vGW a unique vantage point in the virtualized

fabric. Here, virtualization security can be applied efficiently and with context about the

virtual environment and its state at any given moment.

vGW delivers total virtual data center protection and cloud

security through visibility, compliance, and control:

• Visibility—full view to all applications flowing between VMs

and how they are used. Complete VM and VM group inventory,

including virtual network settings. Deep knowledge of VM state,

including installed applications, operating systems, and patch

level, through VMI.

• Compliance—enforcement of corporate and regulatory policies

for the presence of required or banned applications via VMI.

Some practical applications of compliance enforcement such

as assurance of segregation of duties to ensure that VMs are

assigned to the right trust zones inside the virtual environment.

Pre-built compliance assessment based on common industry

best practices and leading regulatory standards.

• Control—a VMsafe-certified, stateful firewall provides access

control over all traffic via policies that define which ports,

protocols, destination VMs, etc. should be blocked. Further

inspection of allowed traffic can be conducted by protocol or

application in order to identify intrusion attempts, malformed

packets, or the presence of malware.

Architecture and Key Components

Figure 1: A dashboard view of virtual network security and

compliance states

Database

Virtual Switch

Physical Server #1

Intranet Application

SAP

Virtual

Firewall

NIC

WWW

Virtual Switch

Live

Migration

WWWVMWWWVMWWW

Physical Network

WWW

Virtual Switch

Virtual Center

Physical Server #2

Desktop

Virtual

Firewall

NIC

Desktop

Virtual Switch

NIC

Virtual Firewall

secure inter-VM communication, stopping infections.

Secure VMotion by “attaching” an enforceable policy to the migrating VM.

Figure 2: The vGW secures highly dynamic VMs through change and motion

+ 4 hidden pages