New technical PDF from VMware which helps with a design of a DMZ by using software protection that comes with VMware vSphere. By using the vCloud Networking and Security (vCNS). The vCNS is a product bundled with VMware vSphere (from Essentials Plus and higher) and vCloud Suite, and it's destined to secure VMware vSphere environments. vCNS has been updated with the release of vSphere 5.1 to be fully compatible with vCD 5.1 as well.
It's almost step-by-step document, but essentially you got the picture on how to design and use the vCNS to built your own DMZ in order to secure your environment.
You'll learn how to use the vCloud Networking and security edge firewall, load balancing and VPN in order to secure DMZ application. The Fully Collapsed DMZ design can lower the CAPEX and OPEX.
The design is built on two major security components:
- VMware vCloud Networking and Security App firewall
- VMware vCloud Networking and Security Edge gateway
This guide explains the concepts and the roles of those products in the design. You'll also learn how all this it gets integrated into vCenter and each of the vSphere hosts.
Spoof Guard – you'll learn about this component as well, called Spoof Guard. It's an advanced protection built into the vCNS App Firewall which protects against man-in-the-middle attacks, like ARP cache poisoning. The admin has a possibility to manually or automatically inspect and reject new MAC/IP pairs.
Wikipedia:
Packet crafting is a technique that allows network administrators or hackers to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic. Testing may target the firewall, IDS, TCP/IP stack, router or any other component of the network. Packets are usually created by using a packet generator or packet analyzer which allows for specific options and flags to be set on the created packets.
You can download the vCloud Networking Security DMZ Design PDF from this VMware Page.
Check out my Free VMware Tools page and Free Technical PDF page to find out about how to tweak vSphere deployments to achieve best performance.
