Network Enhancers - "Delivering Beyond Boundaries": Juniper VGW Series

Monday, August 27, 2012

Juniper VGW Series - Virtual Gateway

Security and compliance concerns are first-order priorities for virtualized data center network and cloud deployments. vGW Virtual Gateway is a comprehensive firewall security solution for virtualized data centers and clouds that is capable of monitoring and protecting virtualized network environments while maintaining the highest levels of VM host capacity and performance. vGW Virtual Gateway includes a high-performance hypervisor-based stateful firewall, integrated intrusion detection (IDS), and virtualization-specific antivirus (AV) protection.

vGW Virtual Gateway provides complete virtual network protection. Its VMsafe-certified virtualization security approach, in combination with “x-ray” level knowledge of each virtual machine through virtual machine introspection, gives vGW Virtual Gateway a unique vantage point in the virtualized network environment. vGW Virtual Gateway can monitor each VM and apply protections adaptively as changes to the VM configuration and security posture make enforcement and alerts necessary.

vGW Architecture

vGW Virtual Gateway delivers total virtual data center network protection and cloud firewall security through visibility into the virtualized environment, multiple layers of protection, and a complete set of compliance tools.

Visibility: vGW Virtual Gateway has a complete view of all network traffic flowing between VMs, and a complete VM and VM group inventory, including virtual network settings. vGW Virtual Gateway also has deep knowledge of all VM states, including installed applications, operating systems, and patch level, through virtual machine introspection.

Protection: Layers of defenses and automated firewall security are provided through a comprehensive package that includes a VMsafe-certified, stateful firewall. This hypervisor-based firewall security provides access control over all traffic using policies that define which ports, protocols, destination and VMs, should be blocked.

In addition, an integrated intrusion detection engine inspects packets for the presence of malware or malicious traffic and sends alerts as appropriate. Finally, virtualization-specific AV protections deliver highly efficient on-demand and on-access scanning of VM disks and files with the capability to quarantine infected entities.

Compliance: Enforcement of corporate and regulatory policies is as much an IT imperative for virtualized workloads as it is for physical ones. The compliance functionality of vGW Virtual Gateway includes monitoring and enforcement of segregation of duties, business-warranted access, and ideal/desired VM image or configuration. vGW Virtual Gateway can continuously monitor and optionally restrict VM access so that it is limited by application, protocol, and VM type. It even monitors administrative roles, providing correct segregation of duties.

vGW Virtual Gateway also synthesizes virtual machine introspection and vCenter information to create “smart group” policies, which ensure that VMs of a specific type are automatically secured with the appropriate internal or regulatory policy. Finally, the VM Enforcer feature can ensure that any deviation from a VM “gold” image triggers an alert or a VM quarantine in order to reduce the risk associated with configuration errors.