The vCurve

I spent last week at the RSA 2010 show.  It was a different experience for me as this time I was a guest of our new partner, TippingPoint.  Overall it was a great show and I was very excited to hear multiple people tell me that the work we are doing with TippingPoint is the most interesting and innovative thing they saw at the show.   Its great to get some end-user validation.

Another interesting thing that struck me was how much has changed with regard to thinking about virtual security.  Reflex had a virtual security appliance back in 2006. When that product came out and we started talking about the new risks that virtualization was introducing, customers and other established vendors would stare at us like we were the crazy man on the corner predicting the end of the world.  Last week as a I walked the aisles of RSA, I now see that all of the big security vendors have seen the light and are now preaching the same set of issues.  Everyone has their own take on what the solution should be, but its great to see that the importance of virtualization security is mainstream.   I think everyone now understands that virtualization brings a unique set of challenges and maintains many of the traditional security risks.  Things like visibility, configuration management and control, compliance, and network segmentation all need to be considered.  Since we started down this path, Reflex has grown from being network centric to offering multiple feature sets that help the virtualization administrators and security teams work together to address these issues.

We also got quite a few questions about the product and partnership and a few of them were common enough to warrant some answers on our blog.

Q: Is the TippingPoint vController software that incorporates Reflex technology or an private label of Reflex VMC?
A: Today, vController is a TippingPoint branded private label version of the Reflex VMC with some enhancements to allow the redirection of packets to a physical IPS device. This is done via the familiar vTrust policy interface with a new rule that when matched will forward that traffic to the IPS. The rule can be very granular, down to port/protocol, so that only the desired traffic gets inspected. vController is limited to the functions Reflex provides under our vTrust feature set (but that does include the ability to use VQL!) This means that other, more virtualization management centric functions found in the Reflex VMC are not available in vController. But here is the good news, the product and the business relationship exist to allow customers that see the value in the full Reflex product to upgrade their vController to a FULL version of Reflex VMC and retain the TippingPoint integration….Best of both worlds.  We have designed the software so that upgrades will be non-invasive and only require a simple license key addition to enable the functionality.

Q: Is there going to be a virtual IPS offering from TippingPoint?
A: The official answer will come from TippingPoint, but based on the following image and the messages that were communicated publically at the RSA show, I can tell you that the current plan is to virtualize all or some of the TippingPoint IPS technology and provide it as part of a virtual appliance. The same vController software would provide the policy and rules to decide which traffic would get inspected by a virtual or physical TippingPoint IPS. The image from theTippingPoint booth clearly shows both options.

Q: What about network segmentation and firewalling? Can the vController provide those functions?
A: The short answer is Yes. Those functions are present in vController which means that the creation of virtual network zones with granular policy for network segmentation, based on VQL, is also available. And yes, the Reflex vTrust solution is a stateful firewall implementation.

Q: How much does it cost and when will the product be available?
A: This is one that I must defer to TippingPoint. I believe it will be sooner rather than later, but delivery schedules and product pricing questions should be directed at TippingPoint.

Q: What if I’m one of the smart, forward thinking people that has already purchased the Reflex VMC product, can I get the TippingPoint functionality?
A: Yes you can!. Once TippingPoint vController is available, it will be possible to purchase the appropriate license keys to enable that functionality and leverage the existing installation of Reflex VMC. (Note: An upgrade to the most recent release of the Reflex VMC will be required).

Mike Wronski, VP of Product Management
Twitter: @Reflex_Mike

written by Mike Wronski \\ tags: IDS/IPS, Reflx VMC, RSA, security, virtualization security, vTrust

Extending Security Policies into the Cloud with Dynamic Policy Enforcement

Enterprise organizations are looking to the Cloud as a way to improve operational efficiency and reduce fixed infrastructure costs. However, most enterprises are reluctant to leverage cloud infrastructure in any meaningful way due to the inherent security risks. Hezi Moore, founder of and CTO of Reflex Systems along with Ken Owens, Technical VP of Servers and Security for SAVVIS will look at how organizations can leverage virtualization management technologies to seamlessly and securely move VMs that run business-critical applications and their operational policies between private and public cloud environments.

WHEN: Wednesday, March 3rd at 10:40AM PDT

WHERE: RSA Conference 2010
Moscone Center, San Francisco
Orange Room 309

WHO: Hezi Moore, Founder and CTO, Reflex Systems
Ken Owens, Technical VP of Servers & Security, SAVVIS

written by Laura Armistead \\ tags: Cloud, Cloud Security, policy enforcement, Reflx VMC, RSA, security

The Solvay Group uses Reflex VMC to manage server consolidation, reduce costs and centrally control more than 500 virtual machines worldwide

The Solvay Group has implemented Reflex VMC (Virtualization Management Center) to manage more than 50 servers with 500 VMware-based virtual machines running in nine datacenters throughout Europe and the U.S. Solvay has significantly consolidated its physical servers, reduced costs, and gained complete visibility into all global virtual machines and hosts across multiple sites from a single console.

“The number of VMs we had implemented began to outgrow our tools’ ability to manage them efficiently. We needed a cutting-edge solution to centrally manage our entire virtual environment from a single pane of glass,” said Bruce McMillan, Manager of Emerging Technologies at Solvay, an international chemical, plastics and pharmaceutical organization with 2008 sales approaching 14 billion USD. “Reflex VMC has been become the cornerstone of our virtual infrastructure management. Not only does it enable one-stop-shop management, it allows us to put in place the corporate-wide standards that are critical to our success.”

“Solvay is a technology savvy organization that clearly recognizes the importance of using a comprehensive management and security solution to enhance its virtual infrastructure,” said Pete Privateer, president and CEO of Reflex Systems. “We’re extremely pleased that Solvay selected Reflex and is realizing such great benefits.”

The award-winning Reflex VMC solution enables next-generation datacenters to enforce IT policies, ensure compliance with government mandates, and manage and protect virtual servers, desktops, and networks across multiple platforms. The benefits Solvay has gained from using Reflex VMC include:

• Total visibility across multiple, distributed sites: Using Reflex VMC, all of Solvay’s 50 physical server hosts and 500 virtual machines can be viewed, monitored and managed at one time. This enables Solvay to assess the current implementation and plan for expansion so that new virtual machines can be logically added without impacting datacenter service levels.
• Consolidated servers and reduced costs: Leveraging Reflex, Solvay has reduced the physical host servers in each office. For example, its Atlanta office cut the number of physical servers from ten to 5, which run approximately 150 virtual machines. Other offices have realized a 12-to-1 consolidation. These high consolidation ratios have also helped to lower datacenter cooling and electrical costs.
• Improved security: According to McMillan, “The Reflex VMC security features are robust and enable us to monitor network activity within our virtual infrastructure that you normally don’t see. The IPS lets us see a lot of traffic that we did not know was there before. It gives us the opportunity to know what is going on. If you are running VMs without Reflex VMC you are blind to this activity.”

McMillan added, “With the management, security and compliance that Reflex VMC offers, combined with the stability of today’s virtualization platform from VMware, there is nothing I wouldn’t virtualize.”

About Solvay Group

Solvay is an international chemical and pharmaceutical Group with headquarters in Brussels. Its companies employ more than 29,000 people in 50 countries. In 2008, its consolidated sales amounted to EUR 9.5 billion, generated by its three sectors of activity: Chemicals, Plastics and Pharmaceuticals. Solvay is listed on the NYSE Euronext stock exchange in Brussels (NYSE Euronext: SOLB.BE – Bloomberg: SOL.BB – Reuters: SOLBt.BR). Details are available at www.solvay.com.

written by Laura Armistead \\ tags: compliance, Reflx VMC, security, virtual management, vmware