Selling the VMware Advantage for Business Continuity and

Security

1
The First Comprehensive Cloud Infrastructure Suite

Cloud Infrastructure Suite

Policy, Reporting,
vCloud Director Self-Service

Virtualized Security &

vShield Security Edge Functions

Monitoring &
vCenter Operations Management

vCenter SRM Business Continuity

High Performance
vSphere 5 Resource Control, Pooling
& Scheduling

2
Journey to IT Transformation – Accelerate and Amplify

Cloud
Enterprise Hybrid Cloud
Low High
Governance Governance

Infrastructure focus Application focus Business focus

Virtualization

IT Production Business Production IT as a Service

3
The Security Evolution - From Appliances to Security as a Service

Cloud
Enterprise Hybrid Cloud
Low High
Governance Governance

Security as a
Service

Virtualized
Security

Infrastructure focus Application focus Business focus

Hardware
Virtualization Appliances

IT Production Business Production IT as a Service

4
VMware vShield – Foundation for Trusted Cloud

Securing the Cloud From Edge to Endpoint

vShield Data
vShield Edge vShield App vShield Endpoint
Security
Secure the edge of Protect applications from Streamline and accelerate Protect against
the virtual datacenter threats with trust zones anti-virus solutions data leaks

Virtual
Datacenter 1 Virtual Datacenter 2

DMZ Web HIPAA PCI

VMware vShield Manager

5
Most Common Use Cases for Security and Compliance

VMware
Protect virtual data End-User Computing
centers from external threats

VMware Cloud
Protect applications and data from internal threats
Application Platform

VMware Cloud
Prevent malware spread in View VDI deployments
Application Platform

6
Use Case 1 : Customers wants to Protect Virtual Data Center
and Data from External Threats

Company A Company B

Hacker Company B

7
Solution: vShield Edge Secures the Perimeter of Virtual Data Centers
and Data in Transit

VMware VMware VMware

vShield Edge vShield Edge vShield Edge

Tenant A Tenant C Tenant X Overview

ƒ Multiple edge security services in one
appliance
ƒ Stateful inspection firewall
ƒ Network Address Translation (NAT)
Secure
Virtual
Secure
Virtual
Secure
Virtual
ƒ Dynamic Host Configuration
Appliance Appliance Appliance Protocol (DHCP)
ƒ Site to site VPN (IPsec)
ƒ Web Load Balancer
ƒ Policy management through UI or REST
APIs
ƒ Logging and auditing based on industry
standard syslog format

Firewall Load balancer VPN

8
Business Benefit: vShield Edge Delivers An Operationally Efficient,
Disruptively Simple, Cost-effective Solution

Company A Company B

vShield vShield
Edge Edge Business Benefits

ƒ Reduce operational cost with

disruptively simple management
ƒ Lower complexity by eliminating
multiple appliances
ƒ Cost-effective solution

Company A Company B

9
Use Case 2: Customer wants to Protect Virtualized Business
Critical Applications from Internal Threats

SAP

PCI CDE

ƒ Unpatched VM

ƒ Infected VM

10
Solution : vShield App Delivers a Hypervisor-level Firewall to Protect
Applications from Internal Threats

Overview
ƒ Segments critical applications and
databases from the rest of the
environment.
ƒ Hypervisor-level firewall provides
SAP protection immediately in front of critical
workloads.
ƒ Adaptive security templates - “stretch”
dynamically as servers are added.
ƒ Robust flow monitoring for application
visibility
ƒ Programmable interface(API) for high
PCI CDE scale deployments, ecosystem integration

Business Benefits

ƒ Isolate critical applications

ƒ Unpatched VM ƒ Eliminates cost and operational
overhead of hardware firewalls.
ƒ Infected VM
ƒ Improves business flexibility

11
vShield App with Data Security Protects Against Data Leaks

Overview

ƒ More than 80 pre-defined templates for

country/industry specific regulations
ƒ Accurately discover and report sensitive
data in unstructured files with analysis
engine
ƒ Segment off VMs with sensitive data in
separate trust zones

Benefits

! ! ! ƒ Quickly identify sensitive data exposures

ƒ Reduce risk of non-compliance and
Cloud Infrastructure reputation damage
(vSphere, vCenter, vShield, vCloud Director)
ƒ Improve performance by offloading data
discovery functions to a virtual appliance

12
Use Case 3: Customer wants to Protect View Deployments from
Malware

SAP VMware VIEW

VMware VIEW PCI CDE

ƒ Unpatched View VM

ƒ Infected View VM

13
Solution: vShield Endpoint Provides Strong and Efficient
Protection Against Malware

Overview

ƒ Offloaded anti-virus protection

ƒ Leverage 3rd party anti-virus solutions

USE

Agent Agent Agent Agent Agent Agent

Benefits
AV
Partner
Agent Agent Agent Agent Agent Agent Product ƒ Eliminate anti-virus storms
ƒ Rapid provisioning : deploy and patch
Cloud Infrastructure
(vSphere, vCenter, vShield, vCloud Director)
ƒ Reduce risk and improve performance by
eliminating agents susceptible to attack
ƒ Lower cost and complexity to protect
virtual machines against malware

14
Business Continuity As An Infrastructure Service For All Apps

Local Site Failover Site

vSphere vSphere vSphere vSphere vSphere

Improved
in 2011
Local Availability Disaster Recovery
Improved
ƒ vSphere High Availability in 2011 ƒ vCenter Site Recovery Manager
ƒ vSphere Fault Tolerance ƒ Includes vSphere Replication
ƒ vMotion
New
Data Protection in 2011
Improved
ƒ vSphere Data Recovery in 2011
ƒ Storage APIs for Data Protection

15
Protection Against Planned Downtime

Server Maintenance
• vMotion & DRS Maintenance Mode
• Migrate running VMs to other servers
in the pool
• Automatically distribute workloads
for optimal performance

Storage Maintenance
• Storage vMotion & Storage DRS
Maintenance Mode
Key Benefits
• Migrate VM disks to other storage
targets without disruption • Eliminate downtime for common
maintenance
• Automatically distribute VMs and VMDKs
• No application or end user impact
to ensure balanced space and I/O load
across datastores • Freedom to perform maintenance
whenever desired

16
VMware HA Provides Protection Against Unplanned Downtime

ƒ Protection against host and VM failures

• Automatic failure detection (host, guest OS)
• Automatic virtual machine restart in minutes, on any available host in cluster
• OS and application-independent, does not require complex configuration changes
ƒ What’s new with vSphere HA 5
• Increased scale and reliability through new ‘Fault Domain Manager’
• Storage-level communications for additional redundancy
• IPv6 support

17
App-Aware HA With VM Health Monitoring APIs
Leverage 3rd party solutions that integrate with VMware HA
(e.g., Symantec ApplicationHA)
App-Aware HA Overview
Application health monitoring agent detects app
VMware HA failure inside VM
App
ƒ 3rd party agent (e.g., Symantec ApplicationHA)
Restart 3
Attempt app restart inside the VM
2 APP APP
ƒ Restart processes
OS OS
1 VMware HA integration
ƒ Trigger HA when app restart fails
vSphere
ƒ Trigger HA when VM heartbeat lost

Benefits
App-aware HA
ƒ Detect and recover from application failures within
VM
ƒ Virtualize business-critical apps without 3rd party
clustering solutions

18
VMware Fault Tolerance For Continuous Availability

• Single identical VMs running in

lockstep on separate hosts
• Zero downtime, zero data loss
failover for all virtual machines in
case of hardware failures

XX
App App App App App App App

HA
OS
HA
OS OS
FT OS OS OS OS • Integrated with VMware HA/DRS
VMware ESX VMware ESX • No complex clustering or
specialized hardware required
• Single common mechanism for all
applications and operating
systems
X

19
vCenter Site Recovery Manager Ensures Simple, Reliable DR

Site Recovery Manager Complements vSphere to provide the simplest

and most reliable disaster protection and site migration for all applications

Provide cost-efficient replication of

applications to failover site
• Built-in vSphere Replication
Site A (Primary) Site B (Recovery)
• Broad support for storage-based
VMware
vCenter Server
Site Recovery
Manager
VMware
vCenter Server
Site Recovery
Manager
replication
Simplify management of recovery and
VMware vSphere VMware vSphere
migration plans
• Replace manual runbooks with
centralized recovery plans
• From weeks to minutes to set up new
plan
Servers Servers Automate failover and migration
processes for reliable recovery
• Enable frequent non-disruptive testing
• Ensure fast, automated failover
• Automate failback processes

20
What’s New In Site Recovery Manager 5.0?

ƒ vSphere Replication
Expand DR coverage to
• Bundled with SRM at no additional cost
Tier 2 apps and smaller
• Provides simple, cost-efficient replication sites
between vSphere clusters

ƒ Automated failback
• Bi-directional recovery plans
• Automates failback to original site Streamline planned
ƒ Planned migration migrations
• New workflow that can be applied to any (for disaster avoidance,
recovery plan planned maintenance, …)
• Ensures no data-loss, application-consistent
migrations of virtual machines

ƒ Others
• More granular control over VM startup order
• Protection-side APIs
• IPv6 support

21
vSphere Replication For Cost-Efficient, Simple Replication
Cost-efficient
Reduce storage costs by 2X
• Support for heterogeneous
storage across sites,
including non-replicating
storage
• Use lower-end or older
storage at failover site
Eliminate replication
software costs
• vSphere Replication
included with Site Recovery
Manager at no additional
cost
22
Simple
Manage replication directly
from vCenter
• Eliminate complex
interactions with storage
teams
Manage replication at the
individual VM level
• Eliminate need for
complicated VM-to-LUN
mapping
Powerful
15 minute RPOs
• Set RPOs between 15
minutes and 24 hours
Efficient network utilization
• Replicate only changed disk
areas
Highly scalable
• 500 virtual machines
Limitations
• No automated failback
• File-level consistency only
(except planned migration)
• No FT, templates, linked
clones, physical RDMs
Beyond DR: Disaster Avoidance And Planned Migrations
3 typical use-cases for SRM
Disaster Failover
Recover from unexpected
site failure
• Full or partial site failure
The most critical but least
frequent use-case
• Unexpected site failures do
not happen often
• When they do, fast recovery
is critical to the business
23
Disaster Avoidance
Anticipate potential
datacenter outages
• For example: in case of
planned hurricane, floods,
forced evacuation, etc.
Initiate preventive failover
for smooth migration
• Leverage SRM ‘planned
migration’ to ensure no
data-loss
• ‘Automated failback’
enables easy return to
original site
Planned Migration
Most frequent SRM use case
• Planned datacenter
maintenance
• Global load balancing
Streamline routine
migrations across sites
• Test to minimize risk
• Execute partial failovers
• Leverage SRM ‘planned
migration’ to ensure no
data-loss
• ‘Automated failback’
enables bi-directional
migrations
VMware Unique BC/DR Advantages

vSphere 5 Hyper-V R2 SP1 XenServer 6

Concurrent High Speed Up to 8

concurrent Only one VM at a Only one VM at a
Live Migration, Shorter 9 vMotions across ~ time per host ~ time per host
Maintenance Windows multiple links

Live Storage Migration Quick Storage

VMware Enhanced Nothing
– Zero Downtime 9
9 Storage vMotion x Migration
has downtime
x comparable
Storage Maintenance

Built-In NIC Teaming – Integrated NIC NIC teaming

teaming with Relies on network supported, but
Network Fault 9 dynamic load x vendor to provide ~ limited
Tolerance balancing configurability

Built-In Storage Broad Fibre

Limited, requires Limited SANs
Multipathing – Storage 9 Channel & iSCSI
SAN support
~ 3rd-party tools ~ supported
Fault Tolerance
VMware HA;
Only for host
One-Click High simple setup; up to Only for host
failure
Availability 9 32 nodes; affinity
and admission
~ Up to 16 nodes; ~ failure
Up to 16 nodes
complex
controls

24
VMware Unique BC/DR Advantages (continued)

vSphere 5 Hyper-V R2 SP1 XenServer 6

All 88+ guests
supported, Limited to
High Availability for Any
OS or App 9 Symantec
ApplicationHA for
~ Windows
2003/2008 guests
x No app-aware HA

app-aware HA

Fault Tolerance – Requires 3rd-party,

VMware Fault No software FT
Continuous Availability 9
9 Tolerance x support x expensive, limited
guests
for Critical Apps

Automated Disaster StorageLink Site

vCenter Site Nothing Recovery: only
Recovery With Failback 9 Recovery Manager x comparable ~ supports 4 SANs;
and Testing not automated

Host-Based VM
vSphere No built-in No built-in
Replication With Any 9 Replication
x replication x replication
Storage

vSphere Data
Agentless, LAN-Free Recovery and Nothing Nothing
VM Backups 9 vStorage APIs for x comparable x comparable
Data Protection

25
Summary and Next Steps

ƒ VMware security advantages

• Legacy security: complex, rigid, labor-intensive compliance
• vShield security: simple, adaptive, automated compliance
ƒ VMware Business Continuity/Disaster Recovery advantages
• Competitor offerings: complex, incomplete, non-integrated
• vSphere: full-range business continuity as an infrastructure service for all apps
ƒ Where to get more product information
• www.vmware.com/vshield
• www.vmware.com/solutions/business-continuity
ƒ Cost Calculators
• ROI/TCO Calculator – www.vmware.com/go/calculator
• Competitive Cost Per Application Calculator –
www.vmware.com/go/costperappcalc

26
“Competitive Selling” on Partner Central

Sales Tools > Competitive Selling

ƒ Competitive Toolkits
ƒ Competitive Sales
Tools
• Quick Positioning
Cards
• Competitive Flashes
• Presentations
• White papers
• Analyst reports
ƒ Competitor Pages

27
Call to Action

Listen
Know where your customers are on their
Journey to ITaaS – and create a plan to
accelerate their progress.

Learn
Upgrade your knowledge across the
VMware stack for ITaaS. Update your
Accreditations and Certifications.
http://www.vmware.com/partners/partners.html

Leverage
Maximize the networking opportunities
here and use those new relationships to
accelerate your success.

28