1. 1 © Copyright 2010 EMC Corporation. All rights reserved. EMC Solution for VMware View™4 Virtual Desktop Planning The Perfect Virtual Desktop Deployment Jeff Thomas Sr. vSpecialist Western Region Manager EMC Corporation Thomas_Jeffrey@emc.com Thomas_Jeffrey@emc.com

2. 2 © Copyright 2010 EMC Corporation. All rights reserved. Super Session Agenda  Technical overview of VMware View Solutions 1:00-1:45pm  Break1:45-2:00pm  Security Solutions for Virtualization and VMware View1:00-1:45pm  Break & Drawing for 1 yr Subscription to Netflix2:45-3:00pm  White Board Session3:00-3:45pm  Wifi Blue Ray Player Prize Drawing 3:45pm

3. 3 © Copyright 2010 EMC Corporation. All rights reserved. Typical Challenges to Contend With… Distributed workforce Mobile & remote workers Outsourcing & off-shoring Contract Workers Limited control of PCs Patch compliance Security Regulatory compliance Focus on PC hardware Many makes & models Refresh cycles Management complexity Deployment Support Security

4. 4 © Copyright 2010 EMC Corporation. All rights reserved. Centralize compute resourceIncrease flexibility & agilitySimplify managementImprove standardization VMware View - Addressing the Challenges…

5. 5 © Copyright 2010 EMC Corporation. All rights reserved. New Challenges Arise Current infrastructure designed for server workloads Must reduce TCO per user Large number of VMs to manage Aggressive and somewhat unpredictable performance profiles Availability and performance requirements increase Small changes have a big impact (10 IOPS per desktop multiplies) ~10 IOPS 10 GB ~600 IOPS 600 GB 99.999% 99% EMC Addressing the Challenges… Store and Manage Efficiently Protect the migrated user data Secure user access Scalable, Flexible Infrastructure

6. 6 © Copyright 2010 EMC Corporation. All rights reserved. Areas of Focus – Ensuring Success Management and ProvisioningData ProtectionSecurityDeploying at Scale

7. 7 © Copyright 2010 EMC Corporation. All rights reserved. Management and Provisioning Data ProtectionSecurityDeploying at Scale

8. 8 © Copyright 2010 EMC Corporation. All rights reserved. Virtual Desktops – Impact to Infrastructure Traditional Environment Thousands of desktop systems distributed through the enterprise Distributed data needs to be managed Each user has there own C:\ drive with boot disk and user data IT supports/maintains remote systems Includes hardware compatibility and software updates Consolidated Environment Thin Clients access data and applications over the network Centralized boot disk and user data Allows IT to enforce corporate policies for what is on desktop Simplified software management and hardware independence Thin Clients LAN/WAN Desktop VMs ESX Servers

9. 9 © Copyright 2010 EMC Corporation. All rights reserved. What is a Virtual Desktop made of? User Data Disk Persistent disk to store user data and settings Consistent user experience while maintain tight control and compliance Base Image Highly managed OS disk Reduce provisioning time Simplified updates and patches Operating System User Data Application

10. 10 © Copyright 2010 EMC Corporation. All rights reserved. Boot Drive: Techniques to Lower Cost and Maintain Availability Minimize Boot Disk Capacity Requirements 1,000 users with a 10GB Boot Disk each Standard Boot Disk for each client ~ 1,000 clients = 10TB of storage Leveraging VMware’s View Composer or EMC Snapshots to create “Thin” Boot Disks provides 60-80% less drive consumption Full Boot Image/Client VMware Composer/ Array Snaps 10TB 2-4TB 60-80% Less Capacity VMware View Composer significantly reduce Virtual Desktop Boot Disk Consumption Key Benefits: Dramatically drives down storage costs 5 9’s availability across all arrays Reduces time deploy multiple images Simplifies maintenance and updates

11. 11 © Copyright 2010 EMC Corporation. All rights reserved. View Composer: Linked Clone Technology –A linked clone is a thin copy of the original virtual machine that shares the virtual disk with the base virtual machine in an ongoing manner  Base virtual disk is called replica –Linked clones are given separate identity created with QuickPrep  Clones can be powered on, suspended, snapshot, reconfigured independent of the parent –Optionally, clones can have additional private disks called user data disk

12. 12 © Copyright 2010 EMC Corporation. All rights reserved. Base Master (Template) VM Data Disk System Disk N 2 1 Replica Linked Clone N Linked Clone 2 Linked Clone 1 Use Cases 1.Deploy 2.Refresh Snap1 Desktop Deployment via VMware View Composer

13. 13 © Copyright 2010 EMC Corporation. All rights reserved. Data Disk System Disk Replica Linked Clone N Linked Clone 2 Linked Clone 1 N 2 1 Use Cases 1.Deploy 2.Refresh 3.Re-Compose Base Master (Template) VM Snap1Snap2 Desktop Deployment via VMware View Composer

14. 14 © Copyright 2010 EMC Corporation. All rights reserved. Use Cases 1.Deploy 2.Refresh 3.Re-Compose 4.Re-Balance Replica Base Master (Template) VM Snap2 Desktop Deployment via VMware View Composer

15. 15 © Copyright 2010 EMC Corporation. All rights reserved. Data Protection Management and ProvisioningData ProtectionSecurityDeploying at Scale

16. 16 © Copyright 2010 EMC Corporation. All rights reserved. Addressing Backup/Restore for VMware View Avamar Avamar delivers up to 90% faster VMware backups, resulting in 50% or greater server consolidation  Unified backup approach for both physical and virtual environments  Universal support for file and image level backup  Transparent backups for end users –Move up to 99% less data  Self service end user restores* – Available in physical environments only* – Windows and MAC Virtual Desktop File level View Server Image level Physical File level

17. 17 © Copyright 2010 EMC Corporation. All rights reserved. Leveraging Avamar with VMware View  Application-consistent backups for: –vCenter database –Virtual Desktop Manager –Active Directory –User home directories  Crash-consistent backups using the underlying storage and Replication Manager = Avamar Software Agent Avamar Data Store VMware vCenter VMware Virtual Desktop Manager Microsoft Active Directory Virtual Desktop Templates User Home Directories Avamar Accelerator Node Centralized Storage Approach 1 Approach 2

18. 18 © Copyright 2010 EMC Corporation. All rights reserved. Security Management and ProvisioningData ProtectionSecurityDeploying at Scale

19. 19 © Copyright 2010 EMC Corporation. All rights reserved. Complete Security Solution for VMware View RSA enVision for security monitoring and reporting RSA SecurID for ESX Service Console and vMA RSA SecurID for ESX Service Console and vMA RSA SecurID for remote authentication RSA SecurID for remote authentication RSA DLP for protection of data RSA DLP for protection of data Ionix SCM for security config and patch management RSA enVision Log Collector For VMware vCenter RSA enVision Log Collector For VMware vCenter Clients VMware Infrastructure VMware View Manager VMware vCenter Active Directory Offline Laptop

20. 20 © Copyright 2010 EMC Corporation. All rights reserved. SecurBook – Best Practices for VMware View RSA Solutions Multi-product, integrated solutions Tested and validated in the RSA Solutions Center RSA SecurBooks Solution guides enable administrators to better plan, deploy, and manage RSA solutions

21. 21 © Copyright 2010 EMC Corporation. All rights reserved. Deploying at Scale Management and ProvisioningData ProtectionSecurityDeploying at Scale

22. 22 © Copyright 2010 EMC Corporation. All rights reserved. Scaling Storage for Virtual Desktops 15K FC drives (8 drives) Enterprise Flash Drives (8 drives) SATA drives (8 drives) Flash -- Significantly More IO/s per Drive at Much Lower Response Time

23. 23 © Copyright 2010 EMC Corporation. All rights reserved. The Challenge  Architecting a View Environment to size for BOTH capacity and performance at scale when leveraging Linked Clone Technology The Analysis  4000 x 10GB boot images = 2  4TB  (90-95% capacity savings)  5 iops per user = 20,000 iops The Result  at scale, data reduction technologies + EFD saves you $$$ The Case for Enterprise Flash Drives

24. 24 © Copyright 2010 EMC Corporation. All rights reserved. Disk Response Times Boot Steady State

25. 25 © Copyright 2010 EMC Corporation. All rights reserved. Disk Response Times 60% lower average RT 90% lower peak RT 7x VMs per spindle

26. 26 © Copyright 2010 EMC Corporation. All rights reserved. User Data: EMC Tiered Storage Minimizes The Cost And Complexity Of Backup And Management Desktop VMs Thin Clients LAN/ WAN Policy-based Management to Automate Deduplication, Tiering, Mobility, Replication and Archiving Key Benefits:  Reduce capacity ≈50%  Reduce total Storage costs ≈ 80%  Improve service levels –5 9’s availability –Faster backups and restores  Operational Efficiency –Centralized  anti-virus  Quota management  Backup/Recovery  DR –Automated Tiering and Archival Tier 1 – $$$$ VDI User Data Tier 2 – $$ Tier 3 – $

27. 27 © Copyright 2010 EMC Corporation. All rights reserved. Storage Infrastructure Deployment Options Enterprise virtual desktop infrastructure: design for performance and reliability EMC Symmetrix V-Max is a new enterprise-class storage array that incorporates a new high-performance fabric interconnect designed to meet the performance and scalability demands for enterprise storage within the most demanding virtual data center installations. EMC Symmetrix is the industry standard for high-end information storage systems—the unsurpassed market leader for availability, consolidation, performance, application integration, power efficiency, and information-centric security. EMC Unified Storage (CLARiiON CX4/Celerra) delivers industry-leading innovation in midrange storage with a unique combination of flexible, scalable hardware design and advanced software capabilities – it is optimized for file and block access, delivering high-end features in a scalable, easy-to-use package. ALL EMC PLATFORMS = vStorage Ready!

28. 28 © Copyright 2010 EMC Corporation. All rights reserved. EMC Proven Solutions Help you identify and overcome business challenges Reduce risk and deliver faster implementations Address unique industry challenges Simplify the management of complex application environments

29. 29 © Copyright 2010 EMC Corporation. All rights reserved. Highly Scalable Infrastructure for Virtual Desktops Scalability study for deploying VMware View on Cisco UCS and EMC V-Max  Symmetrix Virtual Provisioning allows on-demand storage allocation which provides significant savings in physical storage required for virtual desktops  Auto-provisioning Groups greatly reduces the time it takes to map and mask Symmetrix devices and present them to a VMware virtual infrastructure  Symmetrix Remote Data Facility (SRDF) with VMware’s Site Recovery Manager (SRM) provides protection from any disaster that might disable a primary production site EMC Symmetrix V-Max Cisco UCS VMware View VMware View Use Case Scale to thousands of desktops, reduce cost of desktop management, and secure/protect corporate data

30. 30 © Copyright 2010 EMC Corporation. All rights reserved. EMC Global Services - VMware Catalog EMC Consulting Technology Solutions and Services Education Services Residency Services Adopt VMware with EMC’s Core Competencies… InfrastructureBusiness ContinuityManagementClient and Cloud  Strategy  Business Case Development  Application Transformation  VMware Design and Implementation  Physical to Virtual Migration  Business Risk Alignment  Recovery Planning  Replication and Recovery Site Deployment  Backup, Recovery, and Archive  Reporting and Dashboard Automation  Operational Excellence  Desktop Strategy  Secure Access  Cloud Integration  Virtual Desktop Design and Implementation  Certification Training  Full VMware Training Portfolio  Training for Storage Replication and VMware Site Recovery Manager  VMware View Training  Resource Management Software and Tools  Discovery, maintenance, and updates  VMware Lifecycle Manager Training  Ionix Training Portfolio

32. 32 © Copyright 2010 EMC Corporation. All rights reserved. What keeps the IT Admin up at night? Information and data is our most important asset. We spend too much time recovering lost data from stolen laptops. How do I maintain or improve desktop management when I’m required to do more with less? It is difficult to respond quickly when employees are mobile and scattered across the world. Just managing the patches on my OS is a full time job, what about the rest of my environment? I spend a lot of time on desktop support calls. But I really need to focus on strategic IT initiatives that really add value.

33. 33 © Copyright 2010 EMC Corporation. All rights reserved. Deployment Choices View Composer Traditional VDI

34. 34 © Copyright 2010 EMC Corporation. All rights reserved. Virtual Desktop Infrastructure with VMware View  Improves total cost of ownership –Longer useful life for existing PCs –Lower support costs –Reduced backup costs  Improves flexibility –Run any application on any hardware  Simplifies management –Rapidly deploy systems from templates –Simplified desktop updating –Consistent desktop deployment  Ensures security –Leverages perimeter and host security –No distributed data risk Simplify desktop management by replacing traditional PCs with centrally managed virtual machines (VMs) Thin Clients LAN/WAN Desktop VMs ESX Servers

35. 35 © Copyright 2010 EMC Corporation. All rights reserved. EMC Delivers Optimized Backup for VMware Up to…  95 percent reduction in data moved  90 percent reduction in backup times  50 percent reduction in disk impact  95 percent reduction in NIC usage  80 percent reduction in CPU usage  50 percent reduction in memory usage Traditional Backup BRS Backup All backups are stored as “virtual full backups,” ready for immediate restore Maintains effective consolidation ratios without overtaxing CPU utilization

36. 36 © Copyright 2010 EMC Corporation. All rights reserved. VMware View at Scale Requires Tiered Multi-Protocol Storage Solutions Two different storage needs:  Boot LUN capacity (Block or File) –“Virtual” Boot Disk for each client simplifies management of boot image and reduces capitol cost  Must have unlimited scalability and uninterrupted user access at a minimal cost  User and Application data (File) –“Virtual ” data drives to store user data and packaged virtual applications on centralized file servers  Ideal use case for CIFS based NAS storage leveraging everything that EMC brings to ILM Desktop VMs Thin Clients LAN/ WAN EMC Storage Differentiators  Predictable Performance  Continuous Availability  Automated Tiering  Deduplication, Antivirus, Quota Managment OS Boot User Data Storage Infrastructure Must Support 1,000’s of Users Sharing the Same Resources

37. 37 © Copyright 2010 EMC Corporation. All rights reserved. File A Large File B Active Large File A Active File A Active Large Celerra Primary Storage Dedupe Improves Storage Efficiency for VMware  New VMware dedupe support –Adds support for deduplication and compression of VMDK images  vCenter integration for more granular replication and recovery –New plug-in enables VMware File-level snaps and clones  Additional dedupe capabilities –Large file and active file deduplication –Compression-aware NDMP backups –Tunable deduplication by filesystem –File level compression support in CIFS vCenter Celerra Unified Storage

38. 38 © Copyright 2010 EMC Corporation. All rights reserved. Performance Needs – A Comparison EFD FC  Utilization impact of booting all 20 Desktops  Utilization variance over time with typical office applications running 20 Desktops on 2 15k FC drives  Utilization impact of booting 70 desktops at a time  Utilization variance over time with typical office applications running 140 Desktops on 2 EFD drives

39. 39 © Copyright 2010 EMC Corporation. All rights reserved.

40. Luiza Aguiar, Solutions Marketing Manager Luiza.Aguiar@rsa.com February 2010 RSA Security Solutions for Virtualization

41. Source: Live EMC Forum pole conducted in 5 cities across N. America, 10/09 “Yes, in all cases” 24% “In some cases, but there are gaps” 43% “No, security is brought in after the fact” 22% “The business moves ahead without security” 11% Question Does your IT security address the risks associated with virtualization and private cloud before they are implemented? Why is this bad? Restricted potential value Increased potential for data breaches Question Does your IT security address the risks associated with virtualization and private cloud before they are implemented?

42. Security Challenges with Virtualization Trouble finding and tracking sensitive data and files in a dynamic virtual environment Difficulty ensuring appropriate access to virtual sessions and sensitive information based on end-user identity Poor visibility into end user and IT admin activity occurring across the virtual network environment that may compromise security and compliance Ensuring users handle sensitive information appropriately during a virtual desktop session Need for centralized security policy and management across both the physical and virtual infrastructure Configuration and patch management to and detect/remediate vulnerabilities across rapidly scaling and growing VMs New compliance requirements; creating/cloning/moving of virtual machines, data access, and privileged user activities

43. Leading the Way Toward 100% Virtualization RSA: Security and Compliance for Virtual Environments ACCELERATE Integrate security controls today that can accelerate the adoption of virtualization for mission critical applications ADAPT Develop one security policy for both physical and virtual environments ADVANCE Look to virtualization for a more advanced solution for endpoint security

44. 44 RSA Capabilities for Virtualization Security RSA Solution for VMware View RSA Solutions for Virtual Data Center Use Case Scenarios

45. Secure Information Monitor Infrastructure Protect Identities Accelerate Mission Critical Virtualization What if you could… Monitor and report on all activities across the IT stack – including the creation, cloning and moving of virtual machines …monitor and report on all activities across the IT stack – both physical and virtual. …know what is happening with sensitive information in a virtualized environment? …be 100% confident of user and administrator identities before allowing access to virtual desktops and servers.

46. Secure Information Monitor Infrastructure Protect Identities Accelerate Mission Critical Virtualization What if you could… Monitor and report on all activities across the IT stack – including the creation, cloning and moving of virtual machines …monitor and report on all activities across the IT stack – both physical and virtual. …know what is happening with sensitive information in a virtualized environment? …be 100% confident of user and administrator identities before allowing access to virtual desktops and servers.

47. 47 InformationInfrastructureIdentities Securing the Virtual Information Infrastructure Policy Monitor | Audit | Report enVision Consulting EMC Security Assessment for Virtualized Environments RSA SecurID EMC Ionix Server Configuration Manager RSA DLP Endpoint 2-factor authentication to VMware ESX Service Console and VMware View Manager Central configuration and patch management for virtual desktops Discover and protect sensitive information within VMware Centralized Virtual Desktops

48. VM Lifecycle Management Assessment EMC Consulting: Security Policy Development Reporting Recommendations Analysis Security Policies and Controls Assessment VM Infrastructure Hardening Assessment VM Operational Processes Assessment Security Assessment for Virtual Environments Review current enterprise virtualization practices and controls via interviews with IT team members and process owners Report on gaps between current practices and controls and best practices Make recommendations for achieving a desired state Develop a roadmap for implementation of recommendations

49. 49 RSA SecurID and Authentication Manager Establishing user identities for virtual desktop access Authenticating administrator access to ESX Service Console vSphere Management Assistant Multiple form factors of tokens

50. 50 RSA DLP Endpoint – protecting data at the endpoint DLP Enterprise Manager DLP Enterprise Manager Unified Policy Mgmt & Enforcement Incident Workflow Dashboard & Reporting User & System Administration DLP Endpoint Discover Local drives, PST files, Office files, 300+ file types Enforce Allow, Justify, Block on Copy, Save As, Print, USB, Burn, etc.

51. RSA enVision servers storage applications / databases security devices network devices Simplifying Compliance Compliance reports for regulations and internal policy Auditing Reporting Enhancing Security Real-time security alerting and analysis Forensics Alert / correlatio n Optimizing IT & Network Operations IT monitoring across the infrastructure Visibility Network baseline Purpose-built database (IPDB) RSA enVision Log Management platform

52. enVision Dashboard – VMware Events and Activity

53. 53 Managing Changes and Configurations – Ionix Server Configuration Manager Pre-built compliance toolkits Multi-platform server and desktop compliance Virtualization support – Managing guest-to-host relationships – Benchmark for compliance – VMware VirtualCenter plug-in Change and configuration management Remediation Patch and vulnerability management

54. 54 Managing Changes and Configurations – Ionix Server Configuration Manager Discover Configuration of Virtual Desktops Establish a standard virtual desktop configuration and centrally enforce compliance to this standard Ensure that latest security updates and patches are applied – Verify that required software agents are installed, properly configured, and are running on the endpoint – Verify that the proper software services are installed, appropriately configured, and running on the endpoint – All virtual desktops must be provisioned such that they belong to the organization’s Windows domain

55. 55 RSA Capabilities for Virtualization Security RSA Solution for VMware View RSA Solutions for Virtual Data Center Use Case Scenarios

56. Gateway to infection and theft – 35% of infected PCs had up-to-date antivirus software installed. (3) – Malware, typically contracted through web browsing, contributed to 82% of records compromised in 2009 (4) Today’s Endpoint Security Challenges Source: (1) Gartner, Inc. (2) OSF Data loss DB (3) Panda Labs (4) Verizon Business Expensive but still vulnerable – 60% of the security budget is consumed by endpoint security software (1) – Lost or stolen laptops is the largest single source of breaches (2) Fraudsters Virtual Data Center Online Banking, Social Networking e-Commerce, etc. Physical endpoint

57. Security Considerations for VMware View Extend security controls to third party desktops – Temporary, outsourced or contractor personnel – Mobile worker laptops Quickly provision and secure new internal desktops – Mergers & acquisitions Capture event data and audit logs to ensure compliance across the virtual stack Centralized firewall controls across all desktops (vShield zones) Granular control of removable NAS devices

58. RSA Solution for VMware View 58 RSA enVision for security monitoring and reporting RSA SecurID for remote authentication RSA SecurID for remote authentication RSA DLP for protection of data in use RSA DLP for protection of data in use Ionix SCM for security config and patch management RSA enVision Log Collector For VMware vCenter RSA enVision Log Collector For VMware vCenter Clients VMware Infrastructure VMware View Manager VMware vCenter Active Directory RSA SecurID for ESX Service Console and vMA RSA SecurID for ESX Service Console and vMA

59. RSA SecurBook for VMware View RSA Solutions Multi-product solutions Validated in the RSA Solutions Center RSA SecurBooks Guides for planning, deploying, and administering RSA solutions. Comprehensive reference architecture, screenshots, practical guidance 59

60. 60 RSA Capabilities for Virtualization Security RSA Solution for VMware View RSA Solutions for Virtual Data Center Use Case Scenarios

61. Transforming Security with Virtualization Today: Most security is enforced by the OS and application stack Storage Virtual Infrastructure (including hypervisor) Virtual Infrastructure (including hypervisor) VDC Services Layer vApp and VM layer Security Management & Reporting Compute Network RSA’s vision: Surpass the levels of security possible in today’s physical infrastructures by pushing information security enforcement down the virtual stack

62. Security Challenges in the Virtual Data Center 62 Control access to sensitive data in an increasingly fluid virtual machine environment Strong authentication of privileged users Ease of integration with existing security operations Full visibility into security-relevant events across the virtual stack for compliance reporting Symmetrix V-Max CLARiiON Cisco UCS Cisco Switches VMware Virtualization Server Network Storage Security Cisco UCS

63. Vblock: A New Way of Delivering IT to Business Production-ready – Pre-integrated, tested and modular packages of virtualized infrastructure Best of breed technologies – Compute: Cisco UCS – Network: Cisco Nexus family, Cisco MDS 9000 series – Storage: EMC Symmetrix V-Max or EMC Unified Storage (Celerra and CLARiiON) – Hypervisor: VMware vSphere 4 – Management: Cisco UCS Manager, EMC Ionix Unified Infrastructure Manager, VMware vCenter – Security: RSA

64. RSA’s Approach to Securing Vblock Extend customer’s existing RSA investments to the virtual infrastructure and deliver new capabilities Layer onto Vblock architecture: – User authentication – Compliance monitoring and reporting – Infrastructure security – Data loss prevention Validate RSA with Vblock Infrastructure Packages in the VCE Lab 64

65. RSA’s Approach to Securing Vblock 65 1) Secure the core Vblock platform (VMware, Cisco, EMC components) 2) Secure each application validated with Vblock (e.g., VMware View, SAP) 2) Secure each application validated with Vblock (e.g., VMware View, SAP) Central Security Management and Reporting

66. 1. Secure the Core Vblock Platform 66 Secure Administrative User Access RSA SecurID authentication for: ESX Service Console vSphere Management Assistant Security Monitoring & Reporting RSA enVision monitoring for: vSphere EMC Symmetrix and CLARiiON storage Cisco UCS Validated with VBlock

67. 1. Secure the Core Vblock Platform 67 Vblock VMware vSphere Cisco UCS EMC Storage vSphere Management Assistant RSA enVision Security and compliance officer VMware administrator Strong authentication before access to ESX Service Console and vSphere Management Assistant Comprehensive visibility into security events Security incident management, compliance reporting RSA SecurID

68. 2. VMware View on Vblock 68 RSA enVision for security monitoring and reporting RSA SecurID for remote authentication RSA SecurID for remote authentication RSA DLP for protection of data in use RSA DLP for protection of data in use Ionix SCM for security config and patch management RSA enVision Log Collector For VMware vCenter RSA enVision Log Collector For VMware vCenter Clients VMware Infrastructure VMware View Manager VMware vCenter Active Directory RSA SecurID for ESX Service Console and vMA RSA SecurID for ESX Service Console and vMA Validated with VBlock

69. RSA SecurBook for VMware View RSA Solutions Multi-product solutions Validated in the RSA Solutions Center RSA SecurBooks Guides for planning, deploying, and administering RSA solutions. Comprehensive reference architecture, screenshots, practical guidance 69

70. Summary: RSA in VMware En RSA SecurID for user and administrative access to VMware View, ESX Service Console and vSphere Management Assistant RSA enVision for monitoring and reporting on the entire virtual stack (vBlock; vSphere, Cisco UCS, EMC storage) RSA DLP, enVision, SecurID and Ionix Server Configuration Manager for VMware View (on Vblock or any other platform) EMC Consulting services 70

71. 71 RSA Capabilities for Virtualization Security RSA Solution for VMware View RSA Solutions for Virtual Data Center Use Case Scenarios

72. Lost Laptop Applying a patch to a production system Unauthorized Administrator 72

73. Scenario: The Lost Laptop 73 Secure Network SSL + SecurID Virtual Desktop No USB or only secure USB allowed No Internet access (vShield Zones enforced) Fully logged by RSA enVision throughout the process Sensitive Data is never out of datacenter control

74. Scenario: Applying a patch to a production system Production Physical HostTest Physical Host HR Application Server VM HR Database Server VM HRDB Name, SSN, DoB, etc HR Application Server VM HR Database Server VM HRDB Name, SSN, DoB, etc PATCH Step 1. Clone virtual environmentStep 2.Test Patch Step 3. Apply Patch to production environment Is this an authorized procedure? Is the test environment sufficiently protected & controlled? Who accessed the data in the test environment? Was the VM destroyed after it was used? A common way to apply patches is to try them out in a test environment. In a virtual world you can clone the system, data and all This is difficult and time- consuming in a production environment, but very easy in a virtual environment

75. Scenario: Applying a patch to a production system Production Physical HostTest Physical Host HR Application Server VM HR Database Server VM HRDB Name, SSN, DoB, etc HR Application Server VM HR Database Server VM HRDB Name, SSN, DoB, etc PATCH Step 1. Clone virtual environmentStep 2.Test Patch Step 3. Apply Patch to production environment RSA enVision VM Cloned Patch Applied VM Deleted Fully Audited Process Out of policy? RSA enVision can log the administrative activity from vCenter, like the VM being cloned If this is out of policy we can alert a security analyst If the test environment is properly protected, then it will also be monitored by RSA enVision

76. PCI Physical server Scenario: Unauthorized Administrator PCI Physical server Store Management Windows VM Transaction DB Credit Card numbers Transaction Management Application RSA enVision VM Moved by kpbrady Active Directory Authorized PCI Admin? In a PCI environment, you need to validate that only authorized administrators are modifying the system Suppose permissions are set up incorrectly, and an unauthorized administrator can move a VM RSA enVision logs what activities were performed and by whom If the administrator is not authorized, RSA enVision can alert a security analyst RSA enVision can check against a “watchlist” of authorized PCI administrators

77. Why RSA? Centralized Approach to Policy Management The infrastructure to manage key security services centrally Services to Help you Manage Risk Services to help you mature your processes while you virtualize Visibility Across Identity, Infrastructure and Information Monitor, audit and report across both physical and virtual IT environments Secure VMware with Market Leading Products From the virtual desktop to datacenter and validated on VCE’s Vblock Built-in Expertise …about regulations, threats and best practices. Built by teams of experts.

78. Learn More RSA Security Brief: – Security Compliance in a Virtual World http://www.rsa.com/node.aspx?id=1212 http://www.rsa.com/node.aspx?id=1212 RSA SecurBook for VMware View – A Guide for Deploying and Administering the RSA Solution for VMware View https://www.rsa.com/go/Securbook/Securbook_VM_land.htm https://www.rsa.com/go/Securbook/Securbook_VM_land.htm EMC white papers: – Securing the Virtual Information Infrastructure - Technology Concepts and Business Considerations (available 2/25/10) – Building the Virtual Information Infrastructure -Technology Concepts and Business Considerations http://www.emc.com/collateral/hardware/white-papers/h6721- building-virtual-information-infrastructure-wp.pdf http://www.emc.com/collateral/hardware/white-papers/h6721- building-virtual-information-infrastructure-wp.pdf

79. Thank you!

80. 80 © Copyright 2010 EMC Corporation. All rights reserved. WHITE BOARD SESSION

81. 81 © Copyright 2010 EMC Corporation. All rights reserved. RESOURCES – NEXT STEPS Seminars  Mar 4- Controlling Change, Configuration & Compliance Costs in Physical, Virtual and Cloud Worlds, PhoenixControlling Change, Configuration & Compliance Costs in Physical, Virtual and Cloud Worlds  Mar 11- EMC DeDupe Seminar, PhoenixEMC DeDupe Seminar  May 10-13- EMC World, BostonEMC World Webinars Mar 3 -Speed and Extend Your Virtualization Initiatives (Part of a Series)Speed and Extend Your Virtualization Initiatives (Part of a Series) Mar 4- EMC's IT Virtualization Journey - Updated (Part of a Series)EMC's IT Virtualization Journey - Updated (Part of a Series) Mar 4- SharePoint Storage Design Guidance and Virtualization Best Practices (Part of a series)SharePoint Storage Design Guidance and Virtualization Best Practices (Part of a series) Resources EMC's Journey to the Private CloudEMC's Journey to the Private Cloud (this is our internal journey) EMC and VMware Solution TracksEMC and VMware Solution Tracks (whiteboard sessions) EMC Solutions for VMware