1. © 2014 VMware Inc. All rights reserved. Palo Alto Networks VM-Series for VMware vCloud ® Air TM Next-Generation Security for Hybrid Clouds Palo Alto Networks 24-Aug-2015

2. vCloud Air Security Requirements Cloud environments provide basic security – Security is a shared responsibility between cloud provider and customer – Port and protocol security is not sufficient Cloud environments lack – visibility and control of applications and traffic sources – protection against known and unknown threats (APTs) CONFIDENTIAL2 The VM-Series can be deployed to protect the green highlighted use cases

3. Securing Applications and Data in vCloud Air Step 1: Import VM-Series OVF using vCloud Director or OVF Tool – Deploy the VM-Series behind the Edge Gateway with destination NAT and static routes Step 2: VM-Series as the gateway/perimeter firewall – Protect your public facing deployments in vCloud Air with a next generation firewall Step 3: Securely extend the data center into the cloud – Use the VM-Series to control applications and users accessing the cloud over IPSec Step 4: Protect against lateral threats between subnets and app-tiers – Use the VM-Series to control traffic between vApp subnets in the vDC CONFIDENTIAL3

4. Improving Security in vCloud Air Deployments Identify and control applications – Control applications based on their behavior and identity - not the port they use – Restrict application usage based on user identity - not just IP address Prevent known and unknown threats – Block known exploits, malware and inbound command-and-control communications – Block known malicious URLs and IP addresses – Analyze files and email links to detect previously unknown threats; automatically deliver protections globally Streamline management and policy updates – Single management interface can manage both physical and virtual firewalls Flexible integration options – REST-based API enables integration with 3 rd party ecosystem of partner solutions CONFIDENTIAL4

5. Licensing and Deployment Options VM-Series Next-Generation firewall – Same security features as the physical firewalls – Consistent management interfaces: web UI, CLI, REST API – Manage both physical and virtual versions centrally with Panorama Available through a bring your own license (BYOL) model – VM-Series for ESXi – All SKU’s: VM-100, -200, -300, -1000-HV – Subscriptions: Threat Prevention, WildFire, URL Filtering, GlobalProtect How to deploy – Import VM-Series into vCloud Air just like any other VM – Deploy in L3 mode and add license authcode

6. For Partners: Expand Business Opportunities Leverage a partnership that is multi-level and now 2 years+ old – Executive, product management, field sales and marketing – Proven in the market and in customer deployments Improve customer data center security posture – Visibility and control over applications, not ports – Micro-segmentation using zero-trust principles – Prevent known and unknown threats both North-South and East-West Engage in long term, business critical projects that bring: – Significant architecture and design opportunities – Trusted advisor status and ongoing revenue streams Expand your business partnerships and competencies – Security market is roughly $16B – The 5 year life time value of our customer base is 10X the initial purchase

7. Thank You