vGW Series
Juniper vGW Series is a comprehensive, hypervisor-based virtualization security solution for virtualized data centers and clouds that gives full visibility and granular access control over all traffic flowing through virtual machines.
Data Center Security Demo
Security and compliance concerns are first-order priorities for virtualized data center and cloud deployments. vGW Virtual Gateway is a comprehensive security solution for virtualized data centers and clouds that is capable of monitoring and protecting virtualized environments while maintaining the highest levels of VM host capacity and performance. vGW includes a high-performance hypervisor-based stateful firewall, integrated intrusion detection (IDS), and virtualization-specific antivirus (AV) protection.
vGW provides complete virtual network protection. Its VMsafe-certified virtualization security approach, in combination with “x-ray” level knowledge of each virtual machine through virtual machine introspection, gives vGW a unique vantage point in the virtualized environment. vGW can monitor each VM and apply protections adaptively as changes to the VM configuration and security posture make enforcement and alerts necessary.
vGW Architecture
vGW delivers total virtual data center protection and cloud security through visibility into the virtualized environment, multiple layers of protection, and a complete set of compliance tools.
- Visibility: vGW has a complete view of all network traffic flowing between VMs, and a complete VM and VM group inventory, including virtual network settings. It also has deep knowledge of all VM states, including installed applications, operating systems, and patch level, through virtual machine introspection.
-
Protection: Layers of defenses and automated security are provided through a comprehensive package that includes a VMsafe-certified, stateful firewall. This hypervisor-based firewall provides access control over all traffic using policies that define which ports, protocols, destination and VMs, should be blocked.
In addition, an integrated intrusion detection engine inspects packets for the presence of malware or malicious traffic and sends alerts as appropriate. Finally, virtualization-specific AV protections deliver highly efficient on-demand and on-access scanning of VM disks and files with the capability to quarantine infected entities.
-
Compliance: Enforcement of corporate and regulatory policies is as much an IT imperative for virtualized workloads as it is for physical ones. The compliance functionality of vGW includes monitoring and enforcement of segregation of duties, business-warranted access, and ideal/desired VM image or configuration. vGW can continuously monitor and optionally restrict VM access so that it is limited by application, protocol, and VM type. It even monitors administrative roles, providing correct segregation of duties.
vGW also synthesizes virtual machine introspection and vCenter information to create “smart group” policies, which ensure that VMs of a specific type are automatically secured with the appropriate internal or regulatory policy. Finally, the VM Enforcer feature can ensure that any deviation from a VM “gold” image triggers an alert or a VM quarantine in order to reduce the risk associated with configuration errors.
| Feature | Benefits |
|---|---|
| Stateful virtual firewall | Granular access control and VM isolation via policy enforcement for groups and individual VMs |
| VMsafe implementation | Certified hypervisor-based security processing for breakthrough performance with more than 10x the throughput of non-VMSafe fastpath virtual firewalls |
| VM Introspection |
X-ray view of VMs and their installed OSes, applications and services |
| VM Image Enforcer | Enforcement of the desired or ideal VM configuration with options for alerting and/or quarantining for VMs whose image deviates |
| Virtualization-specific antivirus (AV) | On-demand and on-access scanning of VM disks and files with quarantining of infected entities |
| Intrusion detection system (IDS) |
Selectable, protocol and application-specific deep-packet inspection of allowed traffic for malware detection |
| Smart Groups | Automated VM security for newly created or replicated VMs |
| Network monitoring | Visibility and comprehensive auditing of inter-VM and intra-VM communications and Netflow-style data collection |
| Highly scalable central management | Synchronization of security policies across vGW management centers for large-scale virtualization |
300 KB ]
|
The vGW Series is a software package sold on a perpetual licensing model. Customers purchase a number of vGW security virtual machine licenses corresponding to the required number of VM host CPU sockets. They also buy a license for the vGW management server.
To receive feature updates, customers are required to purchase software maintenance and support on an annual basis. Adding VM hosts with additional CPUs also requires the purchase of additional vGW security modules.
| Part Number | Description |
|---|---|
| ALTOR-CENTER-1 | Central management center |
| ALTOR-SVM-ADD-2 | Security VM License for 2 CPU Sockets |
| ALTOR-SVM-ADD-10 | Security VM License for 10 CPU Sockets |
| ALTOR-SVM-ADD-20 | Security VM License for 20 CPU Sockets |
| ALTOR-SVM-ADD-50 | Security VM License for 50 CPU Sockets |
| ALTOR-SVM-ADD-100 | Security VM License for 100 CPU Sockets |
| ALTOR-HA-ADD-2 | High Availability License for 2 CPU Sockets |
| ALTOR-HA-ADD-10 | High Availability License for 10 CPU Sockets |
| ALTOR-HA-ADD-20 | High Availability License for 20 CPU Sockets |
| ALTOR-HA-ADD-50 | High Availability License for 50 CPU Sockets |
| ALTOR-HA-ADD-100 | High Availability License for 100 CPU Sockets |
