Understanding the vGW Security Design VM Introspection Image Enforcer Feature

The vGW Security Design VM Introspection module provides a constellation of information that allows you to monitor the software installed in MS Windows and Linux guest virtual machines (VMs). It gives you deep knowledge into the state of a VM and the applications flowing between VMs, and how they are used. It can tell you the operating system versions and the services patches versions that are installed on VMs. It presents this information to you through graphical summary comparisons and detailed statistics in table format about the installed software. To facilitate management of this large amount of information and to enable you to pro-actively classify applications, the vGW Series provides an Introspection feature called the Image Enforcer.

Central to the Image Enforcer feature is the concept of a Gold Image. A Gold Image is a template from which VMs are derived, but it can also be an active guest VM (VM). The template or VM has a valid and desirable configuration. When it is identified as a Gold Image, the VM is elevated to the level of a model VM configuration.

You use the Enforcer Profiles tab to create a profile for which you can select a Gold Image. In the profile, you also specify the VMs to be compared against the Gold Image and parameters that qualify the comparison. You can allow VMs to deviate from the Gold Image in various ways.

When a template is used as a Gold Image, usually the VMs that are derived from it are compared against it–for example, you might want to determine how much and in what ways their configurations have been changed–but you can specify any VMs to compare.

You can direct the vGW Security Design VM to take certain actions based on the outcome of the comparison. For example, you can direct it to quarantine noncompliant VMs. VMs that are quarantined are viewable in the Image Enforcer screen and the Main module’s Quarantine screen. From the Quarantine screen, you can release a quarantined VM, for example, and modify it to reinstate it as a valid VM or to perform other kinds of remediation. For details on the Main module’s Quarantine tab, see Understanding the vGW Series Main Module.

You can use the Image Enforcer tab to view a summary of the comparison results and gain an overall sense of the compared VMs’ conformance to the Gold Image. You can also view a bar graph specific to a particular VM to see the degree to which it conforms.

There are many ways in which to use the Image Enforcer feature, for example:

Consider another case. Suppose you want to use a template as a Gold Image whose configuration is approved by auditors for PCI compliance, and call that Gold Image PCI-Win-Template. You could then compare the VMs belonging to the Win-PCI-Servers and PCI-Desktop VMs groups against the PCI-Win-Template Gold Image. As part of the comparison criteria, you might specify that applications classified as “known” are allowed. Although the Gold Image configuration does not contain them, a VM whose configuration contains these known applications would not violate the comparison conditions.

The vGW Series automatically creates a compliance rule for each Gold Image that is a template. By default, it inspects the VMs derived from the Gold Image, and it generates an alert when the compliance state changes.

You can specify when the vGW Series should scan the VMs–when specific events occur or against a defined schedule that you create using the Scheduling tab. You can also limit the number of concurrent scans.

Related Documentation