Understanding the VMware Infrastructure and vGW Series

The Juniper Networks vGW Series runs as integrated software on VMware vSphere servers.

This topic includes the following sections:

Understanding vSphere and the vGW Series

VMware vSphere is a cloud operating system that can manage large pools of virtualized computing infrastructure, including software and hardware. vGW Series components integrate with the VMware vSphere infrastructure to provide security for ESX/ESXi hosts in the virtualized environment. Because the vGW Series is purpose-built to support virtualization, it synchronizes automatically with the VMware vCenter. It uses VMware’s VMsafe interfaces to provide breakthrough levels of security and performance.

Note: Beginning with vGW Series 5.0r2, vGW Series provides support for vSphere 5.0.

Understanding VMware ESX and ESXi Hosts and the vGW Series

VMware ESX and ESXi hosts provide the foundation for building and managing a virtualized IT environment. These hypervisor-based hosts contain abstract processors, memory, storage, and networking resources that are shared among multiple virtual machines (VMs) that run unmodified, diverse operating systems and applications.

vGW Series manages and secures the VMs that run on ESX/ESXi hosts.

The number of IP addresses or VMs that vGW Series can protect is not determined. In any case, a single vGW Security Design VM management center can handle hundreds of hosts and their associated vGW Security VMs, and each vGW Security VM can load thousands of policy rules. However, a vGW Security VM loads only the policy rules that are relevant for the VMs which exist on the host where it resides. You can easily extend the reach of protection for your virtualized environment, if it is exceedingly large, by using the vGW Series Split Center and Multi-Center features, which allow you to scale to accommodate any size requirements.

Understanding VMotion and vGW Series

VMware provides a feature called VMotion that allows for transition of active, or live, VMs from one physical server to another. VMs can be moved from one server to another to perform maintenance operations on a host. Also, they can be moved automatically when VMotion is triggered through VMware’s Dynamic Resource Scheduler (DRS), which is used to evenly distribute system resource usage across physical servers.

Because VMs can be migrated between servers, their security levels can be compromised and lowered from that of the original server to that of the new one. A VM could be migrated to an unsecured zone or one with a lower trust level.

Unlike traditional firewalls, the vGW Series firewall supports live migration by maintaining open connections and security throughout the event. vGW Series ensures that appropriate security for a VM remains intact throughout migration.

Related Documentation