Logical Zoning (Catbird TrustZones™)
Logical zoning is achieved through TrustZones.™
vSecurity automatically detects and assigns all VMs into logical policy groups, called TrustZones™. Detection is ongoing and continuous, to ensure that security is maintained regardless of any changes to the VM population. TrustZones are independent of network topology and can span multiple logical or physical data centers.
The following are the steps performed by the TrustZones mechanism:
- Inventory VMs are detected via four independent functions (NAC, Net Flow, Hypervisor events and Port Mapping) and correlated to the Hypervisor VM ID – the only unique identifier for network control in a virtual or cloud system.
- Synchronization During change events, controls are dynamically updated for changes in TrustZone membership. For example, manual/automated motion, or vNIC configurations are automatically detected, triggering policy updates for all affected TrustZones. Firewall rules are synchronized across multiple physical and virtual data centers including secondary sites (in this way, for example, Catbird will federate VMware vCNS App.)
- Visualization Operator response is supported through both TrustZone and VM-based visualization and workflow of alerts, events, segmentation, zone membership and control status.
Logical Zoning with Catbird TrustZones unlocks the power of software defined security. With logical zoning, the virtualization security architect can develop security deployment models based on the “logical” properties of their information processing systems, such as application stack, compliance requirements, and data classification level instead of difficult to manage “physical” properties like Internet Protocol (IP) Address.