Secure Application Delivery
Deploying reusable application security models
Catbird vSecurity® TrustZones(TM) allows the security architect to develop reusable application security models. Each model can have different configurations for the control components, as required for the security and compliance regulations that cover the data processed by that particular application. By selecting different policies on a TrustZone or group of TrustZones, the security architect is free to “dial-in” information security and compliance features as required.
Simple TrustZone models support rapid secure application delivery and can implement levels of information security controls never before possible with standalone or non-integrated siloed hardware based security solutions.
Enterprise applications share typical application deployment architectures based on application functional tiers. For example, a three-tiered application will include a client or user tier, an application tier, and a database tier. When considering secure application delivery, the security architect can leverage this application structure with Catbird TrustZones to model the application’s network connectivity requirements with a replicable security model. Once the model is created, multiple applications can use the same security model and be deployed with network security controls and real time compliance monitoring at levels never attainable without virtualization and software-defined security technology.
Once the model is defined, the security architecture places virtual machine assets into TrustZones either manually or by automated methods such as by VM name.
In the security architecture example above, the security architect is securing both application specific workloads and datacenter service workloads with Catbird TrustZones. The corresponding TrustZone Access Control List to protect the application is provided below.
The firewall configuration is abstracted with TrustZones allowing ACL inheritance, as assets are added to the TrustZones via manual or automated methods. IP addresses are unnecessary as the Virtual Infrastructure Monitor control component automatically monitors IP address changes and adjusts the IP based ACLs in vCNS App.
Firewalling and network connection auditing is provided through VMware® vCNS App firewall and Catbird vSecurity network flow monitoring respectively. Additional controls such as IPS, Vulnerability Scanning, and Layer 2 Network Access Control (NAC) are not shown in this example, but are available in Catbird vSecurity. Datacenter virtual workloads may be combined in many different ways to provide automated security control configurations and real-time compliance measurements with logical zoning based on Catbird TrustZones.