vSecurity Virtual Machine Appliances (VMAs)
Technical control integration and security task execution.
Each VMA is a hardened Linux appliance running the technical controls, typically consuming less than 25% of one core. In a dual processor, quad-core blade with two virtual switches, one would typically deploy two VMAs, generating a resource consumption of less than 6% of available resources. The VMA communicates via outbound connections over a FIPS-validated encrypted connection with SSL on port 443. Network loads are minimal. Due to the dynamic nature of security threats both the virtual appliances and the Control Center require continuous updates from Catbird, via file transfer.
The VMAs connects to the virtual switch¹, the vSphere service console and vCNS vShield Manager and executes the following:
- Best-practice network security controls including Firewall Management, Network Access Control, Intrusion Detection and Protection (IDS/IPS), Net Flow monitoring, and Vulnerability/configuration monitoring.
- Virtual Infrastructure Monitoring (VIM) utilizing full hypervisor privileges to enable unfettered monitoring and control. The VMA takes advantage of hypervisor APIs such as VMware vCenter and vCNS for network configuration, access control, monitoring, enforcement and auditing.