7 min read

Securing Workloads from Private Cloud to VMware Cloud on AWS

Shaun Donaldson

February 15, 2018

Securing Workloads from Private Cloud to VMware Cloud on AWS

Realizing True Hybrid Cloud

For IT, combining public and private cloud into a hybrid datacenter has always held tremendous promise. Imagine getting a call from accounting because they unexpectedly need to re-run hardware-intensive workloads for two weeks. The problem is that with all the production workloads running and development stress-testing a major application, your on-premises infrastructure is already being fully consumed; there is simply no capacity left for the accounting team.

Enter VMware Cloud on AWS - the fruit of a partnership between VMware and Amazon Web Services (AWS). Previously, you could forklift workloads to the cloud and bring them back, but it would be challenging because the virtual underpinnings of the environments were very different. If your on-premises Software-Defined Datacenter (SDDC) took advantage of VMware technology, it was difficult to migrate workloads to the public cloud and back, without refactoring apps. Preserving infrastructure settings and management consistency was also a challenge.

VMware Cloud on AWS solves this problem. Today, you could choose to migrate a workload to public cloud, leveraging the on-demand nature and instant scalability of AWS. Perhaps, after accounting has run their intensive workloads, and development has done stress-testing, the workload returns – or maybe you chose to keep it in the cloud. You could also let your dev team create new, cloud-first applications in VMware Cloud on AWS, taking advantage of a multitude of native AWS services.

The bottom line is VMware Cloud on AWS provides options; the agility and flexibility to immediately respond to dynamic business requirements. The security of virtual machines (VMs) and the workloads they run, however, must be equally dynamic and agile, without imposing prohibitive performance penalties and increasing compute costs.

Securing Hybrid Cloud

Securing VMs which are instantiated in one place, and quickly move to another, has been a problem within highly dynamic private clouds for some time. To keep pace with operations, security solutions must integrate with the management components of virtualized infrastructure. The goal of such integrations is to allow security policy to be automatically applied in a contextually aware fashion.

For example, development environments have a different context than public-facing production environments, and therefore different security requirements. Hybrid cloud extends the contextual possibilities to include public-cloud compute resources—and security must keep up.

Bitdefender GravityZone Security for Virtualized Environments integrates with both the on-premises and VMware Cloud on AWS instances of vCenter Server (which are tied together via Hybrid Link Mode, leveraging the same single sign-on domain). A unified GravityZone management console allows security policies which a VM uses to be inherited automatically by leveraging cluster or resource pool objects defined in vCenter.

Beyond point-and-click management integration across hybrid clouds, GravityZone enables a level of infrastructure performance which is not achievable with traditional security. The latter requires a resource-intensive, “heavy” security agent in each VM, encumbering the machine with copies of antimalware engines, signatures, and so-on, resulting in CPU, memory, and IOPS performance burdens. Instead, GravityZone centralizes and deduplicates much of the workload-security threat intelligence at a dedicated Security Virtual Appliance. This frees up hardware resources across public and private clouds, allowing organizations to run more workloads on the same hardware, reducing overall costs.

The business drivers of adopting VMware Cloud on AWS are myriad. Going beyond on-demand capacity, the following use-cases offer a few highlights, including how GravityZone contributes to each.

Disaster Recovery as a Service

A long-standing challenge of executing a full disaster recovery strategy has been the cost of a secondary site. Combining VMware Site Recovery Manager and the on-demand public cloud eliminates this barrier. The protection provided by GravityZone is seamlessly transferred by Site Recovery Manager since GravityZone, a virtual appliance-based solution, is just another VM. As critical workloads are being temporarily transferred to the cloud backup site, they continue to be protected, maintaining policy configurations without any administrative overhead.

Application Migration

The highly performant, virtualization-centric security of GravityZone follows your workloads as they move from on-premises to cloud, or back. GravityZone preserves security-policy consistency throughout workload lifecycles and migrations.

New Application Development and Test

Whether building an application for on-premises deployments, performing stress-testing, taking advantage of AWS services, or simply experimenting, don’t incur the capital costs of on-premises hardware for temporary compute needs when those needs can be met, on-demand, by the cloud. Avoid surprises when developing, testing, and sizing workloads. VMware ensures the SDDC environment is consistent, while Bitdefender provides the same for security.

To learn more about security requirements for SDDC, visit bitdefender.com/sddc. To see how GravityZone, a certified VMware Ready solution, allows organizations to realize the full benefits of hybrid cloud, without sacrificing security, visit the VMware Marketplace.



Shaun Donaldson

Shaun Donaldson is Editor-at-large at Bitdefender Enterprise. Shaun is also responsible for supporting relationships with strategic alliance partners and large enterprise customers, and analyst relations. Before joining Bitdefender, Mr. Donaldson was involved in various technology alliances, enterprise sales and marketing positions within the IT security industry, including Trend Micro, Entrust, Bell Security Solutions and Third Brigade.

View all posts

You might also like