Home Applications Reflex Systems Announces Dynamic Policy Enforcement for Reflex VMC

Reflex Systems Announces Dynamic Policy Enforcement for Reflex VMC


Leverages VMware’s VMsafe to go beyond the ‘virtual firewall’ and enforce datacenter policy in local, enterprise and cloud environments

Reflex Systems, the pioneer in virtualization management and security, today announced the availability of Reflex vTrust™, dynamic policy enforcement for Reflex VMC (Virtualization Management Center).  vTrust leverages the VMsafe component of VMware’s new vSphere 4 release to go well beyond the virtual firewall, to provide dynamic policy enforcement at the kernel level of the hypervisor across the entire virtual datacenter, whether the virtual environment is hosted locally or internal and external cloud environments. 
 “Virtual environments are dynamic by nature, and policy management solutions must adapt elastically to infrastructure changes” said Reflex CEO, Pete Privateer.  “Reflex vTrust enables administrators to create and enforce not just security rules but the more general case of data center policies and best practices.  vTrust helps automate data center operations across all virtual resources whether in the corporate data center or hosted in the cloud. This, in turn, leads to improved efficiency through data center automation and reduced IT staffing costs, while ensuring compliance with corporate policy and government mandates.”
Reflex’s dynamic policy enforcement solution goes beyond the conventional notion of ‘purpose-built firewalls’ that simply monitor and control traffic between virtual machines or implement static security policies at the virtual machine level.  Reflex provides true data center policy enforcement across the entire virtualized infrastructure.  vTrust provides, asset classification, virtual trust zones, dynamic network control, and adaptive roaming policies that move with assets regardless of physical location, or network connection. Reflex’s partnership with VMware enables the company to leverage their VMsafe program to enforce network policies at the kernel level in vSphere.
Ken Owens, Technical Vice President of Security and Server Technologies of Savvis, a leading provider of managed IT infrastructure and cloud computing solutions said, “Due to the nature of VMs, virtual infrastructure environments can change quite often, several times a day.  Traditional security and policy enforcement techniques are challenging to apply under these conditions.  The addition of the VMSafe program is crucial to VMware’s virtualization initiative because it enables solutions like Reflex’s vTrust to give us the technology to properly enforce policies in such a dynamic environment, whether the virtual environment is local or in the cloud.”
Reflex’s addition of dynamic policy enforcement through vTrust enables IT organizations to create and enforce virtualization policies and manage the virtual enterprise based on existing organizational business processes.  Administrators can utilize vmTagging TM (Virtual Meta Tagging) to organize and group virtual assets and then define policy or best practice based on the asset properties or classification.  Polices based on vmTags TM are automatically updated as the environment changes, allowing policy to be just as agile as the virtual environment it protects.
By using this innovative classification method, Reflex VMC is now able to tag and track virtual resources for security and management purposes as they are added to the virtual environment.  Unlike other virtual security products, which define firewall rules based on more volatile virtual properties such as IP address or MAC address, Reflex’s vmTags define policy in terms of object properties of virtual resources that remains with that resource for its entire lifecycle.  Reflex leverages its patent-pending Virtual Query Language™ (VQL) for specifying policies or for natural language queries of the virtual infrastructure.  For example, virtual assets may be classified by line of business, type of application, organization, geographic location, operating system, patch level, or any other taxonomy as required by business processes. 
vTrust features in Reflex VMC include the following: 
  • Dynamic Policy Enforcement and Management– the ability to specify government regulation, corporate compliance, data center policy, best practice or security rules that adapt and move with the virtual assets (virtual machines, virtual network, group of VMs, hosts, clusters, vLAN, etc.) thus policy is enforced regardless of location, type of network connection, or type of virtual switch
  • Policy Extends into the Cloud: vTrust can facilitate and automate the use of cloud and SaaS services by providing a cloud security API that enables enterprises and hosting/cloud solution providers to secure individual virtualization resources in the cloud
  • (VQL)Virtualization Query Language – natural and structured query language that is used to define policy and rules, allowing virtual infrastructure to dynamically adapt to changing needs without requiring a change to the policies.  VQL also enables virtualization administrators to query the virtual infrastructure “on the fly” for any type of information
  • vmTagging (Virtual Meta Tagging) – classify virtual assets based on administrator defined properties. Virtual Policy Tagging is also genetic, enabling clones of virtual assets to automatically inherit policy from parents
  • Virtual Segmentation – create virtual trust zones on shared resources by dynamically partitioning the virtual infrastructure into separate virtual resources with different network communication policies (firewall rules)
  • Virtual Quarantine – enforce data center policy when VMs are provisioned (VMs must meet certain criteria to be allowed on the network). Easily detect rogue or unauthorized guests or virtual machines which do not meet regulatory or compliance requirements
  • Virtual Networking Policies – create and enforce a DMZ, block specific kinds of network traffic between virtual machines (P2P, IM, FTP, etc.), ensure only specific protocols are used on specific ports or networks, etc.
“In the virtual infrastructure you can’t just drop a firewall in the environment and hope for the best. You must be able to track all dynamic resources throughout the entire virtual enterprise as changes occur in the environment,” said Hezi Moore, CTO of Reflex Systems. “Our dynamic policy enforcement functionality goes well beyond a simple virtual firewall.  Reflex’s vTrust technology provides a dynamic solution based on the nature of virtualization as it is used by operations and security managers.”
About Reflex
Reflex Systems is the industry leader in virtualization management and security.  Reflex VMC (Virtualization Management Center) dramatically increases the visibility, management and security of an organization’s virtual infrastructure. Purpose-built on a strong security foundation, VMC provides the essential tools needed to enforce dynamic infrastructure policy in virtualized data centers. Reflex VMC provides infrastructure discovery and visualization, timeline-based management, application/services discovery, network security, performance, lifecycle management and dynamic policy enforcement.  Reflex VMC supports VMware’s ESX server, Citrix’s XenServer, and Microsoft’s Hyper-V virtual server environments. Reflex Systems is based in Atlanta, Georgia and is privately held. For more information, including a trial download of Reflex VMC, visit www.reflexsystems.com.
Reflex Systems is a registered trademark of Reflex Systems LLC. All other marks are property of their respective owners.
Media Contact
Jason Smith
ZAG Communications
DABCC DABCC.com, the world leader in sharing the finest Virtualization & Cloud news and support resources. #Citrix, #VMware, #Microsoft, #Mobility and much more! Brought to you by @douglasabrown & team!

Featured Resources:

Related Articles:


White Papers

    Application Lifecycle Management with Stratusphere UX – White Paper

    Enterprises today are faced with many challenges, and among those at the top of the list is the struggle surrounding the design, deployment, management and operations that support desktop applications. The demand for applications is increasing at an exponential rate, and organizations are being forced to consider platforms beyond physical, virtual and cloud-based environments. Users […]


      Download Commvault VM Backup and Recovery: end-to-end VM backup, recovery and cloud management

      Commvault’s ability to provide end-to-end VM backup, recovery and cloud management creates a significantly better way to build, protect and optimize VMs throughout their lifecycle. Our best-in-class software for VM backup, recovery and cloud management delivers a number of significant benefits, including: VM recovery with live recovery options; backup to and in the cloud; custom-fit […]

      On-Demand Webinars

        What’s Going on in EUC Printing – A Technical Deep Dive!

        The IGEL Community and ThinPrint invite you to watch the following technical deep dive webinar. The agenda is to technically bring you up to speed on what’s going on in the EUC Printing space today along with a deep dive into new methods, technologies, printing scenarios and a discussion on why printing still matters. You […]

        Latest Videos

          Views All IT News on DABCC.com
          Views All IT Videos on DABCC.com
          Win big $$, visit ITBaller.com for more info!

          Visit Our Sponsors