Virtual IPS Sensor deployment

Enterprises are moving towards virtual IT infrastructures such as private and public cloud, virtual data centers for servers, and virtual machines for clients. Security requirements for a virtual network might vary vastly when compared to physical networks. For example, monitoring of peer-to-peer traffic and access control in a virtual network have their own challenges. Based on the network architecture and security requirements, virtual security products are required to protect virtual IT infrastructures. Even for physical networks, virtual security products can bring in savings in terms of cost and space.

A Virtual IPS Sensor (Virtual Sensor) is McAfee's virtual next-generation IPS product. It is a virtual instance of the NS-series Sensor software, which you can install as a virtual appliance on a VMware ESX server. You do not require the Sensor hardware to deploy a Virtual Sensor. Though primarily designed to protect virtual networks, you can deploy a Virtual Sensor to protect physical networks as well.

Note: In this document, the terms Virtual IPS Sensor and Virtual Sensor are interchangeably used.

The Virtual IPS Sensor is available as an OVA image. Open Virtualization Format (OVF) is an open standard across various virtualization platforms, for packaging and distributing the software to be run on virtual machines. An OVF virtual machine consists of a folder containing virtual machine files and a file describing them. An Open Virtualization Appliance (OVA) file is a single compressed file that contains the contents of an OVF folder.

Similar to a physical Sensor, you use a Manager to configure and manage Virtual Sensors. This Manager can be installed on a physical server or on a virtual machine. Also, you can use the same Manager to manage both virtual and physical Sensors including heterogeneous Sensor environments.

A Virtual Sensor supports most of the features that are supported by a physical Sensor. Except for the fact that you deploy Virtual Sensors in a virtual environment, the process of configuring and managing them is similar to that of physical Sensors. Virtual Sensors also function similar to their physical counterparts when it comes to protecting your networks. With the added advantage of being a virtual instance, you can deploy a Virtual Sensor to protect various network architectures. Some of the common scenarios are covered in this document.

You install a Virtual Sensor in an VMware ESX server. Then, you can deploy this Virtual Sensor to inspect traffic between:

  • Virtual machines (VMs) on this ESX server.
  • VMs on different ESX servers and the VMs on this host.
  • Physical machines and the VMs on this ESX servers.
  • Physical networks wherein this ESX server is inline.
Virtual Sensor deployment

To use the information in this document, familiarity with the following might be required:

  • Administration of VMware ESXi hosts including virtual networks within VMware ESXi hosts.
  • Management of guest virtual machines.
  • Installation, configuration, and management of Network Security Sensor and Manager.