Case Study / vArmour

"The beauty of the Ravello platform is we can have as few or as many environments as we want running simultaneously, with no ability for one customer to affect another customer’s environment."
Matthew Ebben, Director Of Worldwide Systems Engineering At vArmour

Case Study Highlights

vArmour is the maker of the world’s first distributed security system that runs across multiple types of compute environments and tightly integrates with data center and network management systems to enable dynamic security.

By hosting demo environments with Ravello, vArmour steamlines deployment processes and can quickly and easily illustrate the value of their products, without the heavy lifting that often accompanies traditional POC activities.

Running labs in Ravello enables vArmour to generage fake malicious traffic patterns without objections from SecOps. Creating this sort of traffic in a hosted environment lets vArmour show the power of their traffic metadata analysis in a way that isn't possible in production environments.

vArmour's distributed security system POCs in data center environments

Say you’re the maker of the world’s first distributed security system; one which runs across multiple types of compute environments and tightly integrates with data center and network management systems to enable dynamic security. Sounds cool, right? Indeed, it is.

However, when said distributed security system leverages a POC process that handles live, production data, how can you help show customers immediate value without the complexity that can come with production change windows, IT governance practices, and VLAN configurations?

Understandably, when you are positioning a Proof of Concept (POC) to be installed in production environments, integrating with production vCenter instances (or other virtualization management solutions) and analyzing or enforcing production traffic, it can cause customer anxiety on the impact it could potentially have on their IT operations.

Because of this, we often find ourselves relegated to lab environments where there is less “interesting” traffic to monitor and show the full value of the product. Compounding this problem is the fact that most lab environments are not treated the same way as production and often have configuration issues that require more time troubleshooting than we expect – causing delays for customers to experience our product.

Nesting vArmour's multiple ESXi-host environments, with VLANs, switches and port forwarding using Ravello

With Ravello Systems’ ability to nest various types of hypervisors in their multi-cloud, multi-tenant virtualization environment, we can now provide customers access to their own “virtualized data center” running vArmour DSS Distributed Security System on AWS and Google Cloud.

We have created a standard Ravello Blueprint image that includes multiple ESXi hosts running a handful of test VMs, each wrapped in its own micro-perimeter by vArmour’s micro-segmentation capability, all under management by VMware vCenter.

VMs are dynamically inserted into the security policy at startup and boot off of an NFS datastore for demonstration of vArmour’s support of fully stateful VM migration, without expensive state synchronization protocols. The virtual switching in use is a mixture of vSphere Distributed Switches and vSphere Standard Switches, as vArmour and Ravello support both switch types.

The VMs in our environment are split up into separate subnets and VLANs, as you typically find in production data centers, and are routed by a separate VM functioning as a lab network router. All of this is accessed by RDP into a Windows Server 2012 Jump box using an obfuscated FQDN and port-forwarding. With this approach, each environment is set up exactly the same, with the same VMs, same access rights, same credentials, etc. The only thing ever provided to a user is an FQDN:port combo and a username/password. Security policy is set in a way which prohibits a user from exporting any VMs, licenses, hypervisors, vCenters, etc. With this configuration, a customer is able to run vArmour DSS the same way they would in their own data center.

With Ravello: Isolated complex customer environments and streamlined POC processes

The beauty of the Ravello platform is we can have as few or as many environments as we want running simultaneously, all completely managed by vArmour, with no ability for one customer to affect another customer’s environment. The other nice thing about having this environment in the cloud is that since it’s not a customer data center, we can generate fake malicious traffic patterns without giving the SecOps guy a heart attack. Creating this sort of traffic in a hosted environment lets us show the power of vArmour’s traffic metadata analysis, specifically, our laterally-moving threat detection and east-west flow visibility, in a way we sometimes are unable to in production environments.

Continuing with Ravello to training labs, QA environments and more

While the initial use case is around streamlining the sometimes complex evaluation point of the security sales cycle, we’ve begun to explore a number of other highly-compelling use cases for the Ravello offering. These include:

  1. On-Demand SE demo/self-education environments
  2. Channel partner on-demand labs
  3. Partner/ISV integration development environments
  4. Training labs
  5. QA system scalability testing environments

By hosting our demo environment with Ravello, we’re able to streamline deployment processes that can present challenges for any organization. These Ravello labs are quick and easy way to illustrate the value of our products, without the heavy lifting that often accompanies traditional POC activities.