Virtual Private Cloud OnDemand Networking Guide
Table Of Contents
Network Security and Secure Access 3
Virtual Private Cloud OnDemand provides features and functions to ensure network security and secure
access to your resources in the cloud.
This chapter includes the following topics:
n
“About Network Security,” on page 27
n
“About Firewall Rules,” on page 29
n
“Add a Firewall Rule,” on page 29
n
“VPN and Remote Networks,” on page 30
n
“About IPsec VPN,” on page 31
n
“About Setting up an IPsec VPN Connection,” on page 31
n
“Set up an IPsec VPN Connection to a Remote Site,” on page 33
n
“SSL VPN for Data Center Extension,” on page 34
About Network Security
Your configuration decisions within Virtual Private Cloud OnDemand have network security implications.
The type of networks you add to Virtual Private Cloud OnDemand and how you connect your virtual
machines to those networks have security considerations as well. Connect your virtual machines to the
appropriate networks based on their security needs.
Table 3‑1. Security Differences Between Network Types
Routed Network Isolated Network
REQUIRED FOR
n
Virtual machines that need access to external networks.
n
Workloads that need to be isolated.
n
Workloads subject to specific security policies; for
example, compliance rules that a particular application
cannot be connected directly to the Internet.
BENEFITS
n
Connecting virtual machines to routed networks gives
those virtual machines access to the networking
services provided by a gateway—firewall, NAT, and
load balancing.
NOTE You can have an instance of a dual NIC on a virtual
machine and can connect one interface of the virtual
machine to the routed network and the other interface to
the isolated network.
n
Isolated networks are not connected to gateways;
therefore, they are ideal for running internal
applications.
n
Virtual machines running applications you want to
isolate from direct Internet traffic, such as your log
servers, tracking servers, and database servers.
VMware, Inc. 27