The SANS Institute has awarded the Los Alamos National Laboratory the 2011 U.S. National Cybersecurity Innovation Award for its innovative use of vShield and other defense tools that represent a breakthrough model for securing virtual computing and private cloud deployments.

As federal agencies and commercial organizations move quickly to take advantage of cloud computing, they are also concerned about the increasing risk of cyber-attacks. A large fraction of these cloud computing initiatives rely on VMware to manage the virtual computers which are deployed in the cloud environment. VMware has been pushing for its customers to shift toward the vShield architecture which offers ways to use built-in application firewalls through what's known as vShield Zones, or to use vShield App, the hypervisor-based application-aware firewall for the virtual data center. The vShield App uses application-aware firewalling installed on the vSphere host to control and monitor all network traffic on the host.

Los Alamos National Laboratory was able to use vShield to create the Infrastructure on Demand cloud platform featuring inventive cloud security and automation architecture. They have deployed a private cloud that allows their organization to offer infrastructure as a service to Los Alamos researchers. Los Alamos has cut a 30-day server provisioning process down to 30 minutes, and in its first six months, the service was used to provision more than 700 virtual machines.

Key features of the Infrastructure on Demand program includes:

  • Automated provisioning of workloads into secure enterprise enclaves
  • Mapping physical security into a virtual security model using VMware vShield
  • Employing automated remediation features to offline non-compliant workloads
  • Extension of a private cloud security framework