What Is Flow

Overview

Flow provides Security/Microsegmentation of VMs on AHV, with Centralized Management (Prism Central) + Distributed Enforcement (Per Node), Application Centric Policy Management using Categories (Logical Grouping), Rich Visualization, and Automation (APIs).

What is the State of Things Today

Why Microsegmentation?

../_images/what_is_flow_01.png

Securing HCI with Flow + Microsegmentation

../_images/what_is_flow_02.png

Flow: Under the hood

  • No Change to Physical Infra
  • Flow comes with Native AHV/OVS nothing to install
  • Group VMs based on App Topology (independent of Physical Infra, VLANs, Subnets)
  • Define Policies for the Web, App and DB Policies automatically applied to all existing and new VMs in the group Rules are pushed for local enforcement on each node
  • Centrally Manage, Operate, Govern
../_images/what_is_flow_03.png

Why Flow?

../_images/what_is_flow_04.png

Use Case: App Segmentation

../_images/what_is_flow_05.png

Use Case: VDI Microsegmentation

../_images/what_is_flow_06.png

Use Case: Network & Security Automation

../_images/what_is_flow_07.png

Isolation Policy

  • Isolation - Isolation policies restrict two defined groups of VMs from communicating with each other
../_images/what_is_flow_08.png

Application Security Policy

  • Application - Flexible security policy, defining both inbound traffic sources and outbound destinations for a single or multi-tiered application.
../_images/what_is_flow_09.png

Quarantine Policy

  • Quarantine - Programmatic or manual restriction of network connections
../_images/what_is_flow_10.png