Skip to main content

AWS Solutions Library

Guidance for Security Compliance and Assurance of VMware and Amazon EC2 Workloads

Overview

This Guidance helps you gain visibility into all workload types through integration with Caveonix Cloud. This visibility can help you better understand your security compliance and assurance posture. When security findings are detected, this Guidance provides the ability to automate remediation so you can maintain your security stance. Additionally, you can easily share findings with necessary stakeholders, ranging from data analysts to audit teams to a Chief Security Information officer (CISO).

How it works

This architecture diagram shows you how to monitor security compliance and assurance for VMware, AWS, and hybrid workloads.

Download the architecture diagram

Well-Architected Pillars

The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.

This Guidance integrates with Security Hub in a bi-directional manner by passing findings and configuration information between Security Hub and Caveonix Cloud. This provides visibility across cloud and on-premises infrastructure. Caveonix Cloud brings additional scanning capabilities to AWS tools such as Security Hub by extending operational visibility to both data center and other cloud workloads.

Read the Operational Excellence whitepaper

Security Hub provides aggregation of findings and reporting on security and compliance. The Guidance enhances this security posture by integrating findings from non-AWS systems. Compliance is continuously updated, and reporting is provided self-service to all data consumers, from the CISO to audit teams.

Read the Security whitepaper

VMware Cloud on AWS and Caveonix Cloud provide a cluster for the virtual machines, consisting of two or more physical EC2 hosts. In the event of failure, the virtual machines can fail over to the alternative running host.

Read the Reliability whitepaper

VMware Cloud on AWS has the ability to democratize advanced technologies by offering management of the VMware Software Defined Data Center (SDDC). This includes patch management and secure operations of this software stack, helping you to focus on your business and application layer, rather than the software and underlying AWS-hosted infrastructure. You can offload your VMware infrastructure management tasks with the confidence that VMWare Cloud on AWS manages VMWare workloads in a way that is aligned to VMWare management best practices.

Read the Performance Efficiency whitepaper

Caveonix Cloud allows you to maintain both your VMware virtual machines and EC2 instances within AWS. This SaaS offering can also be extended into on-premise data centers, providing one common tool to maintain and enforce your security and compliance posture. A central view of all assets mapped to related applications provides a global view across cloud and data center environments. This allows you to track resource usage, identify orphaned systems, and provide configuration management governance so you can identify opportunities for cost optimization across all workloads.

Read the Cost Optimization whitepaper

The AWS data centers that host the services in this Guidance have been designed to offer a lower carbon footprint compared to traditional, on-premises data centers. AWS data centers are optimized for sustainability and scale resources based on demand.

Read the Sustainability whitepaper

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.