Chapter 2. Introducing the IBM Security Network IPS solution 51
IBM Security Network Active Bypass
IBM offers external bypass units that can be used with its Network IPS devices.
These bypass units ensure that the network remains functional and users have
unimpeded access to important applications if the IBM Security Network IPS
appliance fails for any reason. The bypass units make sure that the network
traffic is only sent through the IBM Security Network IPS as long as the IBM
Security Network IPS is operating normally. If a failure is detected, then the IBM
Security Network IPS is bypassed.
2.2.4 Virtual Network IPS appliances
As part of the overall IBM Security Network IPS portfolio, two virtual appliances
are available, the GV200 and GV1000. They are provided as preconfigured
virtual machine (VM) packages.
Deploying an IBM Security Network IPS Virtual Appliance provides the following
benefits:
򐂰 Inheritance of the lower total cost of ownership (TCO) realized in a virtual
environment
For more information about why to use virtual solutions, see the white paper
Why Choose VMware at:
http://www.vmware.com/files/pdf/vmware_advantage.pdf
򐂰 IBM Security X-Force powered protection in a virtual environment
򐂰 Lowered complexity with centralized operations
򐂰 Protection of web applications, web server, and browsing clients
The following virtual interfaces are automatically created during the installation
process:
򐂰 TCP reset port, which is optionally used for resetting TCP connections when
the VM is configured in passive mode
򐂰 Management port, which is used for connection to IBM Security SiteProtector
and the LMI
򐂰 Two inspection or monitoring ports
To understand the system requirements of the server onto which you are
deploying these products, see the System Requirements for IBM Security
Network IPS Virtual Appliances guide in the IBM Security Network Intrusion
Prevention System Information Center at:
http://publib.boulder.ibm.com/infocenter/sprotect/v2r8m0/index.jsp?topi
c=/com.ibm.ips.doc/IBMSecNetIPS_landing_page.html
52 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
Figure 2-11 shows a deployment in which the virtual appliance provides
protection to the cluster of VMs. Other deployment scenarios, such as bridging
two physical networks, are also possible.
Figure 2-11 Single virtual appliance on a physical server protecting a virtual server farm
IBM also offers a more advanced solution for providing intrusion prevention in
virtual environments. The IBM Security Virtual Server Protection for VMware
offers integrated threat protection for VMware ESX and VMware ESXi. It provides
protection for
multiple layers of the virtual infrastructure, including the protection
on the virtual network (which the IBM Security Network IPS Virtual Appliance can
Monitoring limits: Unlike the physical appliances, the virtual appliances have
only
two monitoring (sensor) ports.

Get Network Intrusion Prevention Design Guide: Using IBM Security Network IPS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.