Each VEN provides visibility into the inner workings of the workload, which helps the PCE build an accurate application dependency map. The VEN programs the native enforcement capabilities that already exist within the workload and acts as a sensor that detects and alerts for policy violations.
No matter the heterogeneity of your compute footprint, the Adaptive Security Platform® delivers live visibility and micro-segmentation from a single control plane. VENs can be deployed on workloads running a variety of operating systems, including Windows, Linux, AIX, and Solaris—agnostic of the underlying infrastructure such as bare-metal servers, virtual machines, public cloud instances, or containers, and irrespective of on-premise data center, public/private cloud, hybrid, or multi-cloud locations.
The VEN takes the rules computed by the PCE and programs the existing native Layer 3/Layer 4 stateful firewall in the workload. This approach enables you to maximize your existing infrastructure investments instead of having to re-architect the entire environment and acquire new networking infrastructure or data center firewalls.
The PCE is in communication with each VEN and automatically re-calculates and transmits any firewall rule changes to the impacted VENs when the application changes (for example, IP changes, disaster recovery, or new versions). This ensures policies are enforced consistently and accurately in the face of a dynamic application environment.