Virtual security: Even better than the real thing?
The jury's still out
The edge product is a network gateway that provides firewalling, DHCP, VPN, load balancing, and other typical functions that you’d find in a hardware-based gateway appliance. vShield App protects individual applications hosted in VMs by monitoring network traffic between virtual machines to maintain separation and enforce isolation policies. It’s sort of a virtual ‘air gap’ that takes the place of physically isolating systems. The endpoint package is an antivirus solution that uses a secure VM to handle inspection chores for the entire host.
In my casting around looking for perspective on vShield and VMware’s security strategy, I found these blog posts by Chris Hoff. He’s a renaissance geek with 20 years of IT security experience and, as he puts it, “a passion for virtualization and all things cloud.” He had me at “My life? It’s like Blade Runner meets Beautiful Mind w/some Patrick Swayze Roadhouse violence mixed in.”
He’s currently the director of cloud/virtualization security stuff at Cisco, but that doesn’t seem to color his opinions or much of anything else in his blog. Here are his first and second takes on VMware’s vShield offerings.
It’s going to be interesting to see the uptake of vShield. While I have questions, I think that this move by VMware is important – and a pretty good strategy. Many of the questions that customers have about cloud (both internal and external) revolve around security, and these offerings show that VMware sees security as a crucial part of its product set.
It also gives VMware significant differentiation from Microsoft, Xen, and KVM offerings. Of course, it puts it at odds with others in the industry, including anyone who makes a gateway or security appliance. It also moves it into the enterprise systems management space, where the lineup of rivals includes Tivoli, CA, HP, and a host of other players. ®