When we were setting up the virtual systems for Norwich University, Lab Manager Mike Stephenson and I struggled with firewalling at the VM level. It was an immense challenge. We tried all sorts of firewall schemes - from the hardware to building software firewalls and individual firewalls on the VMs themselves. Nothing really did exactly what we wanted - virtual lab systems, such as the ones we create at school, are incredibly finicky and demanding.
There are several aspects of using Altor VF that are tailor-made for a virtualized environment. First, we tend to create virtual machines every time we need them. That doesn't mean, though, that we get rid of them when we no longer need them. Sometimes, these unused machines hang around for a very long time unused and unnoticed, and unprotected. If there is any VLANing going on, it is possible that there is an unprotected backdoor into the production network.
Altor VF protects all of the VMs, but even better, it lets you know what you actually have so you can get rid of what you don't need. And, as they say on the late-night infomercials, "Wait! There's more!" Altor VF works directly with either its own IDS or with an external IDS, such as Snort, Juniper or ArcSight. Of course, this capability works all the way down to the VM and allows deep analysis of data to and from the individual VMs.
As well, Altor VF works with other important virtual products, such as VSwitch or Cisco V1000. And, again as one would expect, it is policy driven, which makes management easy and straightforward.