On the day that Microsoft jumped into the burgeoning virtualization market, VMware — the pioneer and industry leader in this technology — announced Wednesday a new product that significantly enhances and simplifies securing virtual machines.
The product, VMsafe, is a set of application programming interfaces (APIs) that will allow third-party vendors to develop security products that are easily integrated into VMware’s own hypervisors. A hypervisor is the core middleware software that creates, controls and monitors the multiple “virtual machines” that run on a single physical computer in a virtualized environment.
Twenty security vendors announced that they are developing products that support the VMsafe APIs, according to VMware. They include Check Point Software, Fortinet, IBM, McAfee, RSA, Secure Computing, Symantec, Trend Micro and Webroot Software.
According to VMware, its VMsafe APIs integrate at the hypervisor layer of virtualization and will allow detecting and eliminating malicious software. The VMsafe APIs provide what the company called “transparency” into the memory, CPU, disk and I/O systems of the virtual machine, giving it a complete look into the execution of a system.
The VMsafe APIs will also isolate security software from potential malware threats, Parag Patel, VMware’s vice president of alliances, told SCMagazineUS.com. In traditional, non-virtualized physical systems, malware can operate on a “level playing field” with security software and bypass it, he said.
“With VMsafe, we isolate the security software in a virtual machine so it won’t be affected by malware,” Patel explained. “And because the VMsafe APIs give security software “visibility to activities before the malware hits, it gives it an advantage in beating malware.”
The ability to tap into VMsafe APIs will change the entire model for securing virtual machines, Chris Wolf, a senior analyst with the Burton Group, told SCMagazineUS.com. Current methods require complex policies for managing security devices such as intrusion protection/detection products used to protect virtualized environments, he said.
In existing virtualized environments, enterprises need “security policies in place to ensure the security application follows virtual machines when they’re moved to other physical hosts,” he explained. “That creates a great deal of complexity, and when you add complexity to network security, you’re adding to the risk.
“VMsafe will change the way we monitor virtual machine traffic by allowing security to develop security devices that can connect to the hypervisor,” he said. “From the hypervisor, they can directly perform activities such as monitor network traffic, CPU utilization and deep traffic inspection completely external to the virtual machine.”
The technology, he added, will allow deploying a security device on each physical computer, which will be able to monitor all of the virtual machines running on that computer. With current methods, however, each time the virtual machine is moved, the security application must move with it, he added.
“Now we have the capability of monitoring underneath the virtual machine, and the security appliance can stay where it’s at,” Wolf said.
For its part, VMware said that security products that support VMsafe will be able to stop malicious software, including rootkits, trojans and viruses, before it attacks a machine or steals data.
Microsoft, meanwhile, on Wednesday released its latest server operating system, Windows Server 2008, that includes a test version of its “Hyper-V” technology; Microsoft said it expects to ship full-featured Hyper-V software within six months. This marks the company’s initial shot at competing with VMware, the leader in one of the hottest segments of the software industry.