Virtual firewall: Altor Networks
This one was a real pleasure to see. I have done all sorts of handsprings to get good firewalling in a virtual environment, all with mixed results. At the university where I teach, we run a VMware vSphere 4 system and while it has some useful capabilities that approximate firewalls it really doesn't have everything I need. Then, a few months back, we got a product in for consideration as a First Look and it looked as if it might be just what I needed.
The Altor VF virtual firewall is the product of both innovative thinking and marketing. The technology is both effective and sensible. And, from the business perspective, it is positioned to coexist nicely with the virtual world. As you might imagine, that is no mean feat. By hooking directly into the VMware kernel, Altor VF behaves exactly as if it was part of the VMware environment. So far, so good. But, I asked the visionary from Altor what they would do if VMware decided to build its own heavy-duty firewall. That certainly would not be without precedent. The response was that the company is a VMware partner and believes that the relationship is appropriate given that VMware actively cultivates ecosystem relationships. Also, he pointed out that the market is growing and diversifying, and Altor plans to be positioned to take advantage of that growth.
There are a number of innovations in the new VMware system that invite further innovations from other vendors. For example, the VMware vmSafe API - for which Altor VF is certified - allows a tight integration between vSphere and Altor VF. This also allows Altor VF to hook directly to vCenter, the VMware management console. All-in-all, the effect is exactly as if Altor VF was a part of the VMware system.
This is important because to be able to protect virtual machines effectively the firewall must behave at that level. The Altor stateful firewall also includes hooks into an IDS, either theirs or a third party's. Between the two capabilities, it is possible to have a solid system of virtual firewalls to protect a networks of virtual machines.
The bottom line, from Altor's perspective, is that the company has reintroduced physical network security into the virtual world. We agree.
AT A GLANCE
Flagship product: Altor VF
Vendor: Altor Networks
Cost: $2,000 per ESX host, plus $5,000 for the management center; additional cost for the optional reporting module whose price varies by the size of the deployment
Innovation: Reintroducing enterprise-class physical world security into the virtual world
Greatest strength: Marriage of world-class technology with the right market