VMware goes deeper into the security world with vShield Zones, but it’s dark and dangerous out there

Posted by virtualization.info Staff   |   Tuesday, March 3rd, 2009   |  

vmware logo

In October 2008 VMware acquired the security vendor Blue Lane Technologies, which offered an interesting inline patching technology for physical and virtual environments.
Rumors say that this was a very opportunistic acquisition considering the economical turmoil and the limited capabilities of Blue Lane to stay profitable.

True or not, the VMware desire to drive virtualization through security and become a leader in that market is evident.
The company already offers a software patching component, Update Manager (OEM’ed from Shavlik Technologies), but will also release a new host intrusion prevention system (HIPS) built on Determina technology, and all its products will benefit the revolutionary point of inspection/prevention that VMsafe APIs will provide.

Last week during the VMworld Europe 2009 (see virtualization.info live coverage of day 1 and day 2), VMware officially announced that the Blue Lane VirtualShield is now relabeled as vShield Zones.
The product will be available later this year, probably as part of the upcoming vSphere 4.0 platform.

For some reasons VMware is deeply changing the message associated to this product: instead of saying that vShield Zones can act as a proxy, intercepting, blocking and/or correcting several layer 7 attacks, the company is describing it more as a security wrapper (similar to VMware ACE) that can enforce the security compliance on any give virtual machine no matter the virtual network it is deployed into.

In other words VMware seems to suggest that this tool can compete and even replace traditional firewalls, making useless those network architectures that include DMZs. Uh-oh.

VMware continues to make the same mistakes already done with ACE: it believes that it can sell security to the server admin guys or that can sell virtualization to the security guys. It’s not the case.

Server, network and security departments are culturally and functionally different departments. Each one has its own language, its own ecosystem of trusted vendors, its own perception of the corporate infrastructure and its own approach to solve challenges.
Because of these differences usually there’s a lot of friction between these groups. These guys don’t go out for lunch together and they certainly don’t share their wonderful experience around virtualization.

VMware failed to sell ACE in the last 5 years despite it’s a great product because it never took into account these differences.
The result is that today ACE technologies are almost given away for free as part of VMware Workstation.

Now VMware wants 100% virtual infrastructures without corporate firewalls and DMZs. It won’t work.
Even just the idea of using vShield Zones side by side with the corporate Check Point firewall won’t work: the security guys already have huge issues in keeping the policies and the object database consistent across all the products they manage.
Virtualization to them is just another level of complexity and insecurity to deal with.

The more VMware extends the more complex becomes for them to understand where to stop.
VMsafe APIs are going to be one of the best thing ever happened in the history of security. Besides that every time VMware releases a security product on its own it enters a very dangerous, foreign domain.

If the company wants to play the security vendor role it should consider a neat change in its approach.

blog comments powered by Disqus

virtualization.info Newest articles
Release: VMware vRealize Log Insight 4.5

June 13th, 2017

Log Insight is a log aggregation, management and analysis tool, that VMware first introduced in 2013 and considered a competitor of Splunk.
Yesterday VMware announced the release of version 4.5, available for…

Release: VMware vRealize Automation 7.3

June 6th, 2017

Today VMware announced the latest release of its cloud management platform vRealize Automation, former vCloud Automation Center.
VMware vRealize Automation 7.3 release notes can be found at this link.


Paper: Introducing the NSX-T Platform

February 9th, 2017

“We see greater potential strategic opportunity in NSX over the next decade than our franchise product vSphere has had for the past decade.”
said VMware’s CEO Pat Gelsinger talking about…

Paper: VMware vSphere Virtual Machine Encryption Performance

November 22nd, 2016

Encryption of virtual machines is something that has been requested for years by the security community. VMware continued to postpone its implementation due to the negative operational impact that many…

Quest Software leaves Dell

November 1st, 2016

In September 2012 Dell announced to have completed the acquisition of Quest Software, a Californian company with an history in systems management, security, business intelligence and, falling back in our…

Citrix announces Q3 2016 results

October 21st, 2016

Citrix announced its financial results for third quarter 2016.
The revenues for the second quarter were $841 million for an increase of 3% compared to Q3 2015.
Net income was $132…

Release: VMware vSphere 6.5 & Virtual SAN 6.5

October 19th, 2016

2016 edition of VMworld US has been quite turbulent, on the other hand during VMworld Europe, happening these days in Barcelona, the company announced a few more products for the…

Release: VMware vRealize Log Insight 4.0

October 18th, 2016

Log Insight is a log aggregation, management and analisys tool, that VMware first introduced in 2013 and now is usually compared with Splunk.
Yesterday VMware announced Log Insight’s new major…

Release: Windows Server 2016 with support for Window Server & Hyper-V containers

October 13th, 2016

Yesterday Microsoft announced the general availability of Windows Server 2016 which the company defines as a cloud-ready OS.
Beside fancy definitions, one of the most relevant perks of this release…

Release: Oracle VM 3.4.2

September 22nd, 2016

During Oracle OpenWorld 2016 the company released version 3.4.2 of its enterprise virtualization solution.
Oracle VM is available for both x86 and SPARC based processor architectures and uses the Xen hypervisor…

VMworld US 2016 Wrap-up

September 1st, 2016

Today was the last day of VMware’s flagship conference VMworld in Las Vegas, an highly controversial edition which left a good chunk of the audience disoriented if not properly disappointed….

Gartner releases its Magic Quadrant for Cloud Infrastructure as a Service for 2016

August 11th, 2016

Last week Gartner updated its Magic Quadrant for Cloud Infrastructure as a Service (IaaS) for the year 2016. The Magic Quadrant for the year 2015 was released in May last year…

Release: Ansible Tower 3 by Red Hat

August 2nd, 2016

Ansible is one of the four main players in the automation market, younger then the well known Chef and Puppet, has been launched in 2013 in Durham, N.C. and acquired…

IBM announces earnings for Q2 2016

July 19th, 2016

Yesterday IBM announced its results for Q2 2016.

If we compare with the same quarter in 2015 earnings per share, from continuing operations, decreased 22%. Net income, from continuing operations,…

Monthly Archive