Release: Altor Networks VF 3.0
Now we are talking. Today Altor Networks releases today the third generation of its Virtual Firewall (VF) which features a brand new kernel that fully leverages the new VMware VMsafe APIs.
The choice to rewrite the core part of the product will probably raise concerns about its stability, but there was a good reason to do so.
VMware offers two modes to use the VMsafe network APIs, called Slow-Path and Fast-Path.
By using the Slow-Path, a security vendor asks for a copy of the virtual traffic inside a dedicated VMsafe virtual appliance, plugging into the virtual switches that connect the protected VMs.
This approach is slow (it obliges to perform context switching) and implies some potential risks as the VMsafe virtual appliance itself could be targeted for an attack.
By using the Fast-Path instead, a security vendor can process the virtual traffic from inside the ESX vKernel, in a truly transparent mode.
Unfortunately the Fast-Path integration is harder to implement but pays off in terms of performance, flexibility and security, so different vendors are using both modes to deliver a hybrid solution.
Altor Networks decided to rework its product kernel to use only the Fast-Path mode, and it reports a performance improvements over its competitors from 10x to over 20x, even on a very cheap hardware (and without the new Intel Xeon 5500 CPUs), as this throughput analysis is summarizing:
Additionally, as the Fast-Path approach doesn’t oblige to touch the virtual network configuration and deploy multiple vSwitch instances, Altor Networks could immediately support the Cisco Nexus 1000V, something that is not possible otherwise.
VF 3.0 also includes a intrusion detection system (IDS) module based on the overwhelming popular open source engine Snort. Altor Networks has OEM agreement with the company that maintains Snort, Sourcefire, to resell their commercial attack signatures and allow the customers to recognize several 0day attacks.
Compared to many other security firms, Altor Networks is not just trying to bundle together security engines gluing them with a unified interface.
The company is working on a deeper integration, using the information coming from the IDS (and other modules in the future) to dynamically rearrange the VF rulebase.
There are complexities in this approach but it’s certainly more interesting than many other apparent all-in-one solutions.
Last but not least the new VF 3.0 includes all redundant components, without paying any premium, with hot stand-by copies of its management and control modules.
These pieces can be externally managed through a dedicated API that Altor Networks developed for cloud computing providers that want to control the fail-over with their own tools.
Altor Networks has been included in the virtualization.info Virtualization Industry Radar.
virtualization.info Newest articles
May 22nd, 2012
Yesterday, during its annual conference in Las Vegas, EMC announced the acquisition of Syncplicity, a cloud-storage privately held startup founded in 2008 and based in Menlo Park, California.
Terms…
May 21st, 2012
On May 18th Oracle announced the general availability of version 3.1 of its x86 enterprise virtualization solution VM Server.
This release follows 3.0 announced on August 24th 2011.
All the new…
May 21st, 2012
In this post, published on May 18 in VROOM! Blog, the VMware’s Performance Team presented some of the most significant enhancements and optimizations brought to Teradici‘s PCoIP protocol in the…
May 17th, 2012
On May 15th NVIDIA unveiled the NVIDIA® VGX™ platform that will be available later this year through NVIDIA’s hardware OEM and VDI partners.
This new platform promises to deliver…
May 17th, 2012
Microsoft announced this week the new Beta version of its capacity planning tool Microsoft Assessment and Planning (MAP) 7.0 Beta.
The Beta program opened on May 15th and the review…
May 15th, 2012
Today VMware announced VMware vFabric Suite 5.1, expected to be generally available in Q2 2012.
vFabric Suite 5.1 includes vFabric Application Director, to automate the deployment and management of vFabric…
May 15th, 2012
On April 4 Stephen Herrod, VMware’s CTO, has attended, as guest speaker, at a VMUG meeting in Italy.
One of the key point of the speech, documented in one hour-long…
May 14th, 2012
Last week Citrix announced a new tech preview for Hosted Server VDI technology that allows cloud providers to leverage Microsoft SPLA to host VDI-style desktops obtaining a pay-as-you-go monthly subscription licensing…
May 11th, 2012
On May 7 Atlantis Computing announced the general availability of its Atlantis ILIO Diskless VDI 3.2, this product, tailored in particular for VMware View 5.1, enables virtual desktops deployment…
May 11th, 2012
On May 7 Citrix announced a technology preview of Project Aruba that extends Citrix VDI all-in-one proposal for the SMB market, VDI-in-a-Box, with personal vDisk technology.
VDI-in-a-Box, inherited from Kaviza…
May 10th, 2012
On May 7 Cloud Sidekick announced the Early Access Program release of Cato Enterprise Edition (EE) which extends the Community Edition (CE) with Storm Deployment Automation and support for…
May 9th, 2012
On April 26 VMware announced the general availability of VMware vCenter Infrastructure Navigator (VIN) 1.1, previously introduced as a part of vCenter Operations Management Suite.
VIN automatically detects, discovers and…
May 8th, 2012
On May 3 VMware released a security update, that the company itself define as “accelerated“, with the purpose to patch five “critical” security issues across VMware ESX and ESXi hypervisor…
May 7th, 2012
On May 3 VMware announced it has joined the Facebook Open Compute Project, an initiative launched in 2011, with the objective of increase technology efficiencies and reduce the environmental impact…
Copyright © 2003-2012 virtualization.info. All rights reserved.
virtualization.info | cloudcomputing.info | virtualization.tv | Virtualization Congress