Release: VMware vShield Edge 1.0

Posted by Staff   |   Tuesday, September 7th, 2010   |  

During the recently ended VMworld conference (see live coverage), VMware announced a remarkable number of new products. One of them is vShield Edge 1.0.

VMware acquired the vShield security technology from Blue Lane Technologies in October 2008. The only product offered so far has been Zones, a virtual firewall that uses stateful inspection and application layer gateway approaches to monitor and filter virtual network traffic between multiple virtual machines deployed on the same virtualization host.
vShield Zones didn’t mature much in almost two years, and VMware is offering it for free as part of vSphere Advanced, Enterprise and Enterprise Plus editions.

A major limitation of Zones is the inability to filter traffic entering and leaving the virtual network, which is a critical need in multi-tenant cloud computing environments like the ones created by the new vCloud Director.
VMware overcame this limitation by releasing extending the vShield product family with this new solution called Edge.

Zones and Edge share the same firewall engine, but while the former is attached to a specifc virtualization host, the latter is attached to a specific portgroup.
In this role, the engine has been enriched by a few key new capabilities:

  • Site-to-Site VPN (IPSec only)
  • NAT and DHCP services
  • Web load balancing (HTTP/S, with Round-Robin algorithm and sticky sessions)
  • Logging on local or remote Syslog facilities (Firewall and NAT rules, VPN connections, load balancing sessions, DHCP bindings)
  • API

Because of its key importance in the VMware vCloud infrastructure, vShield Edge also allows to meter network utilization and account it to specific tenants when it’s integrated with vCloud Director.


The VPN component has some limitations: it only supports pre-shared key mode, AES or 3DES encryption, IP unicast traffic, and no dynamic routing protocol between the vShield Edge and remote VPN routers.
Also, there’s no mention about IPv6. Hopefully the product supports this kind of traffic.

The way it’s deployed implies that vShield Edge can isolate different portgroups in a way that reminds the VLANs on physical network switches.
Anyway, to have this feature, customers need to deploy a specific Loadable Kernel Module (LKM) on each virtualization host they want to control. The enforcement of other features don’t have this requirement.


To control Edge, Zones, and the other new security products announced at VMworld, VMware is using an additional component called vShield Manager. This is a centralized policy management console that doesn’t require any specific license.  
vShield Manager can be accessed through a web interface or the VMware SDK as it offers a specific API.
Such API allows advanced manipulation of all information produced by the other vShield products, like rules and the logs.

vShield Edge 1.0 pricing starts at $4,538, which includes protection for 25 virtual machines and 1 year basic support (12×5), which is not exactly an affordable solution for SMBs.

blog comments powered by Disqus Newest articles
Release: VMware vRealize Log Insight 4.5

June 13th, 2017

Log Insight is a log aggregation, management and analysis tool, that VMware first introduced in 2013 and considered a competitor of Splunk.
Yesterday VMware announced the release of version 4.5, available for…

Release: VMware vRealize Automation 7.3

June 6th, 2017

Today VMware announced the latest release of its cloud management platform vRealize Automation, former vCloud Automation Center.
VMware vRealize Automation 7.3 release notes can be found at this link.


Paper: Introducing the NSX-T Platform

February 9th, 2017

“We see greater potential strategic opportunity in NSX over the next decade than our franchise product vSphere has had for the past decade.”
said VMware’s CEO Pat Gelsinger talking about…

Paper: VMware vSphere Virtual Machine Encryption Performance

November 22nd, 2016

Encryption of virtual machines is something that has been requested for years by the security community. VMware continued to postpone its implementation due to the negative operational impact that many…

Quest Software leaves Dell

November 1st, 2016

In September 2012 Dell announced to have completed the acquisition of Quest Software, a Californian company with an history in systems management, security, business intelligence and, falling back in our…

Citrix announces Q3 2016 results

October 21st, 2016

Citrix announced its financial results for third quarter 2016.
The revenues for the second quarter were $841 million for an increase of 3% compared to Q3 2015.
Net income was $132…

Release: VMware vSphere 6.5 & Virtual SAN 6.5

October 19th, 2016

2016 edition of VMworld US has been quite turbulent, on the other hand during VMworld Europe, happening these days in Barcelona, the company announced a few more products for the…

Release: VMware vRealize Log Insight 4.0

October 18th, 2016

Log Insight is a log aggregation, management and analisys tool, that VMware first introduced in 2013 and now is usually compared with Splunk.
Yesterday VMware announced Log Insight’s new major…

Release: Windows Server 2016 with support for Window Server & Hyper-V containers

October 13th, 2016

Yesterday Microsoft announced the general availability of Windows Server 2016 which the company defines as a cloud-ready OS.
Beside fancy definitions, one of the most relevant perks of this release…

Release: Oracle VM 3.4.2

September 22nd, 2016

During Oracle OpenWorld 2016 the company released version 3.4.2 of its enterprise virtualization solution.
Oracle VM is available for both x86 and SPARC based processor architectures and uses the Xen hypervisor…

VMworld US 2016 Wrap-up

September 1st, 2016

Today was the last day of VMware’s flagship conference VMworld in Las Vegas, an highly controversial edition which left a good chunk of the audience disoriented if not properly disappointed….

Gartner releases its Magic Quadrant for Cloud Infrastructure as a Service for 2016

August 11th, 2016

Last week Gartner updated its Magic Quadrant for Cloud Infrastructure as a Service (IaaS) for the year 2016. The Magic Quadrant for the year 2015 was released in May last year…

Release: Ansible Tower 3 by Red Hat

August 2nd, 2016

Ansible is one of the four main players in the automation market, younger then the well known Chef and Puppet, has been launched in 2013 in Durham, N.C. and acquired…

IBM announces earnings for Q2 2016

July 19th, 2016

Yesterday IBM announced its results for Q2 2016.

If we compare with the same quarter in 2015 earnings per share, from continuing operations, decreased 22%. Net income, from continuing operations,…

Monthly Archive