VMware announces VMsafe APIs

The only true major announcement made at VMworld Europe 2008 is about the release of VMsafe APIs.

VMsafe is an interface allowing security vendors to protect virtual machines without having to install agents inside each guest operating system.

While security products like antivirus will still have to install inside a dedicated VM, they will be able to monitor what’s happening inside other virtual machines from a completely new perspective: the hypervisor level.

This will allow checking which traffic is entering or leaving a VM, or even which data is being executed inside it (looking at CPU states, memory pages and OS processes list). All done in a transparent way.

The revolutionary approach has two remarkable benefits: first of all it saves precious physical resources and management efforts without duplicating the same security agent inside each guest OS, secondarily it prevents the security agents from being directly attacked and possibly disabled.

Several malicious codes usually try to disable the existing protections before infecting the system, granting themselves the longest lifetime possible. With the new architecture made possible by VMsafe the chances to succeed in this task are much less.

VMware announces VMsafe with the support of notable security players: from the anti-virus ones (Kaspersky, McAfee, Sophos, Symantec, Trend Micro) to the firewall ones (Check Point, Fortinet), passing through several other categories.

Unfortunately nor the new interface neither the related products are available today: VMsafe will be included in future versions of VMware Infrastructure, complemented by security products built specifically for it.

So far VMware didn’t open the documentation for the APIs and doesn’t seem possible to apply for the technology program.

With VMsafe VMware has the unique chance to improve the efficiency and effectiveness of security products like never before.
If the company will release the interface soon enough and its partners will execute properly, VMsafe alone will be a reason valid enough to adopt VMware Infrastructure.