VMware revamps its security offering, prepares security for the cloud

Earlier this month VMware announced two new variants of its vShield Zones (formerly VirtualShield) virtual firewall: vShield App 1.0 and vShield Edge 1.0, both available now as beta.

The company inherited the security product after the acquisition of Blue Lane Technologies, in October 2008. Since that time, VMware updated the product only one time, including it for free in vSphere 4.0 (but only for Advanced, Enterprise and Enterprise Plus SKUs).
The new vSphere 4.1 doesn’t bring in any update for the product, or at least there’s no mention of updates in the official release notes (for both vSphere and vShield Zones).

VMware describes vShield App as a stateful inspection firewall, capable to analyze inter-VM traffic and to attach the security policy to the virtual machine itself. It’s not clear if this means that Zones has been renamed in App or not.

vShield Edge leverages the same engine and adds routing on top, allowing administrators to inspect and filter network traffic when it leaves or enters the virtual data center.
The product also leverages the VMsafe API, creating security zone for the virtual machines that are enforced down to the vNIC.
Last but not least vShield Edge includes DHCP, VPN, NAT and load balancing services.

vShield Edge will be included in the upcoming vCloud Service Director (vCSD, formerly project Redwood), to be launched during VMworld 2010 in early September, as an official VMware presentation available online confirms:

vShieldEdge10.png

The presentation also clarifies that products will be centrally managed by a vShield Manager 2.0, which is integrated with vCenter Server.