It is trivial, with this additional capability, to maliciously gain access to login credentials, credit card numbers, used over web pages, classified documents, and other bits of private data that are valuable in themselves, and can often be used to gain further access into a company's files.

These tools while trying to increase security could place VI3 further at risk.

The real protections should be lower down, and port level controls should be made available on the vSwitch in order to protect against malicious or accidental use of security sensitive portgroups.

VMware's security specialists should be thinking in this direction as VMSafe products are developed. Until this happens, use of such tools requires extensive monitoring to see if anything is out of the ordinary — automated monitoring that does not currently exist.

What these security tools do is offer auditing reports that are sorely needed. But users should also be aware that using them unwisely can increase risk at the same time.

Virtualization expert Edward L. Haletky is the author of "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers," Pearson Education (2008.) He recently left Hewlett-Packard, where he worked in the Virtualization, Linux, and High-Performance Technical Computing teams. Haletky owns AstroArch Consulting, providing virtualization, security, and network consulting and development. Haletky is also a champion and moderator for the VMware discussion forums, providing answers to security and configuration questions.