VMware Answers Virtual Security Questions With VMsafe Details

While much is still unclear about VMware's vision of the future, the company painted a more complete picture of the VMsafe program at last week's VMworld show, adding detail about how third-party security tools will work with VMware's security APIs.

By Edward L. Haletky
Mon, September 22, 2008

CIO — One of the more interesting developments coming out of the VMworld conference in Las Vegas last week was a richer understanding of how VMsafe works.

VMsafe, announced at VMworld Europe in February, is a set of application programming interfaces designed to allow third-party products to add security to VMware virtual servers without having to run an agent inside each. Here are some key points to keep in mind.

First, to use VMsafe you need Virtual Datacenter OS which includes VMware's latest evolution of its hypervisor technology for servers. VDC-OS is currently in beta test, so release dates are currently unknown. VDC-OS made APIs out of many of the internal features of VMware ESX, so that third parties could add in new security, networking, and management features.

Second, VMsafe is all about the vApp, VMware's new term for either a virtual appliance or a Virtual Machine (VM). A vApp can contain multiple applications and objects, either multiple VMs or ThinApps.

A vApp digitally signed by the proper authority will be able to access the VMsafe API, which will give that vApp the ability to peer into a VM, either its memory, disk, or network.

Unfortunately, VMware hasn't said much about what 'authorized' means in that context. It's not clear who the certifying authority will be, or if the signatures will be used just for installation or for continual use of the vApp.

Personally, I hope a valid signature will be necessary to allow a vApp to continue to function. This would prevent other vApps or tools from modifying the VMsafe vApp after installation and opening security holes after a VM image has already been locked down. VMware and VMsafe partners are currently working out these details.

VMsafe provides antivirus vendors with the ability to deploy a single instance of an antivirus (A/V) application per physical host, rather than requiring one for each virtual server. The theory is that this will decrease overall CPU utilization and increase A/V performance. The demos we saw at VMworld in which one A/V application served all the VMs on single host certainly bore this out. Even with single A/V instances however, I expect there to be some operation issues with respect to I/O performance, and the timing of A/V scans. Currently these issues force full disk A/V scans to be almost serialized on an VMware ESX host.

VMsafe should not be confused with the vNetwork API or vStorage API—a set of interfaces designed to allow simpler integration of VMware virtual infrastructures with third-party products such as the Cisco vSwitch.

Continue Reading

In this paper, Forrester Consulting examines the total economic impact and potential return on investment (ROI) realized by three Enterprise organizations as they virtualized mission-critical Oracle databases on the VMware vSphere platform. The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of VMware vSphere on their organizations.
Even though virtualization has brought positive change to enterprise IT over the last decade, some skepticism remains about how valuable virtualization can be in the way companies deliver and run business applications. Uncover the truth about how you can run your business critical applications with confi dence without sacrifi cing
availability or service quality-and at lower costs.
This IDG whitepaper highlights key findings based on the Quickpoll Survey conducted with more than 300 Enterprise and Commercial IT decision makers worldwide about the state of their virtualization of business critical applications. This paper answers such questions as: What drivers are pushing companies to extend virtualization beyond servers? and What value are they realizing? Central to the paper are key results that expose risks of the past (fears of limited ISV support, performance impact) no longer are a factor for companies moving to 80+% virtualized.
The Kelley School of Business at Indiana University deployed VMware Infrastructure which decreases costs, streamlines server deployment, and reduces energy consumption.
New study quantifies how VMware improved TCO and ROI for three companies' IT landscapes.
This IDC white paper explains how much of the Enterprise IT community is at a crossroads in extending their journey to the private cloud: Companies must virtualize their business critical applications in order to reap the benefits of cloud computing. The paper also includes two case studies and a sidebar highlighting the experiences of three enterprises with virtualizing their business-critical applications, which include Oracle and Microsoft SQL databases, SAP and enterprise Java, and a Microsoft Exchange email system.
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Virtualizing business-critical applications is an essential step in your journey to the cloud. Microsoft SQL Server, Exchange and SharePoint, and Oracle applications, are often the backbone of business IT. The benefits of virtualizing these applications extend far beyond mere consolidation. Understanding how VMware improves quality of service and agility while reducing costs will help you make the case for taking virtualization to the next level in your company.
Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere® 5, VMware is helping customers accelerate the deployment of business-critical applications, including Exchange, SQL, SAP and Oracle.
Want to say goodbye to missed SLAs? VMware can help you virtualize mission-critical applications such as Oracle, MS Exchange and SharePoint to achieve dramatic improvements in uptime, performance and responsiveness. In this webcast, we'll discuss the key benefits of virtualizing your agency's most critical applications and Oracle databases as a necessary first step in fulfilling OMB's mandate to move IT services to the cloud. With VMware, you'll be on the way to quick, effective and full compliance.
Federal IT managers are on the forefront of realizing the benefits that a secure, easy-to-manage virtual desktop environment can provide. The key is how to deliver the end-user experience that is comparable to a physical desktop. This webcast will show how the recently released VMware View 5 environment is being used to deploy virtual desktops to provide mission-critical solutions around Disaster Recover/COOP, telework and secure mobile applications to federal organizations. View this webcast and learn how new features and benefits of the VMware View 5 environment meet the needs of Federal customers
This video webcast is designed to help those with little to no virtualization experience understand why virtualization and VMware are so important to driving down both capital and operational costs. The session will start with the introduction of the key concepts and technologies of virtualization, introduce the vSphere Hypervisor, and build up to an overview of VMware vSphere® 5, the world's most robust and complete virtualization platform. This session will also discuss new solutions such as the vSphere Storage Appliance and VMware GO that are making it easier than ever before to get started with virtualization.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all Newsletters | Privacy Policy
Resource Center