At VMworld Europe 2009, VMware today announced VMware vShield Zones, a new security virtual appliance for the virtual datacenter operating system that will enable strict compliance with security policies and industry regulations for user data. Previously, compliance required diverting network traffic to external physical appliances, resulting in disconnected ‘islands’ of infrastructure. With VMware vShield Zones, customers will be able to create logical zones in the virtual datacenter that span all of the shared physical resources, with each zone representing a distinct level of trust and confidentiality. This will allow businesses to comply with corporate security policies and regulations on data privacy while still running applications efficiently on shared computing resource pools.
Traditional security products, such as firewall appliances, often require that all network activity pass through a handful of fixed physical locations in order to be monitored. Virtualized applications, in contrast, can be migrated between physical hosts for higher resource efficiency and improved uptime. Until now, companies virtualizing security-sensitive applications faced the choice of either leveraging virtualization capabilities such as live migration for optimal load balancing and availability, or enforcing strict security compliance. To solve that dilemma, most customers ended up dividing their virtual environments into smaller, less efficient clusters for areas such as their Internet-facing demilitarized zones (DMZ’s) or consumer credit data processing systems subject to Payment Card Industry regulations. VMware vShield Zones will enable customers to create security zones within enterprises or in multi-tenant cloud infrastructures, where security policies are enforced even as virtual machines dynamically migrate between hardware devices. Deployed as a virtual appliance and integrated with VMware vCenter™ Server, VMware vShield Zones helps make it easy to centrally manage and enforce compliance with security policies across large pools of servers and virtual machines. Built-in auditing capabilities make compliance straightforward and verifiable.
“VMware virtualization solutions have enabled companies to pool their computing resources and deliver IT as a dynamic, shared service,” said Raghu Raghuram, vice president, server business unit, VMware. “VMware vShield Zones enhances this architecture by enabling customers to segment and isolate their application traffic in a shared environment, thereby delivering new security benefits and making VMware Infrastructure a safe place to run business critical applications.”
Savvis recently rolled out a new virtual datacenter hosting and private cloud computing solution providing enterprises with an opportunity to cut costs without having to sacrifice security or performance.
“Maintaining multi-tenant isolation and network segmentation for hundreds of customers simultaneously is critical to the Savvis Cloud Compute solution,” said Ken Owens, technical vice president for security and virtualization at Savvis. “Providing a manageable way to internally partition the virtual datacenter allows us to deliver the most efficient and cost-effective infrastructure for our users to meet their security and compliance objectives.”
VMware vShield Zones will broaden the VMware portfolio of application services with network zoning and segmentation capabilities for the VDC-OS. Application services include services for security, availability, and scalability that are critical to internal and external clouds. In parallel, VMware is continuing to partner with security vendors who have been developing a wide range of complementary security offerings with VMsafe technology. Partner solutions offer a range of enhancements that can include defense-in-depth protection layers such as intrusion prevention, additional logging and notification options, and integration with physical firewalls and security appliances.
More than 50 vendor partners use VMware’s VMsafe technology to develop unique solutions that are virtualization-aware and that leverage new security capabilities such as hypervisor introspection. Altor Networks, Check Point Technologies, IBM Internet Security Systems, McAfee, Symantec, and Trend Micro are charter VMsafe partners who have already demonstrated prototypes of best-of-breed solutions integrated with the APIs. Additional partners such as Cisco Systems, Juniper Networks, RSA, Reflex Systems, Third Brigade and Sourcefire have more recently joined the VMsafe program.
Attendees at this week’s VMworld Europe 2009 can perform a test drive of VMware vShield Zones in the Hands-On Lab area as well as view demos of security partner solutions, such as a hands-on preview of Altor Networks’ VMsafe-integrated Altor VF Firewall, in the Labs and Solutions Exchange areas.
Pricing and packaging of VMware vShield Zones will be announced later in 2009. Customers can visit http://www.vmware.com/vshield to learn more about the product and register to download a beta release scheduled for spring of 2009.