Gartner Blog Network


VMsafe: Cool for Virtualization Security, but no Panacea

by Neil MacDonald  |  February 18, 2009  |  9 Comments

VMsafe is essentially set of APIs at the level of the hypervisor/virtual machine monitor that VMware has opened up to developers (primarily of security tools). Since the virtual machine monitor arbitrates all access between the OSs that run on top of it and the shared hardware underneath (memory, CPU, disk and network), security vendors can tap into this unique visibility to provide new and improved types of security capabilities.

This concept of VMM-level visibility (“introspection”) holds the potential to radically transform security in virtualized environments and I have discussed this in detail in conference presentations and in published research. However, there are significant issues to be resolved with this approach, many of which will not be addressed in VMware’s first release of a VMsafe-enabled version of ESX (expected later this year).

In a previous post, I discussed how the legacy security vendors are fighting the move to virtualize – dragging their feet on delivering solutions we need for securing virtualized environments. I’ve seen the lack of VMsafe availability used as a stalling tactic by the vendors (“we’re waiting on VMsafe before delivering our solution…”). Don’t believe it. Network-based security protection can be run in ESX today as a virtual appliance and provide firewall and intrusion prevention services for the internal virtual network traffic. Host-based security protection solutions such as AV can be run today inside of a guest VM to provide protection within the VM. Sure, in the future VMsafe may enable these solutions to install more easily, possibly reduce the number of agents and potentially transform the way we secure virtual environments. Awesome! If I’m responsible for VM security, I’ll consider it after the APIs ship, after the vendors finally ship their VMsafe-enabled solutions, after I’ve got a level of comfort that these VMsafe-enabled security solutions don’t in of themselves introduce new security vulnerabilities, after I’ve tested both thoroughly and when I’m prepared to migrate (oh, and when I’ve got the budget).

Note to self: Check back on VMsafe in at least a year when all of this starts to become a reality. Radical transformation can wait. I’ve got real virtualization initiatives that need to be deployed securely now.

Category: virtualization-security  

Tags: virtualization  virtualization-security  vmsafe  vmware  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio


Thoughts on VMsafe: Cool for Virtualization Security, but no Panacea


  1. Robin Ore says:

    Great article! Thankyou for bringing up the issue. I wrote an article entitled, “The New Wireless World Order” and another entitled, “Your Brain and Civil Rights”. “Brainhacking”, as I called it is an unacceptable intrusion and in many ways can be considered potentially lethal. We cannot afford insecure virtual networks that access the human brain and body. In terms of network architecture and safeguarding privacy, it is important to address issues of who’s privacy. The users in these cases are using people they have access to, if a person has been “Brainhacked”. There is no question where brain to brain interfaces in the “clouds” of next generation networks is heading. Into the brains of little and big girls everywhere for games that may not at all be to their liking. The issues of security should focus first on children, scientists, government employees, women, men, and finally, pets. There won’t be any room for error. Once hackers have your “brain signature” and code information…your life is lost in the fog of mind control. Worse, our security and monitoring, unless computerized will be sub contracted out to India, China and Mexico.

  2. Neil MacDonald says:

    History has shown that any technology that can be used for good things can also be used for bad things.

    Virtualization helps us to reduce costs and improve efficiencies via data center consolidation. Then the bad guys figure out this new layer is an attractive target to hack and gain easy access to all of the workloads hosted on the server.

    So, VMware develops VMsafe — a set of APIs for security tools to gain the upper hand on the bad guys. However, I can tell you with 100% certainty that these APIs will become a target for attack. Security software that has access to these sensitive APIs will be also become a target for attack.

    Does this mean we don’t use these technologies? Not at all. But we need to think proactively how these technologies might be used in unexpected and malicious ways. The time to do this is before these technologies are put into use, not after something bad happens.

  3. […] The vShield technology comes out of VMware’s acquisition of Blue Lane in late 2008 and is able to enforce separation and isolation of VM-based workloads using logical constructs like VM and protocol identities. Note that vShield is really something different than the VMsafe set of APIs I discussed recently. […]

  4. […] keeps saying they have a version “on their roadmap” or are using stall tactics like “we’re waiting on VMsafe before delivering a solution”. Worse, they appear on main stage  at a big event like VMworld […]

  5. […] ever-increasing number of cores available along with advances like VMsafe and VMsafe’s “fast path” as well as improvements in i/o virtualization with next-generation […]

  6. […] Neil Macdonald of Gartner makes a good point about the potential for VMSafe appliances to introduce possible security vulnerabilities at a lower level in the infrastructure. […]

  7. […] Neil Macdonald of Gartner makes a good point about the potential for VMSafe appliances to introduce possible security vulnerabilities at a lower level in the infrastructure. […]

  8. […] affects all vendors, not just the ones that answer the RFI/RFP honestly. This is another area where virtualization and introspection techniques offer new and interesting ways of implementing security controls outside of the OS container that […]

  9. […] I talked about in this post, virtualization will offer new and interesting ways to improve security. VM state inspection (or […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.