On Tuesday April 22, VMware formally launched the next major release of its virtualization platform. The code has been released to manufacturing and will become generally available during this quarter. The atmosphere was upbeat, the buzz phrase “cloud” was generously sprinkled throughout the presentations and, most importantly, the importance of security as a core capability of the vSphere platform was emphasized. Heck, having any CEO of an IT platform company mention the word “security” in a keynote is a good sign. Paul Martiz mentioned security multiple times. Good stuff.
From a security point of view, this is a significant release:
- vSphere includes a set of APIs for the introspection of hypervisor/VMM-level information called VMsafe.
- Some versions of vSphere will include virtual firewalling capability built on VMsafe called vShield Zones which enforce logical firewalling policies based on a VM’s identity which move automatically with VMs as they move.
- vSphere includes support for hardware-based root of trust measurement of the hypervisor/VMM to help detect tampering of this sensitive security layer.
Multiple enterprise SKUs were announced: Standard ($795); Advanced ($2245); Enterprise ($2875) and Enterprise Plus ($3495). One of my concerns was that VMware would limit security capabilities to only the higher-end SKUs. Well, good news and bad news. VMsafe is present in all versions. I had hoped that the vShield Zone technology would have been included with all SKUs, even with some limits (for example, limiting vShield protection in the entry level SKU to firewalling within a single physical server). However, only the Advanced SKU and higher include vShield.
Virtualization can be used to transform information security. Security capabilities integrated into our virtualization platforms like vSphere are an important foundation for this vision.