On Tuesday April 22, VMware formally launched the next major release of its virtualization platform. The code has been released to manufacturing and will become generally available during this quarter. The atmosphere was upbeat, the buzz phrase “cloud” was generously sprinkled throughout the presentations and, most importantly, the importance of security as a core capability of the vSphere platform was emphasized. Heck, having any CEO of an IT platform company mention the word “security” in a keynote is a good sign. Paul Martiz mentioned security multiple times. Good stuff.
From a security point of view, this is a significant release:
- vSphere includes a set of APIs for the introspection of hypervisor/VMM-level information called VMsafe.
- Some versions of vSphere will include virtual firewalling capability built on VMsafe called vShield Zones which enforce logical firewalling policies based on a VM’s identity which move automatically with VMs as they move.
- vSphere includes support for hardware-based root of trust measurement of the hypervisor/VMM to help detect tampering of this sensitive security layer.
Multiple enterprise SKUs were announced: Standard ($795); Advanced ($2245); Enterprise ($2875) and Enterprise Plus ($3495). One of my concerns was that VMware would limit security capabilities to only the higher-end SKUs. Well, good news and bad news. VMsafe is present in all versions. I had hoped that the vShield Zone technology would have been included with all SKUs, even with some limits (for example, limiting vShield protection in the entry level SKU to firewalling within a single physical server). However, only the Advanced SKU and higher include vShield.
Virtualization can be used to transform information security. Security capabilities integrated into our virtualization platforms like vSphere are an important foundation for this vision.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.