Gartner Blog Network

VMware Unveils vShield and Raises the Security Bar for all Virtualization Vendors

by Neil MacDonald  |  February 27, 2009  |  Comments Off on VMware Unveils vShield and Raises the Security Bar for all Virtualization Vendors


As I have discussed from the beginning, the policy enforcement capabilities of information security technologies like firewalls, intrusion prevention systems, network access control and so on need to be virtualized in order to secure the next-generation adaptive data center.

Network and trust separation in a virtual environment needs to be enforced based on logical attributes, like VM identities, application identities and user identities. Security policies tied to physical attributes like servers, MAC and TCP/IP addresses make no sense in a virtualized environment where workloads may move regularly.

At VMworld Europe 2009 and on its website, VMware has formally announced its vShield offering to enable the creation and enforcement of logical separation zones in a VMware virtual environment.

From the announcement:

Deployed as a virtual appliance and integrated with VMware vCenter™ Server, VMware vShield Zones helps make it easy to centrally manage and enforce compliance with security policies across large pools of servers and virtual machines. Built-in auditing capabilities make compliance straightforward and verifiable

The vShield technology comes out of VMware’s acquisition of Blue Lane in late 2008 and is able to enforce separation and isolation of VM-based workloads using logical constructs like VM and protocol identities. Note that vShield is really something different than the VMsafe set of APIs I discussed recently.

VMware has wisely avoided the subscription side of the security business (for example, IPS and AV signature subscriptions and the labs necessary to support this) leaving this to its ecosystem partners. However, whether or not the vShield technology will be “free” is a different matter. Pricing/packaging details were not announced. VMware is a commercial entity. Everything can’t be free. But, like the Windows firewall, it makes sense to provide some basic level of security capabilities in the “platform” itself at no additional explicit cost. In this research note, we explore the Blue Lane technology VMware acquired in depth and what we expect VMware will do with the technology moving forward.

Whether you use VMware or not, VMware’s announcement is good news. All IT platforms should have built-in security capabilities – hardware, operating systems, application development tools, application platforms, applications, and so on. We must demand this from our virtualization platform vendors as well.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: virtualization-security  

Tags: virtualization-security  vmware  vshield  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.