Virtual machines on the same server can communicate with one another without ever touching the physical network, possibly bypassing security and monitoring controls you've carefully constructed on that network. VMs also can move from one physical server to another, which may disrupt security policies if moving from a more-secure to a less-secure physical host.
Enter Altor Networks. Founded by Check Point Software veterans, Altor builds virtual firewalls to control inter-VM communication and enforce security policies. Its product, Altor VF, is a virtual appliance that, when installed on a physical server, discovers the VMs on the host by communicating with VMware's vCenter Server (formerly Virtual Center). From there, IT teams create policies for each virtual machine on the host, such as restricting or allowing inter-VM communications, or routing VM traffic elsewhere, such as an intrusion-detection system that scans traffic for attacks.
Policies can also move with a VM as it travels from one physical host to another, though only for hosts running the Altor VF virtual appliance. In addition to the firewall, Altor Networks offers a Web-based management console where administrators can create policies and monitor the status of VMs controlled by firewall. It provides traffic information such as protocols in use, shows bandwidth consumption, and tracks changes to firewall policies.
The company has partnerships with established security vendors, including ArcSight. For example, an Altor virtual firewall can export firewall logs to ArcSight's security event management platform for real-time and historical analysis of security events.
Altor VF is priced at $2,000 per VMware ESX hypervisor, regardless of the number of virtual machines.
Virtualization security is still an immature market, so Altor has an opportunity to establish itself. But booming markets draw competition, and that's what's happening here. VMware acquired Blue Lane, which is primarily focused on intrusion detection, but which also provides inter-VM visibility. Plus, VMware has released an API, called VMsafe, that may let established security vendors build their own virtual machine security products for the VMware platform.
Finally, Altor must compete with alternative approaches. In one example, startup Montego Networks' virtual switch includes security capabilities such as policy enforcement and secure inter-VM communication.
With its Storage Delivery Network, Nirvanix is one of the early leaders in the storage-as-a-service market. Founded in 2007, Nirvanix competes with Amazon's Simple Storage Service and a growing number of other on-demand storage services. The 25 cents per gigabyte per month is for a single node on NirvanixSDN; it's 48 cents per gigabyte for two nodes.
Customers can sign up for Nirvanix's service in a few minutes with a credit card, e-mail address, and other basic information. Or they can go through a salesperson and sign an enterprise contract at a negotiated rate.
Many customers start with the self-service, pay-as-you-go option as a way of getting experience, then transition to an enterprise account once their comfort level--and storage usage--grows. About two-thirds of the company's customers have self-service accounts and one-third have enterprise accounts. Storage workload helps determine the starting point. If companies have more than 2 TB to manage, Nirvanix steers them toward direct sales rather than self-service.
Nirvanix finds first-time enterprise customers may take 12 to 18 weeks to get up and running, factoring in the time it takes to meet, write up a contact and service-level agreement, and get vendor approval through the customer's internal procurement process.
In general, companies use Nirvanix as an alternative to on-premises systems for data backup and to store files--documents, audio, video, and other data--that are large and accessed relatively infrequently.
Nirvanix is only 2 years old, but already it has lived through some of the ups and downs of being a startup. The company was forced into damage control after MediaMax--also known as the Linkup and spun off from Nirvanix's parent company, Streamload--closed last August, leaving some consumers without access to their data. Nirvanix is a separate company, focused on businesses rather than consumers, but it still had to fend off guilt by association for having been spun off from the same parent.
And Nirvanix started off this year with a change at the top. In January, Nirvanix founder Patrick Harr was replaced as CEO by Jim Zierick, the former CEO of Aspyra, a specialist in the health care industry. Change in management isn't unusual at startups, but it does underscore the inherent risks.
So far, so good. Earlier this month, Nirvanix announced a partnership with Ocarina Networks--another InformationWeek Startup 50 company--to join their technologies to create a compression-in-the-cloud combo. Ocarina's technology compresses a variety of file types by 50% or more. Together, the products can be used to optimize the transfer and storage of large files in the cloud.
It's that type of innovation that will cause IT professionals to take a look. And the cost of entry--the price of a gumball--is one that even cash-strapped companies can afford.
-- John Foley