VMShield sounds something like VMware's vShield, announced last week at VMworld Europe as part of its virtual data center operating system. There's one difference. VMShield is available today. VMware's product isn't due until the end of the year.
VMShield 2.0 includes a V-Tracker feature, which assigns a unique identifier to each VM so that it can be tracked during live migrations from server to server.
VMShield's first version established a Command Center or management console that creates "TrustZones." Virtual machines are assigned to a zone, which defines what security policies apply to it. With the Tracker feature added, the command center can follow the VMs around and enforce a zone's policies, even during live migration movements.
The product "leapfrogs what is out there today. It takes protecting VMware virtual machines to a whole new level," said Edmundo Costa, chief operating officer of the 8-year-old company.
For example, it would be typical for a security administrator to say that a VM talking to a sensitive internal database should not be allowed to communicate with applications on an Internet-facing Web server. Yet Costa claims he learned of a real-world case where such a security violation was allowed to occur.
A VM talking to the database was assigned a misconfigured network interface card on its server. A network administrator allowed the card to talk to a switch that dealt with Internet traffic, instead of internal network traffic only. "That created a bridge from the first tier to the Internet," said Costa. Instead of being caught as a violation of existing security practices, it was put into operation and ran until someone discovered the error.
VMShield would check which apps a VM could talk to, given its workload, and respond if channels were open that violated its security policies, said Costa.
The product is priced at $3,200 per server and is capable of receiving updates to its security information on an around-the-clock basis.
InformationWeek Analytics has published an independent analysis of data center strategies. Download the report here (registration required).