I'm just back from VMworld Europe 2008, and one of the highlights of this event was the announcement of VMsafe – a new security technology introduced by VMware.
What is VMsafe?
VMsafe is a new security technology. What is means is that software security vendors will partner with VMware to develop custom virtual appliances used for protecting virtual machines on a VMware ESX server.
Each virtual appliance will be digitally signed and confirmed by VMware. Only trusted virtual appliances will get the privileges of a VMsafe technology, so even though VMsafe solutions are virtual machines, not every virtual machine can become a VMsafe solution – it needs to come from a trusted partner and go through a verification and certification procedures before customers can use it.
How does VMsafe work?
Like I said, each VMsafe solution is a virtual appliance with elevanted access. Essentially, it will have access to all the key functional areas of all the VMs on the ESX server, monitoring memory and CPU, virtual network adapters and storage.
VMsafe appliance has visibility of all the memory pages of every VM, and has the functionality to prevent a security breach on the memory page or CPU instruction level. Network packets are also analyzed on the fly, and the same kind of dynamic analysis is applied to all the storage available to a given VM.
The main advantage of a VMsafe approach is that it's a security solution which resides outside of any virtual machine. Being above all the VMs (or besides them should I say), VMsafe appliance gets unsurpassed flexibility and maintains the security level which simply was not achieved before: any malware, any virus which traditionally tries to detect and disable an anti-virus solution on your OS, will be left unaware of the fact that the VM is monitored for security at all.
Key benefits of VMsafe
These are a few:
Isolation – VMsafe security solutions reside in their own VM which makes it impossible for a malware running in any of the protected VMs to compromise the security appliance.
Correlation – having direct access to most of the functional areas of all theVMs allows for a deeper and better correlation between security threats – VMsafe appliances will be able to detect threats earlier and correctly recognize the scope (when all the VMs are under the same attack, for example, this should be detected as a single threat spanning a few VMs).
Scalability – being a tightly integrated part of virtual infrastructure, VMsafe appliances will allow for easier and more effective scalability, this will result in flexible and scalable protection of large virtual infrastructures.
Robert Michel says
I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future.
Robert Michel
Gleb Reys says
Thanks, Robert! Hope to see you around!
pS: thanks for leaving the link back to your website – looks like an interesting online project!