VMware security: another look at VMsafe

With VMworld Europe 2008 behind us, looking back, one of the more interesting announcements from the show was around virtualization security and VMware’s VMsafe. VMsafe is the company’s new security architecture that includes an API for security vendors to gain much needed access to the hypervisor layer.

According to VMware, the APIs will allow its partners to develop security solutions for virtualized applications in ways previously not possible with physical environments.

As virtualization continues to gain in popularity, so too will it grow to become more of a target to malicious code writers. VMware’s thin hypervisor code has thus far proven to be secure, but in order to keep security concerns to a minimum, VMware’s introduction of VMsafe is raising the bar on its security.

At VMworld Europe, VMware announced approximately 20 partners that have already signed up to make use of VMsafe. Companies signed up include MacAfee, Symantec, Trend Micro, IBM, RSA, F5 and Fortinet. Using this new technology, these companies will be able to achieve an even deeper level of security to protect the virtual environment from attacks.

I think VMware is definitely on the right track here with VMsafe. Security concerns have been raised for years when discussing server virtualization – so perhaps this new offering will help to eliminate some of the uncertainty. Obviously, it won’t eliminate it any time soon since the technology isn’t yet publically available, and there are still many questions to be answered.

I’m also hopeful that VMware takes VMsafe on a similar journey as OVF – leveraging an industry standards body such as the DMTF. In that way, like OVF, third-party security vendors would be able to create cross virtualization platform security products that could be used to defend all hypervisors and virtual machines no matter which platform you are running in your environment.