By Michael Haines, Sr. vCloud Architect (Security)
Today, security vendors, such as Trend Micro, McAfee and
others are now entering the virtualization market and are looking for ways to
develop and integrate their existing solutions (antivirus, personal firewall,
intrusion detection, intrusion prevention, anti-spam, URL filtering, and etc…)
to VMware's ESX Server while trying to differentiate themselves from the
So, I am sure you have heard a great deal about
VMsafe and in particular what the VMsafe API is, right? This word 'VMSafe API'
gets bounded around way too often for my liking! So what is VMsafe and the
When I think of VMsafe, I think of this as more of a
partner ecosystem program delivered by VMware. That is to say, what we have
created and offer as part of this ecosystem program are three sets of distinct
Application Programming Interfaces (APIs) that can be used by ISVs and
developers to develop and build security applications and solutions for the
virtual environment. I might add this is not for the faint hearted! These APIs
are split into three main areas:
- vCompute (CPU and Memory) API
- vNetwork Appliance (DVFilter) API
- VDDK API (for disk block inspection)
CPU and Memory API.
So what does the vCompute CPU and Memory Inspection
API do? At its most basic form, this API includes features that you can use for
developing security applications that inspect memory access and CPU states
before any code is actually executed.
Appliance (DVFilter) API
So what does the vNetwork Appliance (DVFilter) API
do? This API enables you to provide a solution to protect network packet
streams. With the DVFilter you can create network packet filters that you
insert into the virtual packet stream. This network packet filter is inserted
between the vNIC and virtual switch (vSwitch). There are one of two possible
agents that can be used. These agents are referred to as the fast-path agent
and slow-path agent, which make up the "filter". I’ll write more on
the fast-path and slow-path agents in a future blog. One of the key messages
here is that the vNetwork Appliance APIs are not just for security, we envision
a lot more use cases moving forward. In fact, you may not be aware of this, but
Lab Manager was the first product to use DVFilter.
So what does the VDDK API do? The Virtual Disk
Development Kit is a collection of C libraries, code samples, utilities, and
documentation that enable a developer who is creating applications to manage
virtual storage. Yes, it’s an API and Software Development Kit (SDK). The
Virtual Disk Development Kit includes the Virtual Disk API library functions,
VMware disk utilities (which include the disk mount and virtual disk manager)
and documentation. The primary audience for VDDK are ISVs who develop, for
example, anti-virus security products.
So, how does one get access to the VMsafe partner ecosystem
program? Well, firstly this program itself is controlled in terms of which partners
can get to it and use it. Today, only one API (VDDK) that is part of the VMsafe
program is a public API. That is to say that the vCompute and vNetwork are not
public APIs. As I mentioned earlier, these APIs are not end user APIs but rather
are intended for security partners. For more information on these security
partner APIs, go to VMware's Advanced
Developer Portal. For more
information on VMSafe in general, please visit us here.
Comment below or share your thoughts with me on
Twitter at @vcloud. We’ll also be talking about vCloud APIs on the vCloud
Facebook page. Become a fan!