VMTN Blog

Christofer Hoff talks about how NAC (Network Access Control) appliance vendors are coping in a world where all compute nodes are virtualized, all nodes are flying around with VMotion, all traffic is going through virtual switches, and you're trying to protect access to the cloud -- is that like nailing Jello to the wall?

Link: Rational Survivability: UPDATED: How the Hypervisor is Death By a Thousand Cuts to the Network IPS/NAC Appliance Vendors.

Virtualization is causing IPS and NAC appliance vendors some real pain in the strategic planning department.  I've spoken to several product managers of IPS and NAC companies that are having to make some really tough bets regarding just what to do about the impact virtualization is having on their business. ...

It's especially hard for vendors whose IPS/NAC software is tied to specialty hardware, unless of course all you care about is enforcing at the "edge" -- wherever that is, and that's the point.  The demarcation of those security domain diameters has now shrunk.  Significantly, and not just for servers, either.  With the resurgence of thin clients and new VDI initiatives, where exactly is the client/server boundary? ...

...and it's going to get even more hairy as the battle for the architecture of the DatacenterOS also rages.  The uptake of 10Gb/s Ethernet is also contributing to the mix as we see customers:

• Upgrading from servers to blades
• Moving from hosts and switches to clusters and fabrics
• Evolving from hardware/software affinity to gird/utility computing
• Transitioning from infrastructure to service layers in “the cloud”

He also points to Chris Silva @ Forrester with much the same concerns:

Server virtualization blurs segmentation models. ... Client virtualization proliferates MAC addresses and blurs endpoints.  ... Application virtualization hides setting and blurs endpoint status.