Home > Blogs > Rethink IT

VMware vShield Secures IT as a Service

I’m Venu Aravaduman, Sr. Director of product marketing for our security, storage and business-critical applications solutions. Today, at VMworld, we announced the availability of VMware vShield Edge, vShield App and vvShield Endpoint ! This marks a watershed moment for customers on the path toward IT as a Service.  The VMware vShield family of products is designed to remove barriers to IT as a Service by delivering adaptive, cost effective and simple-to-manage security services.

Why is VMware focusing on security?

Traditional IT security tends to be rigid, brittle, expensive, and was not developed to be aware of virtualization and dynamic IT environments. As customers move towards building private clouds, traditional security models become very limiting. Today, it takes long lead times and a lot of pain to change ANYTHING around security policies and implementation. So, we asked ourselves: shouldn’t security be able to adapt instantaneously to changing business and infrastructure needs? This is precisely why VMware has a significant investment in enabling the next generation of IT security! And, guess what? Independent surveys of our customers show that they rank VMware very highly as someone capable of enabling and delivering this next generation of security solutions!


We are introducing 3 products to the market at VMworld 2010 – these are

· vShield Edge  Provides comprehensive network security and services for the edge of virtual datacenters

· vShield App  – Protects applications in the virtual datacenter from network-based threats

· vShield Endpoint – Enables offloading of antivirus and anti-malware processing to security-hardened virtual machines delivered by VMware partners, strengthens security for virtual machines and their hosts while improving performance by orders of magnitude for endpoint protection.


We are also updating and upgrading out vShield Zones technology —  a feature of vSphere 4.1. The upgrade version now includes a more robust vNIC-level firewall, and this has complete control over inter-VM network traffic – a really important enhancement. vShield App builds on top of this capability.  To read more about these products , visit http://www.vmware.com/products/vshield/


So, what’s the latest on VMsafe?

As you know, a couple of years ago we introduced the VMsafe program and set of APIs as the enablement for our first generation of introspection based solutions. There are currently 6 VMsafe partners, offering 7 solutions for more information on VMsafe visit http://www.vmware.com/technical-resources/security/vmsafe.html. VMware is fully committed to supporting these solutions for our mutual customers. To summarize,  we are building on the VMsafe foundation, and making this better for our partners and our customers!


Based on customer and partner feedback, VMware is now introducing our second generation of introspection based solutions; the first instantiation of this technology is in vShield Endpoint. This next-generation introspection platform brings additional benefits over the VMsafe investments, specifically

1)   Broader integration of management frameworks with our partners

2)   Better abstraction of lower level APIs, more ease of integration for partner solutions

3)   More scalable partner based integration efforts, easier certification

We are building on the VMsafe foundation, and making this better for our partners and our customers. For example, Trend Micro is showcasing the first such solution to market in their Deep Security product, focusing on offloaded AV/anti-malware. We are also working closely with additional strategic partners such as RSA, Symantec, McAfee to enable solutions for offloaded AV and additional classes of endpoint solutions such as Data Leak Prevention, File Integrity Monitoring etc. Our longer-term direction is to drive this next-generation introspection capability to serve broad classes of solutions for endpoint and host protection solutions.

We have worked very closely with Cisco to ensure that our vShield solutions integrate well with Cisco UCS based deployments, as well as full support for the Nexus 1000 v. We are working closely with Intel to ensure that we can leverage Intel’s Trusted Execution Technology for attestation and compliance of cloud based platforms.

With our strategic  industry partners, VMware is committed to delivering the infrastructure and security tools necessary to deliver IT as a Service to our customers. Please continue to watch for additional security updates from VMware.