On October 15, 2010, VMware vSphere 4.0 (ESX 4.0, ESXi4.0 and vCenter Server 4.0) achieved Common Criteria certification at EAL4+ under the Canadian Common Criteria Evaluation and Certification Scheme. EAL4+ is the highest assurance level recognized globally by all certificate authorizing schemes under the Common Criteria Mutual Recognition Agreement. 

Many US defense agencies such as the Army and Air Force require a Common Criteria Certification for products they use in their IT environment.  But the scope of entities looking at this certification goes beyond the military and includes state and local governments as well as the Governments of the United Kingdom and France, making it a truly international standard.

This certification path demonstrates VMware’s continued commitment to product security and global standards.  With each iteration through the certification process, the Target of Evaluation (TOE) is expanded to include new virtualization technologies and capabilities from each release.   Over time, features such as “Boot from SAN”, vSphere Command Line Interface (vCLI), Update Manager and Distributed Virtual Switch have been added to the certifications coverage.  By continuing to include new features expands the coverage of each certification, it helps to insure that VMware’s certification efforts meet the needs of a broad and diverse customer base and conform to meaningful, industry relevant security claims. 

VMware was the first x86 virtualization vendor to complete a Common Criteria certification, and this milestone marks the fourth time VMware has completed the Common Criteria process for ESX and Virtual Center and the 2nd time for ESXi.   The journey began with ESX 2.5 & VirtualCenter 1.2 at EAL2, progressed to Virtual Infrastructure 3 (VI3) ESX 3.0 and VirtualCenter 2.0 at EAL4+, evolved and expanded to include both ESX and ESXi 3.5 with VirtualCenter 2.5 EAL4+ and most recently vSphere 4.0, ESX/ESXi and vCenter, at EAL4+.  Of course, we're not resting there — the certification process for vSphere 4.1 is already in progress.

I’d like to take a moment to acknowledge and thank the engineering, security, IT and facility teams as well as the product and release managers for their support, input and guidance throughout the certification process.  Additionally, I’d like to thank VMware’s vendors Corsec Security, Inc. and EWA-Canada, Ltd for their respective parts of this accomplishment.

For the most up to date listing of VMware’s certification efforts, visit the Security Certifications section of VMware’s web site.

Eric Betts
Certifications Manager