How the Hypervisor is Death By a Thousand Cuts to the Network IPS/NAC Appliance Vendors

Christofer Hoff talks about how NAC (Network Access Control) appliance vendors are coping in a world where all compute nodes are virtualized, all nodes are flying around with VMotion, all traffic is going through virtual switches, and you’re trying to protect access to the cloud — is that like nailing Jello to the wall?

Link: Rational Survivability: UPDATED: How the Hypervisor is Death By a Thousand Cuts to the Network IPS/NAC Appliance Vendors.

Virtualization is causing IPS and NAC appliance vendors some real pain
in the strategic planning department.  I’ve spoken to several product
managers of IPS and NAC companies that are having to make some really
tough bets regarding just what to do about the impact virtualization is
having on their business. …

It’s especially hard for vendors whose IPS/NAC software is tied to
specialty hardware, unless of course all you care about is enforcing at
the "edge" — wherever that is, and that’s the point.  The demarcation
of those security domain diameters has now shrunk.  Significantly, and
not just for servers, either.  With the resurgence of thin clients and
new VDI initiatives, where exactly is the client/server boundary? …

…and it’s going to get even more hairy as the battle for the
architecture of the DatacenterOS also rages.  The uptake of 10Gb/s
Ethernet is also contributing to the mix as we see

  • Upgrading from servers to blades
  • Moving from hosts and switches to clusters and fabrics
  • Evolving from hardware/software affinity to gird/utility computing
  • Transitioning from infrastructure to service layers in “the cloud”

He also points to Chris Silva @ Forrester with much the same concerns:

Server virtualization blurs segmentation models. … Client virtualization proliferates MAC addresses and blurs endpoints.  … Application virtualization hides setting and blurs endpoint status.


0 comments have been added so far

  1. Nailing Jello to the wall. You’ve been talking to my four year old; seems to be her favorite past time… 😉
    To further the discussion, look at how the I/O virtualization solutions are going to exacerbate the situation; now we have yet another abstraction of the virtualized network in a box external to the vHost…

Leave a Reply

Your email address will not be published. Required fields are marked *