« Virtualization Risk and the Fishtank | Main | Adjusting the risk/reward dial. »
Saturday
Mar152008

VMsafe and the Network Stack

Gabe has collected information from various sources about VMware's VMsafe API. The post makes clear VMware's approach to "opening up" access to the hypervisor for third-party security products provided by carefully vetted partners. In a comment to the post, the reader is pointed to VMCI as a the means by which VMsafe gains access to memory and other hypervisor resources. Gabe then makes this rather telling response:



I’m missing the network stack in this, because I read that the network virtual switches can also be monitored with VMsafe. I’m wondering if for example McAfee can build an appliance that does some kind of virus scanning, checkpoint builds a network inspection appliance, etc. You would then have multiple security appliances per host. Not sure if this is what is desired.



Is this the case? Does VMsafe offer up access of this kind to the vswitch? Does that mean that the as-yet-unannounced, but rumored third-party virtual distributed switch would offer up the same access through VMsafe?

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.