« Adjusting the risk/reward dial. | Main | More on VMsafe from Chris Hoff »

Virtsec - Looking up from Layer 4

Greg Ness recaps VMworld Europe's VMsafe announcement, and relates it to the future of virtualization security (virtsec). As a bit of imagery, he links the future of the virtualized production data center to the "upstack (layer 7) server" and its overshadowing the "operationally-intensive layer 4 world of deep packet inspection, signatures and tuning." Nice turns of phrase. They set me thinking about how to characterize those aspects of the virtualized data center which must provide visibility into and the reduce complexity of layers 3 and 2 (... notice the ordering sequence based on the point of view). My initial take is that they deserve a different set of metrics and viewpoints that, as well as Greg's when considering security. More as I tease these out.

VMworld Cannes: Au Revoir Layer 4 - Seeking Alpha

When VMware announced VMsafe at Cannes it marked a major data center security milestone on many levels: 1) it was the first major public statement on virtsec by any virtualization platform vendor; 2) it represented the first glimpse of how virtsec will change the netsec game; and 3) it articulated the key differences between what VMware will protect and what its partners will protect.

That combination of vision and clarity against a backdrop of 20 enlisted security vendors was the equivalent of a high level declaration of independence from the hardware-centric network security appliance model that took off with the emergence of fame-seeking hackers in the late 90s and early 00s. It was also a critical launch component of VMware’s push into the data center. Among the leading security players teaming up with VMware: CheckPoint, McAfee and Symantec.


The faster that VMware virtualizes the production data center, the faster the virtsec industry will accelerate. Given VMware’s momentum and now its high profile position on security (and the positive reaction of VMworld attendees), it seems likely that upstack (layer 7) server and VM security are about to rock and roll the tired, operationally-intensive layer 4 world of deep packet inspection, signatures and tuning. VMsafe has set in motion a security revolution that will indeed advance the cause of data center security beyond the common expectations of older generation architectures.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.