Redwood City, Calif.-based startup Altor Networks has announced what it describes as the first "purpose built"...
virtual firewall, Altor VF, for securing network traffic between virtual machines (VMs) on a VMware ESX host. With its new offering, Altor Networks strives to address some of the persistent security concerns for VMs, and particularly for migrated virtual machines that become vulnerable to security breaches when they are moved to a new virtualization host.
In traditional virtual environments, VMs connect to a virtual switch resident on a host, and any traffic between them is unprotected by network-based firewalls. "Anytime [a VM] makes it onto the physical network, you at least have a chance [of securing its traffic]," said Amir Ben-Efraim, Altor Networks' CEO; otherwise, you don't.
Recently, competitive firewall technologies like CheckPoint VPN-1 have been retrofitted to enforce inter-VM network traffic, but only to a point. "They don't address environments with nonstatic perimeters," Ben-Efraim said, namely virtual machines that have been migrated between hosts using VMware VMotion. Further, those tools are complex to install and don't integrate well with third-party security tools, he claimed.
By contrast, Altor VF not only secures inter-VM communication, but in cases where a VM is migrated with VMotion, "carries the VM's security policy to the new server and active connections along with it." Altor VF can also define per-VM security policies and integrates with VMware VirtualCenter, he said. Altor VF is available immediately and is priced between $1,500 and $2,000 per ESX host regardless of the number of VMs.In addition, Altor VF is being integrated with an intrusion detection and prevention system from Juniper Networks, security information and event management software from ArcSight, and network behavior analysis from Mazu Networks. Let us know what you think about the story; email Alex Barrett, News Director. And check out our Server Virtualization blog.