Startup firewalls inter-virtual machine traffic on VMware ESX

Article

Startup firewalls inter-virtual machine traffic on VMware ESX

Redwood City, Calif.-based startup Altor Networks has announced what it describes as the first "purpose built" virtual firewall, Altor VF, for securing network traffic between virtual machines (VMs) on a VMware

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you the latest expert resources covering all areas of server virtualization, such as platforms, architectures and strategies, server hardware, managing virtual environments, application issues and more.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchServerVirtualization.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchServerVirtualization.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

ESX host. With its new offering, Altor Networks strives to address some of the persistent security concerns for VMs, and particularly for migrated virtual machines that become vulnerable to security breaches when they are moved to a new virtualization host.

For more on migrating virtual machines:
With Live Migration, Microsoft Hyper-V inches closer to VMware ESX

AMD pushes VMware et al. to broaden live migration

VMware users long for live data migration

In traditional virtual environments, VMs connect to a virtual switch resident on a host, and any traffic between them is unprotected by network-based firewalls. "Anytime [a VM] makes it onto the physical network, you at least have a chance [of securing its traffic]," said Amir Ben-Efraim, Altor Networks' CEO; otherwise, you don't.

Altor Networks says the competition hasn't addressed security for 'nonstatic environments.'
,

Recently, competitive firewall technologies like CheckPoint VPN-1 have been retrofitted to enforce inter-VM network traffic, but only to a point. "They don't address environments with nonstatic perimeters," Ben-Efraim said, namely virtual machines that have been migrated between hosts using VMware VMotion. Further, those tools are complex to install and don't integrate well with third-party security tools, he claimed.

By contrast, Altor VF not only secures inter-VM communication, but in cases where a VM is migrated with VMotion, "carries the VM's security policy to the new server and active connections along with it." Altor VF can also define per-VM security policies and integrates with VMware VirtualCenter, he said. Altor VF is available immediately and is priced between $1,500 and $2,000 per ESX host regardless of the number of VMs.

In addition, Altor VF is being integrated with an intrusion detection and prevention system from Juniper Networks, security information and event management software from ArcSight, and network behavior analysis from Mazu Networks.

Let us know what you think about the story; email Alex Barrett, News Director. And check out our Server Virtualization blog.