Article

Startup firewalls inter-virtual machine traffic on VMware ESX

Alex Barrett, News Director
Redwood City, Calif.-based startup Altor Networks has announced what it describes as the first "purpose built" virtual firewall, Altor VF, for securing network traffic between virtual machines (VMs) on a VMware

    Requires Free Membership to View

    Login

ESX host. With its new offering, Altor Networks strives to address some of the persistent security concerns for VMs, and particularly for migrated virtual machines that become vulnerable to security breaches when they are moved to a new virtualization host.

For more on migrating virtual machines:
With Live Migration, Microsoft Hyper-V inches closer to VMware ESX

AMD pushes VMware et al. to broaden live migration

VMware users long for live data migration

In traditional virtual environments, VMs connect to a virtual switch resident on a host, and any traffic between them is unprotected by network-based firewalls. "Anytime [a VM] makes it onto the physical network, you at least have a chance [of securing its traffic]," said Amir Ben-Efraim, Altor Networks' CEO; otherwise, you don't.

Altor Networks says the competition hasn't addressed security for 'nonstatic environments.'
,

Recently, competitive firewall technologies like CheckPoint VPN-1 have been retrofitted to enforce inter-VM network traffic, but only to a point. "They don't address environments with nonstatic perimeters," Ben-Efraim said, namely virtual machines that have been migrated between hosts using VMware VMotion. Further, those tools are complex to install and don't integrate well with third-party security tools, he claimed.

By contrast, Altor VF not only secures inter-VM communication, but in cases where a VM is migrated with VMotion, "carries the VM's security policy to the new server and active connections along with it." Altor VF can also define per-VM security policies and integrates with VMware VirtualCenter, he said. Altor VF is available immediately and is priced between $1,500 and $2,000 per ESX host regardless of the number of VMs.

In addition, Altor VF is being integrated with an intrusion detection and prevention system from Juniper Networks, security information and event management software from ArcSight, and network behavior analysis from Mazu Networks.

Let us know what you think about the story; email Alex Barrett, News Director. And check out our Server Virtualization blog.

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top