Startup firewalls inter-virtual machine traffic on VMware ESX

By Alex Barrett, News Director 14 Oct 2008 | SearchServerVirtualization.com

Server virtualization news and opinions Digg This!     StumbleUpon     Del.icio.us

For more on migrating virtual machines: With Live Migration, Microsoft Hyper-V inches closer to VMware ESX AMD pushes VMware et al. to broaden live migration VMware users long for live data migration

In traditional virtual environments, VMs connect to a virtual switch resident on a host, and any traffic between them is unprotected by network-based firewalls. "Anytime [a VM] makes it onto the physical network, you at least have a chance [of securing its traffic]," said Amir Ben-Efraim, Altor Networks' CEO; otherwise, you don't.

Altor Networks says the competition hasn't addressed security for 'nonstatic environments.'

Recently, competitive firewall technologies like CheckPoint VPN-1 have been retrofitted to enforce inter-VM network traffic, but only to a point. "They don't address environments with nonstatic perimeters," Ben-Efraim said, namely virtual machines that have been migrated between hosts using VMware VMotion. Further, those tools are complex to install and don't integrate well with third-party security tools, he claimed.

By contrast, Altor VF not only secures inter-VM communication, but in cases where a VM is migrated with VMotion, "carries the VM's security policy to the new server and active connections along with it." Altor VF can also define per-VM security policies and integrates with VMware VirtualCenter, he said. Altor VF is available immediately and is priced between $1,500 and $2,000 per ESX host regardless of the number of VMs.

Tags: Server virtualization risks and monitoring,  P2V, V2V and V2P migration,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us