News Stay informed about the latest enterprise technology news and product updates.

VMware to release APIs to security vendors under VMsafe

VMware plans to release application program interfaces as part of VMsafe so security vendors could design software interoperable with its virtualization technology.

VMware Inc. launched a new technology it calls VMsafe, designed to protect applications running in virtual machines.

Under VMsafe, the Palo Alto, Calif.-based virtualization software vendor would release application program interfaces (APIs) to security vendors, allowing them to develop security software that integrates with VMware software.

VMware executives have been under increased pressure to address security concerns from industry experts and IT security pros. At its VMworld conference last year, industry analysts and security pros saw the benefits of the technology but voiced their skepticism that it could be easily secured.

Like many software vendors, VMware has also addressed a number of bugs in its software. Core Security was the latest firm to discover a dangerous file sharing flaw in Windows-hosted versions of VMware Workstation, ACE, and Player. If exploited an attacker could gain access to a host system.
Virtualization security:
The security benefits and risks of virtualization: IT shops are looking at virtualization as a way to improve data security and make patch deployments more efficient. As Senior News Writer Bill Brenner reports, many IT pros say the benefits are real if the technology from a range of vendors is examined. But IT pros and analysts say security risks remain.

Preparing for virtualization security unknowns: Server virtualization technology is revolutionizing enterprise data centers, but nobody knows just how it will affect enterprise information security.

Will using virtualization software put an enterprise at risk? A virtualized IT infrastructure can simplify operations and save a company money, but is such an environment secure?

Pete Lindstrom, an analyst at Midvale, Utah-based Burton Group said he would watch to see how an API program would be managed. Lindstrom said the timing is right since threat level to virtualized environments is low, because many firms are in the early adoption phase of deployments.

"When you hear folks speak about standards, APIs and toolkits it's great for flexibility, however, you're gross risk associated with the hypervisor increases," Lindstrom said.

The hypervisor is an ultra-thin layer of software that runs directly on server hardware independently of the operating system, enabling users to create virtual machines on the server to run applications.

VMWare is addressing the hypervisor through its API program. It said its VMsafe technology would allow security vendors to build products that integrate into the VMware hypervisor.

VMware said the software will increase transparency into the memory, CPU, disk and I/O systems of the virtual machine. It said 20 security vendors, including Symantec, McAfee, the Internet Security Systems division of IBM, EMC's RSA security divison, and Check Point Software Technologies, plan to develop software that is interoperable with virtual machines.

"The industry has come out in full force to support VMware VMsafe technology with plans for a whole new class of security products that offer customers new advantages to running applications in virtual machines." Raghu Raghuram, vice president of datacenter products and solutions, said in a statement.

Dig Deeper on Virtualization security issues and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.