Altor tracks virtual machines in motion

Altor Networks' firewall software for virtual environments now supports a unique identifier to keep track of particular versions of virtual machines, even as they replicate themselves to different hosts.

Altor VF generates the identifier using VMware VM properties listed within vCenter, VMware's central management server. The ID follows each VM as it creates new versions of itself.

The previous version of Altor VF kept track of VMs via IP address, which changed as VMs replicated via live migration. With the new software, if users copy VMs themselves – separate from live migration – they get a new identifier.

Altor VF 2.0 software also monitors all traffic in and out of the VMware console to ensure that this central administration tool for the virtual environment is kept safe from attacks. Users can set policies to allow expected traffic and block traffic indicative of a port scan or other attacks, the company says.

Economic Advantages, a Long Island, N.Y., financial services firm, sought out Altor VF as a way to protect its new virtual data center, says Oleg Gorelik, network engineer for the firm. As the company moved from physical servers to virtual servers and from corporate-housed to a hosted data center, he realized the virtual environment would raise new security issues.

In particular Gorelik was concerned that he lacked visibility into traffic among VMs on the same host. Since part of the reason for shifting to a virtual environment was better availability by virtue of virtual servers being able to live migrate, he wanted to be sure he could keep track of them.

Gorelik was ready to use the Altor gear late last year but decided to wait for Version 2 of the software. Altor competes with Apani, BlueLane, Catbird and Reflex Systems.

Altor is also expanding its support to include open source monitoring and security gear. Altor VF shares traffic data it gleans with SNORT intrusion-detection system (IDS) software, NetMon monitoring software and Wireshark protocol analyzer software so they can apply their functionality to VMs that these tools would otherwise not be able to see.

This summer, the company says it will introduce its own IDS that will look for intrusions as an alternative to using a third-party IDS. Altor says it will license the IDS capability from a third party it would not name.

By early next year the company says it will expand its support of virtual infrastructure to include Citrix's Xen virtual environment as well as Microsoft's Hyper-V.

Altor's software is sold as a virtual appliance that runs on VMware VMs and applies policies to traffic among all VMs, even those within the same physical box. Traditional firewalls track traffic based on IP addresses of physical machines so they have a blind spot regarding traffic among VMs sharing the same machine.