- Microsoft will float cloud OS this month
- Top 16 Chinese iPhoneys
- Pimp your ride: Cool car technology
- Laptop stolen from McCain campaign
- Cisco, Microsoft roll out server, networking appliance
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Value of WDS
| Clear Choice Test VM management | ||||||||
| ||||||||
Reflex Technologies' Command Center is itself a virtual machine that sits on VMware's ESX server and acts as an intrusion-prevention system, watching connectivity activity between other VMs and the virtual network interface provided by VMware.
RCC watches either a reflection of or directly filtered network traffic flow between physical and virtual network interfaces and monitors and filters traffic based on a rules set of known hacks, cracks and odd behaviors between hosts.
RCC is a nervous beast that only occasionally mischaracterized traffic. Amusingly, it misidentified traffic coming from Virtugo's VirtualSuite (a competing VM management product) as indicative of an instance of eDonkey. Otherwise it was highly accurate.
This product is stunningly simple to use. Installation takes literally seconds. Two modes are available: an inline mode that rests between VM host instances and the virtual network cards in a VMware host server, and a bridged mode that listens to traffic mirrored from the interface. The inline mode can filter traffic based on default or administrator-modified packet filtration rules, while the bridged mode is a listen-only setup.
We used both modes, first as a filtered connection, then as a combined filtered and bridged connection so that we could monitor one host while filtering/monitoring the other one. Each VMware hardware host server had four to six VMs running on it. We used Microsoft's Internet Information Server 6 and Apache as sample applications on each server instance.
Once the RCC VM instance is alive, it immediately starts evaluating packets (or filtering if that's what you've chosen to do) and relationships between VM instances and the rest of the connected world. Sensors on multiple VMware hosts can be setup and linked to a single RCC console.
RCC then categorizes intrusion profile information it's evaluated into low-, medium- and high-concern categories (shown in a 3D bar graph as yellow, orange and red) when it sees a problem not in line with its rule set.
As an example, we probed Server Message Block ports on each server, an action that correctly triggered signature messages of several attack types. Additionally, we had one server pound the DNS ports of another hosted server to trigger the identification of a User Datagram Protocol (UDP) flood attack.

The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
A Unified Approach to Workload Lifecycle ManagementDiscover how solutions that support workload profiling and enable anywhere-to-anywhere workload...
Consolidated Disaster Recovery Using VirtualizationServer virtualization is providing enterprises of all sizes with exciting new options for...

The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Turning information into a Competitive AdvantageCompanies today are realizing that competitive advantage is harder to sustain when based solely on...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Managing a newly virtualized environment can be tricky. Effectively deploy this technology with the...
Data Center DecisionsData Center Decisions Made Easier. Learn about the latest tech trends that impact your data center...
Closing the Loop: Extending Wireless LAN Security to Wireless PrintersEnterprises cannot overlook wireless printers when assessing network security. The print jobs and...
Partner Content
Explore the Ultrium Edge
The powerful tape technology can address data security with tape encryption as well as long term data protection.
Find out more
Disk and Tape Square Off
Discover what disk and tape really cost -- and which solution provides lower total cost of ownership and optimizes energy use for your organization
Download the White Paper
Don't Fall For The Myths
The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.
Download the White Paper
Will You Add Tape Too?
Over two thirds of disk-only users look to add tape back into storage infrastructure according to recent survey.
Download Survey Information
Comments (2)
Reflex VSA Rocks!By Zack on February 15, 2008, 8:37 amReflex was a lifesaver for us. Since rolling out VMs a year ago we have been having difficulties in several areas and this product has solved most all of them. *We...
Reply | Read entire comment
RE: Reflex IPS adds security to your VM lifeBy Anonymous on February 14, 2008, 5:25 pmI tested this product recently and the performance was horrible! It drove my CPU utilization for my ESX server sky high and only got me about 80 meg of throughput...
Reply | Read entire comment
View all comments