- 10 open source companies to watch
- Mythbuster busts his own tale
- $208 million petascale computer gets green light
- Sony recalls 73,000 Vaio laptops
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Cordoning off physical servers from one another in a data center is difficult enough. Trying to isolate virtual servers running on a single hardware box is even more complicated.
Mercy Medical Center in Baltimore ran into the problem when it deployed network access control (NAC) gear from ConSentry Networks. As part of that move, the company ripped out hardware servers that were running multiple applications and replaced them with virtual servers, each running one application. While this made the NAC implementation more application-centric than server-centric, it introduced security complications.
If you take into account the prerequisites of a good server-to-server firewall -- in particular, the needs for speed and for intrusion-prevention-system (IPS) support -- deploying security in a virtual environment might make more sense. Some vendors have found a niche there. Reflex Security, for example, offers a virtual firewall-IPS appliance packaged as a virtual machine for controlling and securing communications among virtual servers. Because the servers and the firewall communicate within the box, they don't pay the overhead of going out to an external switch. That reduces the IPS performance hit.
Read related story: Four virtualization security companies to watch
In addition, because these features are provided in software on a virtual machine, it costs less to deploy than a hardware-based firewall-IPS. "You don't need to start moving wires around every time you want to secure a different server," says Nand Mulchandani, senior product director at VMware. "It's all done in software, at a much lower cost."
Other companies, such as Blue Lane Technologies, also make virtual-machine-based security appliances, and even firewall stalwart Check Point Software says it has not ruled out the idea of building its own virtual firewall-IPS appliance.
Virtual security appliances are a step in the right direction, but some users say the performance is still not acceptable. "We've been playing with Reflex and others, but they can't seem to pass packets fast enough," Rein says. What's really needed, he says, is for security to run "somewhere within the hypervisor itself."
To that end, VMware is opening the hypervisor to trusted security partners via a new program called VMsafe. Security vendors will get the same visibility as the hypervisor into the operation of a virtual machine, including the memory, CPU, disk and I/O systems, VMware says. That way, they can identify and eliminate malware, such as viruses, Trojans and keyloggers, before it can harm the machine or steal data.
Rss FeedRss Feed
It's safe to say that most companies, if presented with hard numbers on their energy consumption...
Consolidated Disaster Recovery Using VirtualizationServer virtualization is providing enterprises of all sizes with exciting new options for...
Secure Wireless Printing OptionsDiscover how you can reduce the TCO of your wireless printers in this whitepaper. Learn how to...
Double-Take (r) Software and Microsoft are teaming up on September 9, 2008 for a webinar focusing...
Transforming the Enterprise WAN Edge: Video from CiscoLife on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Increasingly popular technologies such as virtualization, wireless networking and data center...
Virtualization Reality CheckFind out why analysts say approaching virtualization with an ounce of caution is wise. And also why...
Closing the Loop: Extending Wireless LAN Security to Wireless PrintersEnterprises cannot overlook wireless printers when assessing network security. The print jobs and...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Explore the Ultrium Edge
The powerful tape technology can address data security with tape encryption as well as long term data protection.
Find out more
Disk and Tape Square Off
Discover what disk and tape really cost -- and which solution provides lower total cost of ownership and optimizes energy use for your organization
Download the White Paper
Don't Fall For The Myths
The Clipper Group explores the truth behind the myths of tape, digging into the misconceptions in the disk vs. tape debate.
Download the White Paper
Will You Add Tape Too?
Over two thirds of disk-only users look to add tape back into storage infrastructure according to recent survey.
Download Survey Information
Comment