VMsafe is a new security technology for virtualized environments. Here are some of the basic features.


I have been really enjoying my concentration on the virtualization space. While attending VMworld 2008, I was able to get a glimpse into a new product of VMware’s called VMsafe. VMware describes its new product as the following:

“VMware VMsafe™ is a new security technology for virtualized environments that can help to protect your virtual infrastructure in ways previously not possible with physical machines. VMsafe provides a unique capability for virtualized environments through an application program interface (API)-sharing program that enables select partners to develop security products for VMware environments. The result is an open approach to security that provides customers with the most secure platform on which they can virtualize their business-critical applications.

VMware Infrastructure inserts a thin layer of software directly on server hardware to create virtual machines. It contains a virtual machine monitor or ‘hypervisor’ that allocates hardware resources dynamically and transparently to run multiple systems concurrently. VMsafe enables third-party security products to gain the same visibility as the hypervisor into the operation of a virtual machine to identify and eliminate malware, such as viruses, trojans and key-loggers. For instance, security vendors can leverage VMsafe to detect and eliminate malware that is undetectable on physical machines. This advanced protection is achieved through fine-grained visibility into the virtual hardware resources of memory, CPU, disk and I/O systems of the virtual machine that can be used to monitor every aspect of the execution of the system and stop malware before it can execute on a machine to steal data.”

The benefits include:

  1. Better security Memory, CPU, and guest-handling provide new monitoring capabilities and have no equivalent in physical infrastructure. VMsafe solutions using these capabilities will protect organizations from new security threats more easily, preventing malware from ever infecting a virtual machine.
  2. Better enforcement across the infrastructure — Security solutions that integrate with VMsafe can be deployed easily and consistently across the infrastructure to achieve greater visibility, manageability, and enforcement of standard security policies.
  3. Better isolation One of the major issues with in-guest security solutions today is that these solutions run at the same privilege level as the malware they are protecting against. The VMsafe approach isolates the security engines so they are not accessible to the malware, guaranteeing that the security solution as a whole is protected and isolated.
  4. Better correlation — Security solutions today have very limited correlation between various approaches, such as network behavior analysis and host intrusion protection. Network security appliances today lack in-guest information, such as operating system utilization and application version, patch, or current activity. Using VMsafe, security solutions can obtain deeper visibility into the virtual machines and correlate this information for greater accuracy and performance of network scanners. VMsafe provides the capability to understand in-guest context much like a Host Intrusion Prevention System (HIPS). In addition, virtualization-aware security solutions will be able to protect virtual machines even when they are in motion, suspended, or offline.
  5. Better scalability — With integrated security solutions for VMsafe, customers can provision security virtual appliances as they grow their infrastructure. This also means that during peak times or attacks, SLAs can be enforced simply by enabling hardware resource scheduling to ensure critical workloads continue running.

I believe the goal with this new product is to build a highly secure virtualization platform that blows away the competition. At this point, though, it is just words.