VMware is launching a new appliance to protect the growing number of virtual data centers in the enterprise.
Dubbed VMware vShield Zones, the appliance is aimed at helping enterprises maintain strict compliance with security policies as they pursue cloud computing with virtual environments.
The company announced plans for the appliance Feb. 24 at VMworld Europe 2009 and is tying it into its strategy for the Virtual Datacenter Operating System (VDC-OS). Slated for a beta release next month, VMware vShield Zones will broaden the VMware portfolio of application services with network zoning and segmentation capabilities, officials explained.
The appliance tackles a key problem in virtual environments. According to officials at VMware, companies virtualizing security-sensitive applications have traditionally been forced to choose between enforcing security policies and leveraging virtualization capabilities such as live migration.
To solve that dilemma, many customers ended up dividing their virtual environments into smaller, less efficient clusters for areas such as their Internet-facing demilitarized zones (DMZs) or consumer credit data processing systems subject to Payment Card Industry regulations.
With VMware vShield Zones, customers will be able to create logical zones in the virtual data center that span all of the shared physical resources, with each zone representing a distinct level of trust and confidential. The idea, officials said, is to allow security policies to be enforced even as virtual machines dynamically migrate between hardware devices.
"VMware virtualization solutions have enabled companies to pool their computing resources and deliver IT as a dynamic, shared service," said Raghu Raghuram, vice president of the server business unit at VMware, in a statement. "VMware vShield Zones enhances this architecture by enabling customers to segment and isolate their application traffic in a shared environment, thereby delivering new security benefits and making VMware Infrastructure a safe place to run business critical applications."
The device includes built-in auditing capabilities and can be centrally managed through integration with VMware vCenter Server. Built-in auditing capabilities make compliance straightforward and verifiable, officials added.
Pricing and packaging of VMware vShield Zones will be announced later in 2009.