News Stay informed about the latest enterprise technology news and product updates.

VMware releases long-awaited VMsafe security API

With the release, the virtualization powerhouse will now enable third-party security vendors to apply security within the hypervisor to safeguard virtual machines at the host level.

SAN FRANCISCO -- VMware Inc. has released the long-awaited VMsafe API, enabling third-party security vendors to apply security within the hypervisor to better secure virtual machines.

This means VMsafe-compatible security products, running as protected virtual machines, will be able to safeguard VMs at the host level. For example, a malware attack could be stopped at the host, protecting multiple guests.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

 The API will also give security products greater visibility into the virtual environment, granting them the ability to monitor and filter packets both inside the hypervisor and in a virtual security appliance.

Until now, for the most part, security products such as firewalls and IPS were placed in-line to protect the host, with little or no awareness of the VM guests, their roles and attached policies. Alternatively, some products have been offered as virtual appliances, but with little or no awareness of the virtual network in which the protected VM lives.

VMsafe should give enterprises the ability to manage their virtual networks and servers with the same level of control and visibility available for physical systems, while leveraging VMware-specific capabilities, such as VMotion, which dynamically moves VMs between physical devices as needed, and tracks the retirement, reactivation and creation of guest VMs.

A VMware spokesman was not available for comment on deadline.

"What we're seeing right now is the transition to really exploiting the capabilities of virtualization with VMsafe," Steve Herrod, VMware CTO, said in a recent interview with

"You'll see a lot of transformation around leveraging VMsafe and moving from just protecting the virtualization layer as if it were a normal machine," Herrod said, "to really exploiting the benefits of introspection and being ready for the mobility that comes with a virtualized data center."

Find out more about
vSphere 4

Check out this page on with all the info you need about vSphere 4, VMware's newest virtualization product suite.

 The VMsafe release comes as part of the latest version of VMWare's data center product, vSphere 4 (previously known as VMware Infrastructure), which it bills as the "first cloud operating system for delivering efficient, flexible and reliable IT as a service."

vSphere is designed to help deploy and manage virtualization rapidly and efficiently for large data centers or virtualized private hosted services, for both service providers and large enterprises that want to adopt a "cloud"-style environment within the organization.

To date, VMware has not publicly linked vSphere to VMsafe, although it has discussed other enterprise-scale security capabilities, such as new large-scale management features that facilitate server security, storage and network settings, automate configuration management and reduce errors due to misconfiguration.

vSphere also features vShield Zones, which enforce application security policies based on logical zones.

The VMsafe release should trigger a flurry of virtualization security products from among the more than two dozen VMsafe security partners, which have been working with VMware through the development and beta programs, many since VMware first announced VMsafe in February 2008.

Host intrusion detection/prevention and application security vendor Third Brigade Inc. stole a march on everyone at the 2009 RSA Conference Monday, announcing VMsafe support with the release of its Deep Security Virtual Appliance.

RSA Conference 2009

For all the latest news, podcasts and more direct from the show floor in San Francisco, visit our RSA Conference 2009 special news coverage page.

 The announcement gives customers the option of using the VMsafe-supported product or Third Brigade's existing agent-based product for individual VMs requiring high performance and/or using VMotion in a cloud environment. In large virtual deployments, that means managing a lot of agents.

"And that's a challenge," said Bill McGee, Third Brigade's vice president of products and technology. "That's why we adapted our technology to use the VMsafe API for virtual machines that don't have an agent."

Dig Deeper on Cloud Computing Virtualization: Secure Multitenancy - Hypervisor Protection

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.