Core Security Technologies, a network security software company, showed how this could happen in its lab earlier this year. VMware client virtualization software, including VMware Player, VMware ACE, and VMware Workstation, has a Shared Folder feature that lets it write to a file on the host's operating system, where other clients can share its contents. Under some circumstances, the shared folder could be used to plant a virus or Trojan program on the host's operating system, Core Security engineers said. VMware issued a critical security advisory to customers after the exposure was aired.
APPLICATION VIRTUALIZATION has reached the peak of its maturity; won't change significantly over the next 10 years.
NETWORK VIRTUALIZATION has had significant success in the enterprise and is unlikely to change much over the next 10 years.
DESKTOP VIRTUALIZATION is in early stages of development but is growing quickly; will mature into next phase of adoption over the next three years.
HYPERVISORS from VMware, Citrix Systems, and Microsoft, along with versions from Sun and Oracle, are doing well and will evolve into a more advanced stage over the next three years.
VIRTUAL APPLIANCES have caught on as a way for vendors to ship trial software but are only slowly being adopted as a means of implementing new apps in the enterprise. They should make progress in that direction over the next three to five years.
Data: Forrester Research's TechRadar: Infrastructure Virtualization, Q2 2008, by Galen Schreck
VMware has since published the VMsafe API that lets third-party security suppliers build products that monitor and protect the hypervisor from such a threat. Twenty vendors are working on virtualization security products using the VMsafe API. One of them, Apani Networks, is designing a way to extend the security zones that its EpiForce product creates in a corporate network to servers running VMs. EpiForce subdivides the network, giving each segment a security zone rating that it enforces. It can impose a much more granular level of security for virtual machines by checking user privilege and requiring encryption of data flowing from VMs that handle sensitive data.
Apani is working on making the EpiForce approach available dynamically so that VMs would be assigned to the appropriate security zone as they're created, says George Tehrani, the company's senior technology director. VMware's VMsafe API lets Apani give the Virtual Infrastructure 3 console the ability to assign EpiForce security policies and update them along with its other management functions, he says. VMsafe "will unify the management console, resulting in both time and cost savings" in administering virtual machines, he says. Instead of having an Infrastructure 3 console and a security console, all functions will be managed through Infrastructure 3.
VMware's security API makes sense, says Bruce McCorkendale, a distinguished engineer at Symantec, which is using the VMsafe API to extend its products to VMs. Building security products that monitor the hypervisor gives security software makers "a higher privilege perspective" than the intruders they're watching out for, he says. The corporate network is relatively flat in terms of privilege: Anyone who can assume or spoof a server administrator's role has a chance to get in. The hypervisor perspective is more like that of the watchman in the tower: He can see others before they see him.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
