VMworld Europe 2008 – stay safe today

Day 2 began with Dr. Mendel Rosenblum’s keynote, which Alessandro outlined here. And the security pat-down to get through the door foreshadowed the latter portion of Mendel’s keynote, which focused on a new security initiative by VMware. Called VMsafe, this initiative allows security software vendors (like McAfee – maybe even Microsoft Forefront one day) to write their anti-malware and other security software to ESX Server hypervisor API.

So how is this different? Well, it’s not from a functional point of view. It is different in that it’s for VI3 and assumes all end users will ditch operating systems and run virtual appliances (OS with apps) on VMware’s virtual infrastructure. But to be fair, Mendel spoke of this initiative within the context of the future of virtualization … he called it virtualization 2.0.

The demo was less than futuristic, however. Alessandro described it in his post:

After another shameless plug about the availability of McAfee products as virtual appliance, a demo of VMsafe interoperability is finally shown. A Windows XP virtual machine gets attacked with a malicious code that copies away corporate documents but another virtual machine with security engine is able to transparently recognize (a virtual memory scan through VMsafe APis access) the threat and stop it before it compromises the guest OS.


From a solution perspective, Microsoft and partners protect and secure apps and data all the way from the network edge to the desktop, whether those apps/data run in a virtual or non-virtualized system. Dave Marshall commented a bit. This was a bit of a conversation today on the show floor, and of course visitors wanted to know how a similar malware threat scenario would be resolved when run on Hyper-V. As an example, Windows Vista SP1 and Windows Server 2008 include new kernel APIs that allow ISVs to develop security enhancements, that can be used in a virtualized or non-virtual environment that are hosting Vista or WS08. Here’s another example I picked up from some colleagues (their words):

With Microsoft Windows Hyper-V, mechanisms exist to enable anti-virus and other security scans.  Microsoft has made the .VHD, or virtual hard disk, format used in all Microsoft virtualization technologies available for license.  Scanning a virtual machine’s .VHD while paused,  turned off, or live through a VSS snapshot can enable anti-virus and other security scans from the host operating system, independently from the system being scanned.  This can provide additional security, as the scan does not depend on up-to-date security software running inside the scanned system, and cleanup of malicious software may be simplified due to the cleaner not having to compete with running malicious software.   Performing a scan on a .VHD can be done rapidly, without loss of state, and in a fully automated and remote manner.  In addition, the ability in Hyper-V to pause, save state, and create differencing disks of virtual machines can aid in forensic analysis and auditing.

That said, we should have more education and discussions on securing virtualized datacenters. I’ll try to recruit some subject matter experts (not me, by far) to blog about it here in the near future. In the mean time, check out Mike Neil’s interview from VMworld Europe with Tarry Singh.