New vShield capabilities on tap, plus agentless antivirus
SearchServerVirtualization.com is reporting that VMWare is previewing some upcoming enhancements to the vShield product.
vShield App can dynamically apply traffic rules at the application level. For example it can automatically detect SSL traffic and apply a containment rule that transcends traditional VLAN boundaries. In many cases this can help to simply security models (possibly eliminating some physical firewalls) and provide extra security and isolation for inter-VM traffic. If PCI compliance is a concern, this is something to keep an eye on.
vShield Edge provides DMZ services, enabling it to be positioned on….well the edge of the external network. It includes routing, NAT, DHCP, VPN and load balancing services.
Agentless Antivirus — this is mentioned in the article but I suspect that it is part of VMware’s VMsafe API to be introduced in a future release of vSphere. In a nutshell, a driver at the VMWare kernel level would provide antivirus capabilities, eliminating the need for a traditional agent inside the VM. As many of us have likely experienced, filter level drivers can cause all manner of problems within an OS, so if this can be successfully implemented and off-loaded from the guest OS, it’s quite exciting (not to mention disruptive for AV sales staff!). Trend Micro has already been developing an agentless solution for vSphere.
The beta site for the vShield technologies can be found here.