Opening VMM/HyperVisors to Third Parties via API’s – Goodness or the Apocalypse?
This is truly one of those times that we’re just going to have to hold our breath and wait and see…
Prior to VMworld, I blogged about the expected announcement by Cisco and VMware that the latter would be opening the HyperVisor to third party vendors to develop their virtual switches for ESX.
This is extremely important in the long term because security vendors today who claim to have security solutions for virtualized environments are basically doing nothing more than making virtual appliance versions of their software that run as yet another VM on a host along side critical applications.
These virtual appliances/applications are the same you might find running on their stand-alone physical appliance counterparts, and they have no access to the HyperVisor (or the vSwitch) natively. Most of them therefore rely upon enabling promiscuous mode on vSwitches to gain visibility to inter-VM traffic which uncorks a nasty security genie of its own. Furthermore, they impose load and latencies on the VM’s as they compete for resources with the very assets they seek to protect.