Posted by: Texiwill
Edward L. Haletky, Security, VDC-OS, Virtualization, Virtualization security, VMware ESX
There’s more to VMware’s purchase of Bluelane than meets the eye. Touted as a means to beef up VMware’s security and high availability options within the virtual infrastructure, this purchase is instead more of a move to a full VDC-OS…and not just a concept as presented at VMworld 2008.
The concept of VDC-OS is to better define the various roles and to change how we as administrators view and manage our virtualized data centers. However, with tools like Bluelane the view begins to muddy.
An operating system provides the basic security and fundamentals to run applications and perform tasks as the users dictate. Users do not want to worry about security, they want to have the system just work. Bluelane helps this by allowing VMs to run even if they are not patched yet reap the benefits of some of these patches. Granted not all patching happens by Bluelane, but those patches that are network related will. Less patching means less downtime.
However, are there diminishing returns? Yes, you get protection but at what cost? Higher CPU utilization to handle all the myriad of network related patches that are necessary? Are you protected by zero day attacks? What if Bluelane is attacked directly?
Even with these questions to be answered, VMware’s purchase of Bluelane shows an intriguing picture of a true data center operating system that just works regardless of the application being run; one that has its basic security handled for them. This is one more tool that can be used with the distributed virtual switch that will span the data center.
Picture a ThinApp running as a virtual appliance with Bluelane to handle the network patching required? Where is the operating system in this picture?