Virtualization Technology News and Information
VMware vSphere Bolsters Security with vSphere Platinum and AppDefense


For IT administrators looking to strengthen security for applications in hybrid cloud environments, VMware may have an offering for you.  During VMworld 2018, the company's annual virtualization and cloud event, VMware unveiled its vSphere Platinum Edition, a new (and more expensive) version of its cloud computing and virtualization platform that bakes in additional security enhancements.

A rapid proliferation of malware and cybersecurity threats has brought about a serious need for organizations to change their approach to securing systems.  As security threats and regulatory pressures to control risks increase, organizations are moving from point security tools to embedded infrastructure solutions. 

To help businesses address these threat and security challenges, VMware vSphere Platinum Edition is said to deliver comprehensive, intrinsic security to protect applications, infrastructure, data and access across customers' digital foundations.  The bundled version of vSphere Platinum Edition contains vSphere 6.7 Update 1 and AppDefense, VMware's data-center endpoint-security product announced last year at VMworld 2017.  It also adds a vCenter plug-in for AppDefense.

During the opening VMworld 2018 keynote address, VMware CEO Pat Gelsinger said, "security is broken today," and the IT industry is still largely bolting on security solutions, chasing the bad instead of ensuring the good.  Instead, he said VMware wants to help usher in a world of "fewer security products and much more security," while at the same time radically reducing the attack surface.

The new vSphere edition will combine vSphere's native security capabilities with VMware AppDefense - resulting in the delivery of advanced application security features fully integrated into the hypervisor.  Using machine learning and behavioral analytics, the new solution will enable vSphere administrators to deliver more secure applications and infrastructure by enabling virtual machines (VMs) to run in a "known good" state.  If there is any deviation, admins will get an alert right away and be able to do something about it.  The new edition will offer direct visibility into VM intent and application behavior as well as fast and more accurate threat detection and response capabilities.  By monitoring app behavior in real-time and detecting anomalies that differ from the known good state, VMware argues that vSphere admins and security teams will be able to better collaborate to protect systems. 

With AppDefense, you'll be able to see whatever a VM is for – it's purpose, it's behavior – and tell the system that's what it’s allowed to do.  And according to Gelsinger, 'the capability is so powerful, so profound, we want you to be able to leverage it everywhere, and that’s why we’re building it directly into vSphere.'

He equates this concept to that of a burger and fries.  "Nobody leaves the restaurant without fries," said Gelsinger.  "Who would possibly run a virtual machine in the future without turning security on?  That’s how we want this to work going forward."

VMware vSphere Platinum will also make use of the following:

  • FIPS 140-2 VM Encryption and encrypted vMotion across vCenters - Protects data in flight and at rest
  • Secure Boot for ESXi - Protects the boot environment on the ESXi host itself from compromise and ensures the boot environment only runs signed code
  • Secure Boot for VMs - This provides the same security functionality to protect the boot environment of the virtual machine from compromise
  • TPM 2.0 support for ESXi - Ensures hypervisor integrity by assisting the validation of the secure boot process by attestation
  • Virtual TPM 2.0 - This provides the attestation for guest operating system security features
  • Support for Microsoft Virtualization Based Security - Microsoft VBS provides security features such as Credential Guard that protects security
Larger IT shops should definitely appreciate VMware's continued focus on security with the bundling of AppDefense.  And to provide a fast path for on-premises vSphere customers to get started with VMware Cloud on Amazon Web Services (AWS), customers that purchase a minimum of five vSphere Platinum Edition licenses will also be eligible to receive credits that can be applied against the service.   
Published Tuesday, September 18, 2018 7:33 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2018>