LAS VEGAS — VMware launched its long-awaited security product today at VMworld 2017 — in addition to a slew of other cloud services and products as part of its ongoing battle for hybrid cloud dominance.
Also at VMworld 2017, VMware CEO Pat Gelsinger announced the initial availability of VMware Cloud on AWS, a joint service offered with Amazon Web Services and a key piece of VMware’s strategy to be the “glue of the hybrid cloud.”
The new security product, AppDefense, protects applications running on vSphere-based virtualized and cloud environments by monitoring them against their intended state. It leverages the hypervisor to monitor runtime behavior and uses machine learning to detect attempts to manipulate applications. It then uses vSphere and NSX to automate and orchestrate response to attacks.
It uses a least privilege model to secure applications. This limits access to the minimal level that will allow the apps to function as intended.
“What least privilege means to us is how do we ensure good?” said Tom Corn, senior vice president, security products group at VMware. “This is a much more effective solution than chasing out bad” by only responding to attacks. “You can leave all the windows and the doors open and then have a monitoring system for your house. Or you can start by locking the doors and closing the windows.”
Corn said the security product is intent-based and “will do for compute, what VMware NSX and microsegmentation did for the network” by creating these least-privileged environments for applications.
“We’ve never really used that compute layer for security,” Gelsinger said in his keynote address at VMworld 2017. “Today that changes.”
VMware is also expanding NSX to support networking and security for clouds and cloud-native apps.
In addition to securing applications, AppDefense also integrates with several endpoint security, security information and event management (SIEM), and security operations center (SOC) analytics products. Initial technology partners include: IBM Security, RSA, Carbon Black, SecureWorks, and Puppet.
VMware today also announced the general availability of several new cloud services and products.
Workloads running in enterprises’ on-premise data centers look different than those running in AWS or Microsoft Azure, said Guido Appenzeller, CTO of the networking and security business unit at VMware.
“So the idea behind VMware Cloud Services: we want to bridge across these silos,” Appenzeller said.
To this end, the software-as-a-service (SaaS) cloud offerings initially supports AWS natively, Azure, and VMware-based private clouds. In the future they will also support Google Cloud Platform, VMware Cloud on AWS, and other VMware-based cloud partners including IBM Cloud.
The cloud services are also consumption-based, meaning customers only pay for what they use, which Appenzeller admits is “quite a departure for us as VMware.” They include:
- VMware Discovery: an automated inventory detection service that spans multiple clouds.
- VMware Cost Insight: a cost monitoring and optimization service for public and private clouds.
- Wavefront by VMware: a metrics monitoring and analytics platform.
- VMware Network Insight: a network and security analysis service that provides network visibility of traffic flows across public clouds and software-defined data centers.
- VMware NSX Cloud: a service that provides networking and security for applications running in multiple private and public clouds, via a single management console and common API.
One Hybrid Cloud to Rule Them All?
VMware’s cloud management offerings reflect common cross-cloud challenges — namely cost management, monitoring, and governance — that enterprises face, said Forrester VP and analyst Dave Bartoletti.
“We expect the easier consumption model (cloud-like, on-demand) will speed adoption and help VMware customers extend their current on-prem cloud management skills further into the public cloud,” he said in an email.
And who will win the hybrid cloud war: VMware or Microsoft with Azure Stack, which lets enterprises build a private-cloud version of the Azure public cloud in their own data centers?
“There’s room for both approaches,” Bartoletti said. “They are different. Azure Stack is an on-premises version of the Azure cloud — it extends the public cloud into the data center. VMware does not run its own public cloud. VMware wants to manage any cloud, anywhere, with the same tools powering the data center. Microsoft wants to manage any cloud as well, but also wants to seed data centers everywhere with Azure services.”
Photo: VMware CEO Pat Gelsinger discusses AppDefense in his keynote address at VMworld 2017.