In an interesting move, VMware acquired PacketMotion late on friday just before VMworld which could lead to some intriguing statements during the show. Packet Motion is a hybird physical and virtual set of security appliances, where the virtual appliances generally talk to the physical components which do the heavy lifting. Yet this does not fit VMware’s vShield products line-up, or has VMware finally realized it also needs to consider physical security?
VMware gains the ability to track which user does what within the virtual environment, as long as the environment uses a unified directory service for all authentication, if there is one user not part of that unified directory service, then PacketMotion may not know who is actually talking on the wire. Besides user activity monitoring, the PacketSentry component of the PacketMotion suite works as an inline device to control who has access to what files, devices, and applications at a much more granular level than a normal packet filtering firewall, as it adds the user account monitoring to its firewall policies to control what files, and applications a user can access.
In combination with vShield App or Zones, this adds yet another level to firewall policies, that exceed current capabilities. vShield App w/UAM perhaps?
Being able to control which users can access what, also falls into the arena of Horizon App Manager and we should look for some interesting combinations of VMware’s End-user computer products with vShield with this new acquisition. A central policy location perhaps set within HAM could control the new user-level firewall policy provided by PacketMotion.
In either case, there is quite a bit of product development to do, as VMware does not have a hardware presence with its vShield product line, so the question still is, with the purchase of PacketMotion, will VMware maintain the hardware presence and start to provide security tools for the physical environment? Other questions that come up are how will this finally be integrated into the vShield product line and be usable by such tools as Horizon App Manager? Centralized Security Policy for who can access what applications, files, etc. is very important for the future. And, how will VMware w/PacketMotion handle the unknown in a non-central directory service authentications scheme common within the virtual and cloud environment management space?
Even with all these questions, when PacketMotion’s technology is integrated into vShield, it will enhance vShield’s compliance capabilities. Tie this to the vShield App with Data Security, and there will exist several VMware specific solutions for PCI DSS and other regulatory compliance requirements which will impact the virtualization security market.
For more information: VMware Acquires PacketMotion