VMware Extends Reach to Container Security
VMware at RSA Conference 2018 today announced that the VMware AppDefense software-as-a-service (SaaS) application it developed to secure virtualized workloads now also can be used for container security regardless of platform they are running on.
Chris Corde, senior director of product management for the Networking and Security Business Unit of VMware, says by making this move VMware is again signaling its commitment to multiple types of approaches to virtualization from within the same management construct.
In addition to supporting workloads accessed via VMware vCenter, container workloads running across virtual servers, bare-metal servers and cloud platforms are now also supported. Each environment only need implement a local proxy server to communicate with VMware AppDefense, says Corde.
AppDefense exposes an application programming interface (API) that can be extended to container orchestration systems. Third-party security vendors then can make use of VMware AppDefense to enforce security policies. The first vendor to announce support for that API is Aqua Security, which has committed to send container runtime profiles to VMware AppDefense.
Aqua also will feed enforcement alerts into the VMware AppDefense console for management and remediation. The Aqua Security integration will be generally available to VMware AppDefense customers in the second quarter of next year.
Corde says VMware AppDefense is unique because it leverages network virtualization and microsegmentation of networks enabled by VMware NSX software to only allow application workloads that have been white-listed to run in a data center environment. When integrated with a continuous integration/continuous development (CI/CD) pipeline, VMware AppDefense creates a definitive map of the intended cybersecurity state of the application environment in keep with DevSecOps principles, says Corde.
VMware also announced today that VMware AppDefense will be available to customers in Europe via European-based data centers beginning in the second quarter of this year.
Corde says VMware will continue to apply machine learning algorithms against all the data it is collecting via VMware AppDefense to better secure application workloads running on VMware hypervisors or as containers.
As VMware continues to expand its reach into the realm of containers, it’s clear the company views the emergence of containers as an opportunity to develop products spanning both traditional hypervisors and containers.
Rather than forcing IT operations teams to stand up separate network, storage and security platforms to manage VMware hypervisors and containers in isolation, VMware is making a case of unifying the management of both under a common shared set of virtual services. In IT environments where VMware is the dominant platform provider, that approach should resonate. That said, many developers are embracing containers regardless of where the IT operations team is in terms of their ability to support them. In some cases, those decisions result in increased levels of tension between developers and IT operations teams, especially if the developer wants containerized applications to run on bare-metal servers rather than a hypervisor.
Whatever the final outcome, however, the one thing all parties can agree on is that regardless of type of workload, the construct for managing and securing those applications is increasingly going to reside in the cloud.