Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

Blue Lane Technologies

Guest Post: Infrastructure 2.0 – The San Jose Fairmont on January 15

by Leave a Comment

This is a cross-post of this blog written by Gregory Ness, former VP of Marketing for Blue Lane Technologies who is currently working for InfoBlox.

In September the discussion started about the concept of Infrastructure 2.0 (or Dynamic Infrastructure) as a response to the rising demands of larger and more complex networks colliding with new IT initiatives including virtualization and cloud computing.  I think it caught many by surprise.

A few weeks later a blog entitled The CIO Shell Game made the point that automating systems and endpoints and not the network was merely shifting manual labor demands while increasing network availability and security risks.  This theme continued in The Network Industry Needs a New Vision with a focus on the network industry’s overzealous industry focus on speeds and feeds that had ultimately risked making the network irrelevant to computing in the future.

Companies like Cisco, Juniper, F5 Networks, Foundry and Extreme need to invest in automating the rampant manual labor rendering networks static and brittle in the face of more dynamic systems and endpoints.  If they do, the cloud computing vision could have a silver lining for those who understand the potential of dynamic infrastructure.

Unleashing dynamic infrastructure will also unleash more powerful business cases for investments in virtualization and cloud computing, which would also impact the fortunes of VMware, Citrix, Microsoft, Google, Amazon and an emerging community of cloud computing startups.  I think the word is getting out rapidly.

January 15 is the Launch of the Dynamic Infrastructure Vision

Since then we’ve seen blogs at Cisco and F5’s DevCentral blog join the conversation and recognize how important the network is to these new initiatives.  I think, however, the ultimate sign of the arrival of the network as “the foundation for IT automation” meme is a live streaming event being held at the San Jose Fairmont Hotel on January 15.

Infoblox and Cisco are billing dynamic infrastructure as the biggest thing in networking since TCP/IP, because it transforms the brittle, static and manually managed network into an automated network that enables connectivity intelligence between applications, endpoints and networks.  That connectivity intelligence establishes feedback loops, the precursor to an explosion of intelligence in the network, applications and endpoints.

Connectivity intelligence could also take the VMotion genie out of the bottle and drive new levels of scale and security and drive the business case for virtualization skyward.  Whichever virtualization platform vendor delivers on the promise of enhanced security with VMotion will win.

Recently a second Cisco speaker has agreed to speak at the breakfast event, alongside Cisco Senior Director Douglas Gourlay and Infoblox CTO and Founder Stuart Bailey and moderator (Infoblox) VP Marketing Richard Kagan.

In May the Dynamic Infrastructure panel at the Future In Review (FIRE) conference in San Diego will also include a VP from F5 Networks among others.

I think these two events will set the stage for a much-needed, broader discussion about the collision between static networks and dynamic systems and endpoints; as well as the drive to automate greater portions of the network in response to increasing velocities of change enabled by increased system and endpoint automation.

You can follow my comments in real time at www.twitter.com/archimedius. You can also read more about dynamic infrastructure in the latest issue of bloxNews (which contains several third party perspectives) and the new Infrastructure 2.0 blog launched last week.

My disclaimer is at: http://gregness.wordpress.com/about/.  I am a Senior Director at Infoblox.

VMware Buys Blue Lane (Updated)

by 3 Comments

VMware went shopping and came back home with Cupertino-based Blue Lane Technologies. Despite the lack of press releases, this transaction was confirmed by Mary Ann Gallo, VMware’s head of Global Public Relations. Unfortunately she could not disclose the financial details.

Update: according to Brenon Daly from The 451 Group, the price was around $15 million, and Blue Lane was in search for a buyer since last Summer because of lack of sufficient capital. He also mentions Blue Lane raised “some $18.4m in two rounds of funding”, but our information keeps it at $13.4m.

The acquired company provides solutions that secure virtual and physical data centers. Its solution secures servers and VMs by controlled code execution in the network and taking appropriate countermeasures against traffic aimed at known software vulnerabilities (without signatures).

Blue Lane was quite silent after releasing VirtualShield 4.2 last April. We interviewed Greg Ness, former VP of Marketing with Blue Lane (and avid blogger) and Thierry Evangelista, Technical Director Europe for the company at VMworld Europe earlier this year.

This acquisition confirms VMware’s commitment to virtualization security or VirtSec in short.

Blue Lane was founded in 2002 and has raised $13.4 million to date in two financing rounds from Benchmark Capital, DAG Ventures and Matrix Partners. According to Greg Ness, who left the company last July to join Infoblox, Blue Lane has around 40 employees.

Below, you can find 3 embedded videos encompassing a long interview we did with Ness last June when he was still with the company.


Interview BlueLane Greg Ness 1/3 from Toon Vanagt on Vimeo.


Interview BlueLane Greg Ness part 2/3 from Toon Vanagt on Vimeo.


Interview BlueLane Greg Ness 3/3 from Toon Vanagt on Vimeo.

Thanks to Virtualization.info for the news.

Blue Lane Technologies

Who Owns Virtualization Security? The Hoff/Crosby Debate

by 5 Comments

We’ve decided to cross-publish a blog post by Gregory Ness, VP of Marketing for Blue Lane Technologies, because we think it delivers a good insight in the whole Hoff/Crosby debate about virtualization security (virtsec, if you will).

Gregory NessLast year when I blogged about the impact of virtsec on the world of static security I focused on how virtualization could degrade the effectiveness of security solutions. Since then we’ve seen a surge of vendor marketing around virtualization security (virtsec), from a growing corral of one trick pony start-ups with various Barney announcements (“I love you, you love me…”) to the likes of the world’s leading security companies joining VMware’s unprecedented, visionary VMsafe initiative.

Last month I blogged about data center security’s key requirements, which included virtsec. My point was that virtsec will require more intelligence and agility than perimeter network security, because it will need to be deployed within the hypervisor layer and will consume hypervisor resources. Simply moving deep packet regular expression inspection engines into the hypervisor layer could add big hypervisor footprints and/or unacceptable levels of latency. These problems aren’t new; they’ve been hidden by faster and faster dedicated hardware at the network perimeter.

That’s why I found a recent virtsec blog exchange between Hoff and Crosby so disconcerting. Two brilliant guys with two very different perspectives are arguing about the ownership and accountability of virtualization security. Chris Hoff is a security guru with a sizable following who has been among the most vocal on the virtsec challenge. Security blogger Rothman calls Hoff Captain Virtual because he has been on a tear when it comes to the blog debate around virtsec.

Simon Crosby is leading the virtualization charge for Xen/Citrix and he insists that virtualization platform vendors should stay focused on securing their platform versus the new infrastructure they’re enabling. Like Chris, Simon is one very smart guy with a deep technology background in virtualization. And from Simon’s perspective he doesn’t sound unreasonable.

The virtualization security debate thus far has had so many issues swept underneath it by various parties that it resembles a lumpy rug. Simon and Chris are exposing some of the lumps as they humor each other with comments about smoking cigars from the wrong end and the following (from Hoff):

“Focusing only on your little patch of grass is short-sighted and it won’t work. Just like it hasn’t worked in the past. It’s a disaster waiting to happen, and you’re enabling it”. – Hoff

The problem isn’t that these two very smart guys disagree; it’s rather that this disagreement promises to play itself out on a micro-level in enterprises around the world, as I commented last year in “VM Security- The Keys to the Virtualization Kingdom.” And no one stands to win, except those hoping for a slow adoption.

Perhaps Rothman is right to suggest that security will stay tactical and reactionary when it comes to virtsec, because that has been the recent history of netsec on many fronts. Yet if virtsec isn’t done right it could jeopardize the very flexibility and efficiency that virtualization enables. Strategic virtsec is an enabler of growth; tactical virtsec is a rocky road.
Rothman’s scenario seems to anticipate the rocky road: the slow and grinding deployment of hypervisors in production stretched out for years, as tactical decisions and budgets respond to new risks and events driven by cycles of hacks, reactionary regulatory responses and internal operations and security discussions. Feels a lot like the status quo today, doesn’t it? I hope he’s wrong.

The colorful and spirited debate between Hoff and Crosby is very symbolic of the issues we’ve discussed here since my initial virtsec blog in Feb 2007.

Unfortunately I think this debate risks becoming a metaphor for production data center virtualization; it feels to me like two different worlds colliding in a potentially myopic haze of finger-pointing and original sin debates. That scenario will not help Citrix/Xen virtualize production environments, and I think that is why Hoff’s points bear such weight. And I’m not sure that Crosby gets this given his thoughtful and understandable Mother of All Misunderstandings response to Hoff.

I think the mother of all misunderstandings is about to play itself out as “a funny thing happened on the way to the datacenter” scenario. When Caesar crossed the Rubicon he knew his security profile would change, but he still underestimated the Senate. If Citrix doesn’t show leadership (ala VMware and VMsafe, etc.) and instead talks about security as “other people’s problems” its growth in the data center could experience a thousand cuts Caesar style as internal conflicts and strife within customers (between the Hoff’s and Crosby’s) could demonize the incredible and undeniable power of virtualization to enhance data center security.

The virtualization and security vendors can either lead on this issue as an opportunity to enhance security today or merely create awareness around the new risks and dynamics and talk about far-off solutions that may one day work when the market matures. One strategy will lead to the faster deployment of hypervisors in production; the other will fulfill Rothman’s prediction.

Virtualization is a massive opportunity to escape the cycle of attack followed by tactical/regulatory response and establish a new order, with security pros getting powerful, flexible new capabilities to protect systems. That will require leadership and new thinking and a full appreciation by those who don’t want to relive the past. Security may turn out to be strategic to virtualization in ways that it couldn’t be strategic to the network. The hypervisor layer is perhaps the most substantial strategic security opportunity in many years. Let’s hope we leverage it to its fullest.

Blue Lane Releases VirtualShield 4.2

by 1 Comment

Blue Lane Technologies today announced the general availability of VirtualShield 4.2, which it claims to be the first virtualization security solution to include inter-VM flow analytics and enforcement, application-aware partitioning (VMwall), and a robust set of application, protocol and vulnerability security policy controls.

VirtualShield

These capabilities in the latest release of VirtualShield, enhanced by VMware VirtualCenter integration, allow Blue Lane’s layer 7 architecture to apply granular application/protocol/port-based policy enforcement on the flows between VMs. According to the press release, VirtualShield’s accuracy, comprehensive protection and minimal processing requirements make it the first IPS capable of protecting virtualized production data centers from network-based attacks.

VirtualShield 4.2 includes:

  • Advanced flow analytics and policy enforcement by cluster, host, VM, data center, OS, application or protocol;
  • VMwall – Blue Lane’s Integrated application-aware firewall enforcement by cluster, host, VM, data center, OS, application or protocol;
  • A rich array of inbound/outbound application policy controls for intra-flow policy;
  • Protocol integrity check for aligning ports with appropriate protocols and services; and
  • A vulnerability policy framework to proactively protect VMs from attacks like SQL injections, cross-site scripting and http smuggling.

Blue Lane VirtualShield 4.2 will be available May 15. Current VirtualShield customers will receive the upgrade as part of their support plan.

Video: Interview Greg Ness, VP Marketing with Blue Lane Technologies (VMworld Europe 2008)

by 6 Comments

The interview below is part of our Virtualization Video Series, a recurring theme we want to implement on Virtualization.com featuring interviews with key players from the industry, event reports, etc.

This interview was recorded at VMWorld Europe 2008 in Cannes, France, and features Greg Ness, VP Marketing with Blue Lane Technologies.

DivX HD 1280×720 3.5mbit/s: Play (pop-up)
WMV HD 1280×720 3.5mbit/s: Play (pop-up)

Flash versions: Blip (embedded below), Myspace, Putfile, Revver, Sevenload, Vimeo, Youtube

Interviewer: Tarry Singh
Video blogger: Charbax

Video: Demo from Thierry Evangelista, Technical Director Europe with Blue Lane Technologies (VMworld Europe 2008)

by 1 Comment

The interview below is part of our Virtualization Video Series, a recurring theme we want to implement on Virtualization.com featuring interviews with key players from the industry, event reports, etc.

This interview was recorded at VMWorld Europe 2008 in Cannes, France, and features Thierry Evangelista, Technical Director Europe with Blue Lane Technologies.

DivX HD 1280×720 3.5mbit/s: Play (pop-up)
WMV HD 1280×720 3.5mbit/s: Play (pop-up)

Flash versions: Blip (embedded below), Dailymotion, Myspace, Putfile, Revver, Sevenload, Vimeo, Youtube

Interviewer: Tarry Singh
Video blogger: Charbax