VMware announced VMsafe during its last VMworld in Cannes, France. At first glance this solution is nothing to brag about : its a set of APIs that will allow third-party security vendors to interface with VMware's hypervisor, thus being able to watch all virtualized machines from a single instance. Since every vendor worth its salt already has some sort of API to open its products, how this could be a major move ?

It is major because for the first time it turns the table on malware and hackers. With VMsafe, security products do not live in the system they protect, but above - and more importantly outside - it. Malware and hackers have little to no means to know there actually is an antivirus ou IPS watching them. They can at best determine they are running in a virtualized environment, and that's about all. And even if they devise a way to check for the presence of, say, an antivirus running at hypervisor level (by statistical analysis for example), there still is nothing they can do about it.

This is a quite a change from the actual paradigm where security tools have to compete with malware and hackers on the same level, within the same OS. In such a configuration, the first to get to run usually wins since it can control the system. With VMsafe, all this becomes history. Security products will live in an alternate reality, safely out of reach from anything within the OS. Yet, they can access the CPU, memory, I/Os and storage units on all the virtual machines.

This is also a strategic change for VMware's customers. Since the security tools will now live at hypervisor level and not within the virtualized OSes, it's easier to make a clear distinction between security and production. In most cases virtualized servers will be able to be deployed with no built-in security product, and moved around or deleted at will. Production team will not longer have to put up with the antivirus or IPS eating up there ressources or conflicting with their applications. Security will be built within the VMware host system and will stay there. Every new server popping up on that host will automatically get the same security benefits as the others. This only is a major change within organizations.

About twenty major security vendors already committed to VMsafe, amongst those are heavy-weights like IBM, RSA or Symantec as well as true specialists like Trend Micro, Check Point, McAfee, Sophos, Fortinet, , Secure Computing, Tripwire or Webroot. This should give enough traction to this announcement to make it a real stepping stone for the emerging "Virtual Security" market.