The Channel logo


By | Simon Sharwood 3rd September 2015 03:56

Work has started on VMware's secret security disruptor

'Real code is being written' says NSX Daddy Martin Casado

Late in 2014, VMware's network virtualisation guru Martin Casado suggested that his next move after getting network virtualisation up and running as a business might be to try a new approach to enterprise security.

Casado, who is credited with inventing OpenFlow and led Nicira, the company that morphed into VMware's NSX network virtualisation product, today told The Reg what's he's up to, saying VMware's efforts are under way with some code already written.

One effort will focus on encryption management. Casado thinks it is an oddity that data in transit across an organisation or the wider world is encrypted, but that data inside the data centre is not. Casado reckons that's because applying encryption to the many connections inside a data centre is just too labour-intensive.

One VMware security project is therefore looking at how to automate encryption and key management so that bits bouncing around inside the data centre get the crypto they deserve, thereby making the data centre a bit less of a honeypot for those who would do them harm.

Virtzilla's thinking is that it's already good at managing automation and large-scale complexity in the data centre: NSX can spawn, monitor and take down lots of virtual networks at speed while vSphere can do likewise for virtual machines.

Casado therefore thinks VMware has the tools to tackle crypto management at scale, and he said code is being written to deliver this idea.

The other tool VMware is working on will make the hypervisor an application's guardian.

Casado thinks that applications are helpful to security efforts because they store data and know a lot about users, so offer a lot of context about what needs securing, and why. Networks, he thinks, know very little about what needs securing, but offer useful isolation of resources.

The hypervisor, he hopes, will be the “goldilocks zone” for security because it knows a fair bit about the virtual machines running inside it and also groks the network. If security applications can run inside the hypervisor, which uses the application's knowledge of context and the network's provision of isolation, he thinks it may be possible to improve security.

Again, Casado said “real code is being written” to make this idea real.

Casado did not, however, offer a timeframe for delivery of product. Your correspondent incorrectly predicted he might do so at this year's VMworld. Perhaps we have to wait for VMworld 2016. Or the year after. A stopped clock is right twice a day, after all. And so is The Reg's virtualisation desk, sometimes. ®

comment icon Read 4 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe