Altor Networks is announcing the availability of its firewall designed for virtual environments that overcomes some shortcomings of traditional firewalls that have been adapted to run on virtual machines.
Altor VF addresses blindspots that exist with other firewalls deployed in virtual environments. Products outside the physical server on which virtual machines are running have no visibility of traffic among the virtual machines and can take no action on that traffic.
In addition, as virtual machines recreate themselves to meet demand -- known as live migration -- they can wind up on physical machines with other applications they were never intended to be exposed to. Live migration can help propagate infections by expanding the presence of corrupted machines.
Altor VF migrates a virtual firewall and the rules that pertain to a particular virtual machine when it undergoes live migration. Other firewall vendors such as Check Point and Stonesoft offer virtual versions of their firewalls, but they don't address firewall rules for virtual machines that migrate.
Altor includes a tool to define where to place firewalls among virtual machines, automating a multi-step process. It also controls virtual machine sprawl by enabling default settings that can, for example, lock down virtual machines for which no one claims ownership.
The firewalls can also impose security policies on traffic.
Altor VF integrates with Juniper intrusion-detection system (IDS) gear, sharing its logs so the IDS can assess traffic among virtual machines. Altor says it has a similar relationship with ArcSight's security event management platform and Mazu's network behavior analysis products.
Altor VF costs US$2,000 per physical server with discounts for volume purchases.
This story, "Altor Ships Firewall for Virtual Systems" was originally published by Network World.