VMware's goal is to provide "infinite flexibility" for deploying firewalls to any virtual machine, and enabling the firewall to move with the virtual machine even when it's transferred from one physical server to another, Mulchandani said.
Also this week, IBM ISS is demonstrating a firewall, and Trend Micro is demonstrating an offline virus scanning product that could potentially be put on the market even before VMsafe is ready, Mulchandani said. The Trend Micro technology allows customers to do a complete virus scan of virtual machines even when they are powered down, he said. This particular capability can be accomplished without the VMsafe portion of the hypervisor and so could be available before VMsafe itself.
But many security features can't be implemented without VMsafe, Mulchandani explained. One of the VMsafe APIs allows a third-party security product to see inside virtual machines, and manipulate malicious code before it executes. A second API provides more flexibility in deploying firewalls to virtual machines, and a third allows security products to modify virtual machine disk files on storage devices.
VMware has been working on the APIs for two years, and decided to announce them before they were ready to give security partners time to build products and have them be available when VMsafe is eventually released, Mulchandani said.
"We're pretty much at the point where we feel the products they'll be able to build out with these [APIs] are pretty effective," he said. "We call this better than physical. Stuff they'll be able to do on VMsafe they won't be able to do on a physical machine."