My Photo
Subscribe in a reader

Recent Comments

Categories


« Security Between Virtual Machines? | Main | Security Through Visibility - Montego, Lancope and NetFlow »

June 27, 2008

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e55005749e883300e55390c2058834

Listed below are links to weblogs that reference Virtual Security NIC - Concept:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Christofer Hoff

Hey John:

What's old is new again!

I wrote about this back in April in my post titled: "Return Of the Big, Honkin' SuperNIC and Bait and (Virtual) Switch":

http://rationalsecurity.typepad.com/blog/2008/04/return-of-the-b.html

A few things come to mind:

1) This is a band-aid as it basically says that because the virtual networking issues with virtualization in regards to flow manipulation, scale, performance, HA, etc. are broken at this point, we should take the concept of server virtualization and bastardize by adding more hardware to gain the performance lost to software...

2) Relying on speciality hardware means that I now have another criteria that I have to worry about when VMotion'ing my VM's -- I now have to have your special UberNIC in all my VMotion candidate servers or else it all breaks

3) Embedding the security functionality within that UberNIC means that even if it's FPGA's, I have to use YOUR security software which defeats the utility model offered by doing it in "pure" software in a VA/VM -- even if that is flawed today without VMsafe

4) Adding proprietary hardware when we're trying to trend toward COTS solutions doesn't seem to jive...

and ...

4) Ultimately we're going to see I/O virtualization and virtual switches being embedded in the CPU's themselves -- look at what Intel is already proposing.

/Hoff

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment