I sometimes wonder why some things in the industry go so quick, while on the other hand things go so slow. One of the things that goes so slow are the products that make use of the VMsafe API.  Oké last year a couple of security vendors announced their first steps along this road, but only Trend Micro came out with a 1.0 product. Although the VMsafe API framework is there for quite a long time , the industry does not make use of its full functionality.

To refresh your memory, some quick lecture about the VMsafe API.

When I think of VMsafe, I think of this as more of a partner ecosystem program delivered by VMware. That is to say, what we have created and offer as part of this ecosystem program are three sets of distinct Application Programming Interfaces (APIs) that can be used by ISVs and developers to develop and build security applications and solutions for the virtual environment. I might add this is not for the faint hearted! These APIs are split into three main areas:

 

– vCompute (CPU and Memory) API

– vNetwork Appliance (DVFilter) API

– VDDK API (for disk block inspection)

 

The vCompute CPU and Memory API.

So what does the vCompute CPU and Memory Inspection API do? At its most basic form, this API includes features that you can use for developing security applications that inspect memory access and CPU states before any code is actually executed.

 

The vNetwork Appliance (DVFilter) API

So what does the vNetwork Appliance (DVFilter) API do? This API enables you to provide a solution to protect network packet streams. With the DVFilter you can create network packet filters that you insert into the virtual packet stream. This network packet filter is inserted between the vNIC and virtual switch (vSwitch). There are one of two possible agents that can be used. These agents are referred to as the fast-path agent and slow-path agent, which make up the “filter”. I’ll write more on the fast-path and slow-path agents in a future blog. One of the key messages here is that the vNetwork Appliance APIs are not just for security, we envision a lot more use cases moving forward. In fact, you may not be aware of this, but Lab Manager was the first product to use DVFilter.

 

The VDDK API

So what does the VDDK API do? The Virtual Disk Development Kit is a collection of C libraries, code samples, utilities, and documentation that enable a developer who is creating applications to manage virtual storage. Yes, it’s an API and Software Development Kit (SDK). The Virtual Disk Development Kit includes the Virtual Disk API library functions, VMware disk utilities (which include the disk mount and virtual disk manager) and documentation. The primary audience for VDDK are ISVs who develop, for example, anti-virus security products.

 

 

 

Now we know what VMsafe is all about the interesting thing to talk about is why adoption, to make use of it, is so slow. There are probably many reasons such as complexity and technical challenges but to my opinion the main reason is: profit…. Why put a lot of effort in a new school product which cost you as a company a lot of money, while on the other hand you can make a lot of money with further developments of your old school product? As long as the companies in the industry shrink day by day due to mergers, acquisitions and bankruptcy only a few very dominant companies control the market. The industry makes us believe that they listen to our wishes, but in reality we totally dependent on how en when the new functionality is given to us.

But what can we do? We must use massively the new school possibilities so the industry has no other choice then to support us with new functionalities. Follow the iPad, no antivirus from the market leaders yet, but still a very, very popular platform. How long will it take before they see the market share?