As I have discussed from the beginning, the policy enforcement capabilities of information security technologies like firewalls, intrusion prevention systems, network access control and so on need to be virtualized in order to secure the next-generation adaptive data center. Network and trust separation in a virtual environment needs to be enforced based on logical attributes, like VM identities, application identities and user identities. Security policies tied to physical attributes like servers, MAC and TCP/IP addresses make no sense in a virtualized environment where workloads may move regularly. At VMworld Europe 2009 and on its website, VMware has formally announced its vShield offering to enable the creation and enforcement of logical separation zones in a VMware virtual environment. From the announcement: Deployed as a virtual appliance and integrated with VMware vCenter™ Server, VMware vShield Zones helps make it easy to centrally manage and enforce compliance with security policies across large pools of servers and virtual machines. Built-in auditing capabilities make compliance straightforward and verifiable The vShield technology comes out of VMware’s acquisition of Blue Lane in late 2008 and is able to enforce separation and isolation of VM-based workloads using logical constructs like VM and protocol identities. Note that vShield is really something different than the VMsafe set of APIs I discussed recently. VMware has wisely avoided the subscription side of the security business (for example, IPS and AV signature subscriptions and the labs necessary to support this) leaving this to its ecosystem partners. However, whether or not the vShield technology will be “free” is a different matter. Pricing/packaging details were not announced. VMware is a commercial entity. Everything can’t be free. But, like the Windows firewall, it makes sense to provide some basic level of security capabilities in the “platform” itself at no additional explicit cost. In this research note, we explore the Blue Lane technology VMware acquired in depth and what we expect VMware will do with the technology moving forward. Whether you use VMware or not, VMware’s announcement is good news. All IT platforms should have built-in security capabilities – hardware, operating systems, application development tools, application platforms, applications, and so on. We must demand this from our virtualization platform vendors as well.