Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 things VMware must do to fend off Microsoft

Jon Brodkin | March 2, 2010
The industry's biggest x86 virtualization vendor is facing a strong challenge from Microsoft, which is enticing IT executives with Hyper-V, an alternative that may not be quite as sophisticated as VMware but is less expensive.

Johnson says VMware's technology is sound, but he thinks VMware's insistence on charging significantly higher prices than the competition reflects an "egotistical mentality." Crutchfield was running VMware in 2008 but completely converted its virtualization deployment to Hyper-V, and is now running 225 Hyper-V virtual machines on 11 servers. The total Hyper-V investment came out to $10,000, but would have cost at least three times that much with VMware, he says.

Johnson is a former Microsoft employee, so he may not be the most unbiased observer. But even VMware customer Scott Lowe, CIO of Westminster College in Missouri, thinks it's time for VMware to lower the cost.

As an educational institution, Westminster College gets a discount "but it's still pretty expensive to license," Lowe says. "I think VMware is going to have to address the cost of their solution sooner rather than later to stay competitive with Microsoft."

2. Improve security

As more data centers become virtualized, hackers are sure to take a closer look at hypervisors and try to identify vulnerabilities. Hypervisors have not yet become a central point of attack but in a recent interview Forrester Research analyst James Staten says he expects them to become a big target in the next year.

"As we've seen with other technologies, the point where they're almost ubiquitous in the market is when hackers go after them," Staten says.  

VMware has stripped its hypervisor down to a 32MB software package with 200,000 lines of code, presenting a relatively small attack surface to hackers. The company also announced a program two years ago to open its hypervisor to security vendors with a set of APIs making it easier to protect virtual machines, but VMware has not moved fast enough on this front in the eyes of some observers.

Some vendors say the APIs present performance problems making them difficult to use, as Network World reported in December.

"We're not using the VMware APIs today due to performance," says Richard Park, senior product manager at SourceFire.

VMsafe has been adopted by vendors including Altor Networks, Reflex, IBM ISS and Trend Micro, so the SourceFire concerns are not universal. There are security problems beyond VMsafe, however.

In vSphere, VMware released what it calls vShield Zones that let customers create zones in which security policies are enforced even when virtual machines move from one server to another. But this software doesn't integrate with VMware's Distributed Resource Scheduler, a load balancing product, Wolf notes.

"VMware's load-balancing framework does not respect security zones created with vShield Zones, and its capacity management tool (CapacityIQ) does not account for zoning," Wolf writes in a recent report.

"The left hand has to know what the right hand is doing," Wolf says in an interview.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.