Now we are talking. Today Altor Networks releases today the third generation of its Virtual Firewall (VF) which features a brand new kernel that fully leverages the new VMware VMsafe APIs.
The choice to rewrite the core part of the product will probably raise concerns about its stability, but there was a good reason to do so.
VMware offers two modes to use the VMsafe network APIs, called Slow-Path and Fast-Path.
By using the Slow-Path, a security vendor asks for a copy of the virtual traffic inside a dedicated VMsafe virtual appliance, plugging into the virtual switches that connect the protected VMs.
This approach is slow (it obliges to perform context switching) and implies some potential risks as the VMsafe virtual appliance itself could be targeted for an attack.
By using the Fast-Path instead, a security vendor can process the virtual traffic from inside the ESX vKernel, in a truly transparent mode.
Unfortunately the Fast-Path integration is harder to implement but pays off in terms of performance, flexibility and security, so different vendors are using both modes to deliver a hybrid solution.
Altor Networks decided to rework its product kernel to use only the Fast-Path mode, and it reports a performance improvements over its competitors from 10x to over 20x, even on a very cheap hardware (and without the new Intel Xeon 5500 CPUs), as this throughput analysis is summarizing:
Additionally, as the Fast-Path approach doesn’t oblige to touch the virtual network configuration and deploy multiple vSwitch instances, Altor Networks could immediately support the Cisco Nexus 1000V, something that is not possible otherwise.
VF 3.0 also includes a intrusion detection system (IDS) module based on the overwhelming popular open source engine Snort. Altor Networks has OEM agreement with the company that maintains Snort, Sourcefire, to resell their commercial attack signatures and allow the customers to recognize several 0day attacks.
Compared to many other security firms, Altor Networks is not just trying to bundle together security engines gluing them with a unified interface.
The company is working on a deeper integration, using the information coming from the IDS (and other modules in the future) to dynamically rearrange the VF rulebase.
There are complexities in this approach but it’s certainly more interesting than many other apparent all-in-one solutions.
Last but not least the new VF 3.0 includes all redundant components, without paying any premium, with hot stand-by copies of its management and control modules.
These pieces can be externally managed through a dedicated API that Altor Networks developed for cloud computing providers that want to control the fail-over with their own tools.
Altor Networks has been included in the virtualization.info Virtualization Industry Radar.