freshidea - Fotolia

VMware cloud services evolve with AppDefense security tool

Its AWS deal isn't the only sign VMware sees itself as a cloud service provider, as new monitoring and management tools bring SaaS capabilities to cloud-native apps.

LAS VEGAS -- VMware's partnership with AWS grabbed the spotlight at the VMworld user conference this week, but several other additions highlight the company's transition to being a cloud services provider.

VMware added six SaaS tools to monitor and manage its customers' infrastructure across public and private clouds -- the first of many under a new subset called VMware Cloud Services, the company said. Perhaps the most intriguing among them is VMware AppDefense, a compute-level service that sits next to the hypervisor with big potential for security-conscious users -- but with some unanswered questions.

VMware built its nearly 500,000-customer user base on its virtualization technology. That may still be the company's calling card, but it's no longer driving revenues -- compute represents less than 30% of VMware's revenues today, said Ajay Patel, senior vice president of product development, cloud services at VMware.

After several high-profile misfires in the cloud market, the company now leans on its major public cloud provider partners and its tools to monitor and manage those environments as its best path forward.

Many of the VMware cloud services rolled out here this week are a few years late to the market, but they have the potential to drive the business for the next decade, particularly AppDefense, said Chris Gardner, senior analyst at Forrester Research.

AppDefense is an endpoint security tool with embedded threat detection and responses for applications in vSphere-based environments. It relies on a zero-trust model, and uses workload traffic to monitor how the application was architected to build a baseline for intended state and application behavior on VMs.

AppDefense continues VMware's plan to improve security operations through microsegmentation and network visibility, said Jarret Raim, head of strategy and operations at Rackspace Managed Security. Other companies, such as CloudPassage, Illumio and vArmour, try to solve similar problems, but AppDefense extends this security paradigm to a much larger audience.

"A lot of customers are deploying VMware infrastructure," he said. "If they wanted that same level of compatibility, they'd need to learn six or seven other tools to meet those objectives."

Raim expects future capabilities to help users manage host congestion, as well as support for containers. He and others also said they'd like to see NSX and AppDefense work beyond just the VMworld ecosystem.

"If you're going down this road of zero trust -- which is, I want to do this to everything in my infrastructure -- it's not just VMs. There's storage and networking, and I may not have VMware components for some of those," Gardner said.

The state of Louisiana piloted AppDefense and sees its potential, but it must better connect the various VMware technologies and determine cause and effect with security issues, especially since all this data is already being collected, said Michael Allison, CTO of the Office of Technology Services in the state of Louisiana.

"My big problem with VMware is the first iteration of the product lacks depth," he said. The big question is where enterprises fit AppDefense into endpoint security for their own VMs and resources on the public cloud, said Daniel Kennedy, an analyst at 451 Research in New York. For now, it may act as a compliment to what's already on the market in the surging area of endpoint security.

A recent 451 survey found 81% of enterprises have made an investment in endpoint security for their virtualized architecture, up from 78% a year ago, Kennedy said. Additionally, 43% have endpoint security rolled out in their cloud architecture, up from 38% last year.

VMware Cloud Services bring SaaS capabilities

Other tools added to the VMware Cloud Services umbrella include VMware Cost Insight for cloud monitoring and optimization, VMware Discovery to identify and track an enterprise's internal usage of cloud accounts across multiple providers' platforms and VMware Network Insight for traffic-flow visibility across public clouds and software-defined data centers.

Also introduced was VMware NSX Cloud, which extends NSX as a service to applications that run in private and public clouds, and the integration of recently acquired Wavefront into the VMware product portfolio as a metrics monitoring and analytics platform.

AppDefense is currently available in the U.S. only, for customers using vSphere 6.5, and costs $500 per CPU per year. The other services are available for trial until Nov. 30 and can be used to varying degrees across AWS, Microsoft Azure and Google Cloud Platform.

If some of this sounds familiar, it's because vRealize was supposed to have SaaS-based cloud management capabilities three years ago. VMware ultimately pulled back on that pledge and kept the tool for users to install on premises. Now VMware says these new tools are better suited for cloud-native applications.

Trevor Jones is a news writer with SearchCloudComputing and SearchAWS. Contact him at [email protected].

Next Steps

A full guide to the VMworld 2017 conference

Discover the benefits of VMware Storage Policy-Based Management

VMware Cloud on AWS becomes generally available

Dig Deeper on Google and other public cloud providers