In a move that will boost VMware’s efforts around compliance, log data management and intelligence specialist LogLogic has signed on to the virtualization giant’s Technology Alliance Program (TAP).
The pairing could help VMware (NYSE: VMW) customers improve compliance with PCI-DSS, the credit card industry’s security standard, as well as ensure compliance with other governmental regulations.
It also signals VMware’s move into the compliance market. “Overall, this whole area around compliance is a very big area of focus for us in general,” Nand Mulchandani, VMware’s senior director for product management, told InternetNews.com.
“We believe we have an opportunity where virtual environments could end up being more secure than their physical counterparts because the core technologies inherent in the virtualization stack let you hook in a lot of technologies for monitoring and inspection.”
LogLogic collects log data from physical and virtual environments and analyzes it, runs searches and creates reports, Anton Chuvakin, chief logging evangelist at LogLogic, told InternetNews.com.
While its product currently works only with ESX, which is VMware’s data center hypervisor bundled with the virtualization vendor’s management tools, LogLogic will extend its capabilities to ESXi, VMware’s now-free hypervisor, which “seems to be their direction for the future,” Chuvakin said.
VMware just announced that the latest version of ESXi, for which it charged $495 a pop, is now available free, in a bid to stave off any similar bundling offers by Microsoft. VMware also plans to phase out ESX, which it charges for, and will make its money from its management stack instead, in line with statements new CEO Paul Maritz made at VMware’s second quarter earnings call recently.
VMware itself collects logs on everything that happens in its virtual environment, but would rather partner with innovative third-party companies to manage them. “We’re not interested in aggregating logs between Oracle (NASDAQ: ORCL), SAP (NYSE: SAP), Solaris and Windows,” Mulchandani said.
LogLogic’s value to VMware stems from its new membership (as of yesterday) in the PCI Standards Council
VMware’s security group “has been very involved with customer calls around PCI,” and the standard has “become really important” since compliance to the PCI-DSS 6.6
Other players
LogLogic isn’t the only company that can compile and assess log data from a virtualized environment and generate reports from it. ArcSight (NASDAQ: ARST) is another player in this space.
ArcSight offers 275 connectors for commercial software out of the box and can create a connector as needed, director of product marketing Ansh Patnaik told InternetNews.com. This wide variety means that “in most cases we don’t need to have a formal partnership with the vendors because we understand those logs,” he added.
Another player, startup Alert Logic, which offers security solutions in software as a service (SaaS)
“We’d like to see a process by which virtualization vendors certify or endorse third party vendors like us to collect log data within our environments and bless them with a gold seal,” Smith said. “That’s the holy grail, but we haven’t seen anything like that yet.”