TNP Blog

Virtual Machine Firewalls: Are They Your Best Bet Yet?

Written by The Network Pro | Aug 12, 2011 6:17:26 AM

Ifa regular network has network monitoring applications, security layers andfirewalls it only makes sense that a virtual network would have somethingsimilar to the physical one. A virtual firewall is a software applicationpredominantly deployed to inspect data packets and checks to see if the data transferis in line with established policies for your company.

It is indeed a good solution for virtual machine security, think again because itcertainly has some drawbacks you should know:

 One Firewall for every server

Youcan’t expect to have one firewall up and running to protect all of your virtualmachines hosted on different servers – and possibly in differentlocations.  You will need to have onefirewall per physical server that hosts one or more virtual machines.

Increased CPU usage and Network performance

Ifyou pick up vShield Products for example and apply filters and inspectionprotocols to only s few virtual machines and not all of those you manage, theproducts aren’t built to be biased. Virtual Firewalls tend to inspect alltraffic passing through the hypervisor thereby decreasing the performance of the network and increasing the load on the CPU while slowing down computing foryou in general.

Estranged virtualmachines due to Firewall Crashes

Firewall VMs block hypervisors sometimes when they encounter API or other applications.When that happens, all the virtual machines hosted on the affected physicalmachine are cut off from the rest of the network while the physical machine isstill connected to the network, technically speaking. In a sense, high-availabilityfeatures of the virtual network won’t work now. Hence, while the affectedVirtual Machines should have been moved to other physical servers for acontinuous network performance, it’s not likely to happen in this scenario.

All this talk about Virtual Networks and Virtual Firewalls is one thing;implementing it to smooth functioning of your business is totally another.  The Idea of IT consulting is to let you focus on your business while we manage your IT network or parts of it thereof. We,  at Network Pro, are experts at IT implementation, integration with business operations and IT support. We can help you set up your networks, move to the cloud,find matching technology with your business, pick and help you choose the right data mananement solution. We can also help you with Network Monitoring, Internet Security for Enterprise, and much more.
Do get in touch withus and we’ll help you out with applying virtualization for your business,implementing Virtual Firewalls for your existing virtual network Interfaces,etc.