The Rumor Is True…But Why The Secrecy?

By David Marshall
published: Tuesday, November 11 2008

Back in September during VMworld 2008, there was a rumor floating around the event's showroom floor that begged to be verified.  No, I'm not talking about the rumor of Microsoft acquiring Citrix (though that was making its rounds during the show).  Let's take it down quite a few notches on the scale of wearing tin foil hats -- I'm talking about the rumor that VMware acquired the network security vendor Blue Lane Technologies.

After reaching out to both companies, I recently heard back from VMware, and indeed, they confirmed the rumor to be true.  Although no press release from either company was ever issued, VMware did confirm with me that as of October 2008, the virtualization giant had indeed acquired Blue Lane Technologies for an undisclosed amount.

So what's all the secrecy about?

Well for one thing, the rumored terms were not particularly favorable for Blue Lane and their investors.  The acquisition amount being thrown around is somewhere in the neighborhood of $10-15 million.  Blue Lane, founded in 2002, has raised $13.4 million to date with two rounds of funding coming from Benchmark Capital, DAG Ventures and Matrix Partners.  And supposedly, even VMware had an investment in the security firm in the amount of $3 million.  Having $13-16 million invested in the company and returning a valuation sale price between $10-15 million adds credibility to the rumors that Blue Lane may have been struggling.

At some point this year, Blue Lane also lost their outspoken VP of Marketing, Greg Ness, an avid blogger and evangelist for the virtualization, security and Infrastructure 2.0 market - causing further concern and alarm as to the validity that the company was going through rough times.

So if Blue Lane was struggling, why did VMware make the acquisition?

While at VMworld 2008, you might remember that VMware made a huge splash when it launched its Virtual Datacenter OS (VDC-OS) initiative.  VDC-OS was billed as the next generation of evolution of the VMware Virtual Infrastructure.  And VMware said that a critical layer of the VDC-OS architecture is something called Application vServices, which give applications critical datacenter services that include security, availability, and scalability.

When I questioned them, VMware told me they purchased Blue Lane in order to accelerate delivery of critical Application vServices for customers to more easily secure their virtual networks.  As virtual datacenters expand, VMware said customers increasingly need to partition the interior of the shared virtual network, whether to segment varying trust zones within the enterprise or to isolate customer zones in multi-tenant cloud environments.

They also said that Blue Lane's deep understanding of application protocols allows them to focus on network security from the physical datacenter perimeter, which has become increasingly porous, towards the ‘application perimeter' - which consists of application-centric security policies based on the logical zoning and partitioning of applications and services rather than machine boundaries.

The acquisition seems to confirm VMware's commitment to virtualization security, or what some call VirtSec.  But what exactly is VirtSec?  And what is Blue Lane bringing to VMware's party?  To figure that out, I spoke with Scott Crawford, Research Director for the analyst firm Enterprise Management Associates who has been following this space.

Crawford told me that the confusion is not unique to Blue Lane.  In fact, if anything, Blue Lane's struggles are symptomatic of all those vendors that use and abuse the term "VirtSec."  Crawford said he understands the need for a shorter handle than "virtualization security" when talking about this stuff, but that still doesn't help us understand what "VirtSec" means exactly.  Is it secure virtualization, virtualized security, or security through virtualization?  Like all things 2.0, "VirtSec" as a term is a raspberry seed in this analyst's wisdom tooth these days.