Consider, for example, Blue Lane's original offering, ServerShield.  Crawford said, "This product offered virtualized security when it was introduced as an approach (and a very innovative one, I thought)  to inline emulation of the behavior of a patched system that protects organizations from exploitable vulnerabilities without having to deploy patches more quickly than quality control or realistic processes would allow.  Inevitably, however, this invited direct comparison with traditional Intrusion Prevention Systems (IPS), which seems to have bogged the company down in competitive positioning struggles."

He then went on to say, "VirtualShield, on the other hand, offers secure virtualization -- what the market understands as functionality more closely aligned with VMware's VMsafe initiative, namely protecting the virtualized environment itself.  The fact that Blue Lane was surprisingly quiet about this addition to its product set may well have added to the confusion over what the company actually does.  Blue Lane's quiet assimilation into the VMware fold may be an indicator of just what a threat the lack of clarity suggested by the nebulous term "VirtSec" can be -- to those trying to secure virtualization and leverage its security benefits, as well as to vendors staking their future on these values."

Other questions that then bubble up from the acquisition news are what's next after assimilation?  And what does it mean when a vendor loudly trumpets the creation of an ecosystem and then buys one of its players?  Is VMware trying to rescue its investment with harder times ahead?  And will the deal threaten the future of other ecosystem participants in the virtualization security space?

EMA's Crawford said, "I strongly suspect that these questions are among the reasons why the Blue Lane deal has been kept so quiet.  It is clear that IT's collective history with security to date -- as well as the lack of it -- makes it imperative for any serious enterprise contender to integrate security into its offerings for the sake of credibility (regardless whether such an effort really does offer security or not)."

He then added, "It was therefore to be expected that VMware would add to its security story through further acquisition -- but VMware has also adopted the ecosystem approach to solving the problem, in part to assure that customers have a choice in security expertise to provide the benefits they value most.  Does Blue Lane's acquisition mess up that strategy?  Not necessarily, since security pros are often among the most serious about adopting "best-in-class" when they can.  Regardless, however, VMware runs the risk of alienating those partners who may feel ill used by the acquisition of Blue Lane, in view of the very public support those partners have offered for VMsafe."

Security within the virtualization market has become a major concern for VMware and its customers.  In order to help secure the hypervisor and its virtual machines, VMware introduced what it called the VMsafe program back in March of this year.  If you aren't familiar with it, the VMsafe program is a security technology for virtualized environments that is designed to help protect the virtual infrastructure.  VMsafe provides a unique capability for virtualized environments through an application program interface (API) sharing program that enables select partners to develop security products for VMware's virtualization environments.  VMsafe currently has around 30 partners signed up to participate, with Blue Lane and one of its closest competitors, Catbird Networks, being initial partners in the program.

When asked about the Blue Lane acquisition and what it means to their company, Tamar Newberger, VP of Marketing at Catbird, said, "This acquisition validates the relevance and importance of security for the virtualized data center and the VMware ecosystem."

The acquisition certainly validates the need, but it also leads to other unanswered questions.

Do the other 30 VMsafe partners see it the same way?  What happens with the OEM agreement VMware made with Shavlik?  What does VMware do with its August 2007 acquisition of Determina?  And what's going on with the VMsafe program now?  I'm told that VMware isn't currently accepting new VMsafe engagements, which just begs the question even more.

VMblog.com , VMware , Blue Lane Technologies, VMworld 2008