Check Point is introducing a version of its VPN-1 software that runs on VMware ESX or ESXi to protect virtual machines from one another when they are running on a single piece of hardware.


The software runs on the same machine hosting the virtualisation software, between the hypervisor and the virtual machine, according to Check Point.

In addition to protecting virtual servers from each other the software can perform network address translation between the virtual servers and the external network, obscuring their actual IP addresses from the outside, the company says.

VPN-1 Virtual Edition contains all the features of the conventional VPN-1 including unified threat management so it can extend more than just VPN and firewalling to the virtual machines.
Check Point suggests that businesses might install VPN-1VE on a single hardware server along with e-mail and web servers to create a device to support remote offices, rather than resort to multiple servers and security appliances.

The software can be managed centrally via Check Point's SmartCenter platform.

The current version of VPN-1 Virtual Edition is focused on protecting virtual machines, but as more VMware APIs are made available, Check Point said it planned to write a version that will also protect the hypervisor itself.

Licences for VPN-1 VE cost the same as for the traditional VPN-1. A package of licences to protect five virtual machines costs $7,500 (£3,900). Customers with spare VPN-1 licences can apply them to VPN-1 VE, the company said. The new software is available for download from Check Point's website.