A while ago, I spoke with the folks of Apani about security in virtualized environments. Although this isn't a topic that is getting as much media attention as virtual machine software, virtual access software or virtual application environment software, it is a very important topic. Security risks still exist even though an organization has moved some of its resources into a logical or virtual environment. Apani is addressing this issue with a concept called "cross-platform server isolation."
Apani's EpiForce is software that "grabs" the network communication pathways of virtual servers and applies a set of management, security and other rules to the communication stream. This is an interesting approach because it doesn't require changes to any of the applications or operating system. EpiForce enforces the organization's environment by creating logical security zones and encrypting data flowing from one server to another (regardless of whether it is a physical server or a virtual server.)
This means that servers and endpoints can be isolated from one another or allowed to communicate based upon an organization's own policies. So, for example, the laptop computer used by an HR manager might be allowed to access personnel files while that machine is in the office and during office ours and not be allowed to even see the HR systems if it is in a different location or is attempting to access those systems outside of normal office hours. The architecture Apani created is distributed and highly scalable.
It is clear that EpiForce is a targeted security tool for organizations having a large and complex distributed environment. It is not a management framework in the traditional sense. So, organizations wishing to acquire management and security tools from a single supplier might be advised to consider products from CA, HP or IBM first. If the organization already has a management framework in place and wishes to secure the network infrastructure, reviewing Apani's EpiForce is worth the time.