I was updating my VMware build/release tables a few weeks ago and noticed that I could not find a version 5.0 of vShield Zones which is included with the Enterprise and Enterprise Plus editions of VMware. When you go to the download links for vSphere 5 under the Enterprise Plus category it says VMware vShield Zones for vSphere 5 – 1.0 Update 1.
So I thought that can’t be right in vSphere 4.1 the version of vShield that was included was vShield Zones 4.1, how can it be version 1.0 now. In vSphere 4.1 there was the Zones version and the App version of vShield, you could upgrade from Zones to App by buying the licences for it and once you applied them Zones became App which provided more features that were not part of Zones.
So I was having lunch with Rob Randall, VMware’s security guru last week and asked him about it. Turns out they are no longer providing the updated vShield Zones as part of the bundle with Enterprise/Plus licenses. They did a switch-a-roo and are now providing the old version 1.0 Update 1 instead. I’m guessing they thought they were giving too much away for free with the updated vShield Zones which was not all the much different from vShield App and as a result people were not upgrading to App. This is disappointing as there is a huge difference between the 4.1 version of vShield and the 1.0 version. The biggest difference is version 1.0 does not use the VMsafe APIs and only worked inline between vSwitches in bridged mode. So if you are upgrading from vSphere 4.1 to vSphere 5 and you are using vShield Zones be aware that you are going to lose it after you upgrade. Your only options are to switch to version 1.0 (not very appealing) or cough up the dough to buy vShield App licenses. This VMware KB article breaks the bad news to you.
If you want to read more about vShield and the differences between the 1.0 and 4.1 versions as well as the differences between Zones & App I did a detailed multi-part series on each that you can read.
It’s this kind of thing that drives people away from Vmware to stuff like Xen. I find not just misleading but borderline dishonest for them to be listing vShield functionality in the product feature set for Enterprise and Enterprise Plus.
I hope they realise before it’s too late that screwing over customers to get every last penny isn’t a good longterm strategy when there’s competition in the market. I’m already being directed to build Poc Hyper-V and Xen environments purely because we can no longer build commercially viable VMware hosted solutions when our own competitors are using these much cheaper solutions.
VMware need to make the most of the market-leading features like vShield and get more of their customers using it as part of the product and not shafting them for the privilege.