The inventor of the “virtual patch” adapts its PatchPoint boxes to VMware virtual machines. With VirtualShield, the boxes are rather cheap “virtual appliances” that provide real-time security patches for their operating system and virtualized applications.

Bluelane is already well known for its PatchPoint appliances. The solution is unique in the way that it applies security patches on the fly to all feeds that pass through the box. This way, a PatchPoint appliance protects all operating systems and applications behind it, without installing the official patches on the systems.

The selective application of patches from a single interface, immediate roll-back and instantaneous correction of a set of heterogeneous systems, the Bluelane approach is very appealing. Today, its PatchPoint boxes are deployed by major accounts, financial services and hosting service providers.

With VirtualShield, Bluelane leaves the world of hardware to propose a software that offers security to VMware ESX servers. The tool offers exactly the same features as the PatchPoint appliance, with the exception of support for Oracle databases, but in the form of a software layer deployed on an ESX server. VirtualShield is installed between the VMware hypervisor and virtual machines hosted on the server. After automatically detecting the various existing VMs and installing the Bluelane updates, the tool is ready to go. It then sees all feeds to all machines and treats them exactly the way a PatchPoint box would.

Of course, installing a box before a physical server is preferable for many cases to protect frames or major throughputs, so as not to consume resources on the server (however, Bluelane reports only a 5% impact on performance). But, the publisher does not hide the fact that VirtualShield is also a traffic builder: it allows you to easily test the technology before purchasing a box.


The product is available on the publisher’s site and can be tested out free for 45 days. It will then cost 480 euros HT the first year, and 400 euros HT the subsequent years for a dual-processor server.

This article was inspired by Jerome Saiz.