The Virtualization Practice

Author Archive for Edward Haletky

Edward Haletky
Edward HaletkyEdward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]

2011 saw an increase in virtualized and cloud data protection solution partnerships and advancements. One of the biggest advancements is the growing support for Microsoft Hyper-V from long-time VMware specific backup solutions. Included in the new partnerships are team ups between performance management and data protection solutions, as well as an increase in the methods for replication and other forms of data protection. 2011 was a very big year in the Data Protection arena of cloud and virtualization. This is the 2011 Year in Review for data protection.

2011 saw a shift in how virtualization security was viewed and it showed in the way companies teamed up to address those needs. Even so, the most basic of issues still exist: The thought that once you virtualize you are more secure, and the lack of general protection for the management constructs of a virtual or hybrid environment. These two concepts have hindered adoption of virtualization security in 2011. Even so, there has been a steady shift through out the year as more and more companies talk about virtualization security. VMware has definitely lead the pack with its vShield Product line and its unified view of virtualization security. Other hypervisor vendors are also discussing virtualization security through their ecosystem if not directly. 2011 saw many companies forging their own partnerships to augment and compete in this space. Will these partnerships continue into 2012? Will virtualization security continue to be a hot area?

Our very own Texiwill hosts a weekly Virtualization Security Round Table podcast. This round table provides an open forum to discuss all things related to Virtualization, Virtual Environment and cloud computing security. We’ve questioned before the benefits of a virtual desktop infrastructure with respect to security. Is VDI secure? Is VDI inherently more secure than “traditional desktops”? The article Virtual Desktop Security? Are They Secure? considered the VDI vendor claims that there are several big virtual desktop security

On 10/6 was held the Virtualization Security Podcast featuring Davi Ottenheimer in his role as a QSA. Davi holds down many roles working with companies such as VMware, yet he maintains his QSA credentials and applies his knowledge of PCI Compliance. In this podcast we ask the question, is a virtual environment always mixed-mode and what to do if your QSA does not have the knowledge required to do the job?

Data Protection is not just about backup these days, but instead concentrates on two all important concepts for a business: disaster recovery and business continuity. While backup is a part of Disaster Recovery, restoration is all important. If it is not possible to restore your data in a timely fashion the backup has failed. So technologies that allow us to access our data immediately provides a level of business continuity. But how is this achieved? So where do you save your critical data is is readily restorable? Is your backup integrated into your monitoring software? Have you tested your restore today?

As I was flying home recently, the gentleman beside me was talking about his need to do the “cloud thing” as a means to backup his data. He recently experienced a multi-retail shop backup failure where the local backup disk was corrupted and the backups failed to happen. I also experienced a backup failure, when my backup software was upgraded. In both cases, the backup software did not mail out, or alert the appropriate people of the failure. Even if the backups did work, the data was still corrupted. So the question is, how can cloud based backups help with either of these scenarios?

There has been quite a bit of hype on whether virtual desktops provide more security than traditional desktops. All the marketing literature I have read says that it does improve overall security, but I believe this marketing literature makes several assumptions that are just not true in most organizations, and really do not account for the myriad ways data can be accessed, by limiting our scope to just virtual desktops instead of the full desktop experience we are thereby limiting our thoughts on security. Are virtual desktops more secure?

I am not sure how other people have learned their craft and mastered the technology they support, but for me, the learning started after the books ended. I have learned so much more from breaking something and having to find the fix than I ever did from reading a book. Back in the day around 2005, VMware released The VMTN Subscription. This was an amazing program that was something like the Microsoft MSDN subscription. These programs gave you the ability to run any of the core software packages for a year at a time for a subscription fee.

The October conference schedule is now complete and it was a tough one but very rewarding. The events that happened in October were numerous and overlapping in some cases. Travel was one week here and the next week there, yet we managed to get through it. Of the mass of conferences, I attended two, IPexpo as a guest and The ExecEvent and Hacker Halted as a speaker. I discovered something very strange, virtualization and cloud security are merely after thoughts. I felt this should have changed by now, but alas this is not the case. Is it that our scope is incorrect, or is it that there is no Return on Investment on security tools, procedures, etc?

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio