If there was one thing I saw and heard about at VMworld, was the number of third party collaborations that were taking place. While not explicitly stated by VMware at VMworld, the show floor had many different collaborations that were taking place. This level of collaboration shows a level of maturity within the virtualization and cloud vendor ecosystems. A maturity, that shows that the vendors understand the benefits of leveraging other companies to lower their overall costs while producing better and more attractive products. Some of the collaborations I saw where purely the resale of products, while others were integrations between products.
VMware announced a loosely coupled group of vCloud providers that will use vCloud Connector to loosely couple their clouds, so that VMs can move from vCloud to vCloud without requiring you to renegotiate pricing, capability, and functionality with multiple cloud vendors, just your local one. This announcement is intriguing in that it is a move to push the cloud into the global space, but also fraught with peril if not done correctly.
In an interesting move, VMware acquired PacketMotion late on friday just before VMworld which could lead to some intriguing statements during the show. Packet Motion is a hybird physical and virtual set of security appliances, where the virtual appliances generally talk to the physical components which do the heavy lifting. Yet this does not fit VMware’s vShield products line-up, or has VMware finally realized it also needs to consider physical security?
More and more is coming out about the attack from a MacDonald’s that left an organization crippled for a bit of time. The final tally was that the recently fired employee was able to delete 15 VMs before either being caught or he gave up. On twitter, it was commented that the administrator must not have been a powershell programmer because in the time it takes to delete 15 VMs by hand, a powershell script could have removed 100s. Or perhaps the ‘Bad Actor’ was trying to not be discovered. In either case, this has prompted discussions across the twitter-sphere, blog-sphere, and within organizations about how to secure from such attacks.
Last week there was a bit of a surprise when someone announced Catbird Security made an agreement to purchase vShield App and only App from VMware. This left quite a few of us scratching our heads wondering why VMware would let this particular security software go. This announcement was incorrectly relayed and quite far from the truth. Catbird Security has written an agreement with VMware to OEM vShield App. This OEM agreement provides Catbird with a missing piece to the security puzzle as well as proving out VMware’s concept of virtualization security, that they should be the low level bits providing an API for higher level tools to use.
• • 0 Comments
While looking on twitter this morning I discovered a tweet that pointed to the following article, which is relatively devoid of details but none-the-less extreme interesting to those who follow virtualization security: Fired techie created virtual chaos at pharma company. This article points out an external attack that lead to management access of a virtual environment. Now we do not know if the attack was using antiquated credentials or some other means. But what we do know is that VMs were deleted by an external source that used to be a former employee. Hoax or not, this is a very serious issue brought to light.
On the 7/28 Virtualization Security Podcast, we were joined by Robert Martin of Mitre to discuss Mitre’s new CWE, CWSS, and CWRAF tools to aid in software and system security evaluation. We put a decidedly cloud based discussion around these tools to determine how they would be used by those that program within a PaaS environment, make use of SaaS, or other cloud services.
Trend Micro provided us a very interesting info graphic on a Journey to the Public Cloud with a list of which of their tools secure that Journey. What is interesting about this info graphic is the steps outlined in this journey to the Cloud and the threats and issues as you step along this path. These steps are well thought out and are useful to everyone as they look at their virtualization and cloud security options moving forward.
Cloud Computing ...
Impact of Latest vSphere 5 vRAM Licensing Model upon Data Center Virtualization and Virtualization Management
, • • 7 Comments
VMware has updated the vRAM pricing for vSphere 5 to address certain customer issues, and deserves a great deal of credit for acting this quickly and decisively to the feedback that was generated by the initial announcement. However, even with the new vSphere 5 vRAM pricing the question is now raised as to whether competing and less expensive virtualization platforms are acceptable for some entire companies, and some use cases within what used to be 100% VMware shops. VMware has created an opening for Microsoft, Citrix, and Red Hat. As this sorts itself out, the virtualization platform landscape will change – resulting in a minimum in a new focus on tools to manage multiple virtualization platforms.
Join my Circle on Google+
Plugin by Social Author Bio