While looking on twitter this morning I discovered a tweet that pointed to the following article, which is relatively devoid of details but none-the-less extreme interesting to those who follow virtualization security: Fired techie created virtual chaos at pharma company. This article points out an external attack that lead to management access of a virtual environment. Now we do not know if the attack was using antiquated credentials or some other means. But what we do know is that VMs were deleted by an external source that used to be a former employee. Hoax or not, this is a very serious issue brought to light.
On the 7/28 Virtualization Security Podcast, we were joined by Robert Martin of Mitre to discuss Mitre’s new CWE, CWSS, and CWRAF tools to aid in software and system security evaluation. We put a decidedly cloud based discussion around these tools to determine how they would be used by those that program within a PaaS environment, make use of SaaS, or other cloud services.
Trend Micro provided us a very interesting info graphic on a Journey to the Public Cloud with a list of which of their tools secure that Journey. What is interesting about this info graphic is the steps outlined in this journey to the Cloud and the threats and issues as you step along this path. These steps are well thought out and are useful to everyone as they look at their virtualization and cloud security options moving forward.
Cloud Computing ...
Impact of Latest vSphere 5 vRAM Licensing Model upon Data Center Virtualization and Virtualization Management
, • • 7 Comments
VMware has updated the vRAM pricing for vSphere 5 to address certain customer issues, and deserves a great deal of credit for acting this quickly and decisively to the feedback that was generated by the initial announcement. However, even with the new vSphere 5 vRAM pricing the question is now raised as to whether competing and less expensive virtualization platforms are acceptable for some entire companies, and some use cases within what used to be 100% VMware shops. VMware has created an opening for Microsoft, Citrix, and Red Hat. As this sorts itself out, the virtualization platform landscape will change – resulting in a minimum in a new focus on tools to manage multiple virtualization platforms.
At the NE VMUG, while walking the floor I saw a new virtualization backup player, perhaps the first generic Replication Receiver Cloud: TwinStrata. And information gained while not at the NE VMUG. There is also a new virtualization backup player just for Hyper-V: Altaro. As well as a new release of Quest vRangerPro. The Virtualization Backup market is a very dynamic market with new ideas, technologies, and concepts being put into the market at every turn. In many ways, the market leaders are not the bigger companies but the smaller and fast growing companies. In the past, it was about features associated with pure backup, but now it is about features and fast disaster recovery and recovery testing.
I was reading through a recent article about the new Java 7 release, which contradicts Oracle’s current support statement with respect to licensing. The License from Oracle exclusively states Java 7 is only supported on those hypervisors Oracle currently supports: Oracle VM, VirtualBox, Solaris Containers, and Solaris LDOMs except where noted. That last phrase is rather tricky, so where do we find such notes. Is the noted the support document stating that they support Oracle products within a VMware VM? Or is it somewhere else in the license? This leaves out all major hypervisors: Citrix, VMware, and Microsoft. If you cannot find a note saying things are supported, somewhere.
This implies quite a bit for the future of Java support within most PaaS environments being built today. In essence, they cannot upgrade to Java 7. Which means they may fall behind. This would impact OpenShift, Amazon, Google, CloudFoundry, SalesForce, and others.
The 7/7 Virtualization Security Podcast with Steve Kaplan, Vice President of INX’s Data Center Virtualization Practice and well known ROI/TCO expert within the virtualization and cloud space, joined us to talk about the ROI and TCO of virtualization and cloud security. We discussed someways to view virtualization and cloud security, but mostly the fact that many people may not think ROI or TCO even applies until a problem occurs and you need to rush in and find and fix the leak that lead to a break-in. In essence, the ROI of proper security tools is your entire business.
In the past, virtualization architects and administrators were told the best way forward is to buy as much fast memory as they could afford as well as standardize on one set of boxes with as many CPUs as they dare use. With vRAM Pool licensing this type of open-ended RAM architecture will change as now I have to consider vRAM pools when I architect new cloud and virtual environments. So let’s look at this from existing virtual environments and then onto new virtual and cloud environments. How much a change will this be to how I architect things today, and how much of a change is there to my existing virtual environments? Is it a better decision to stay at vSphere 4? Or to switch hypervisors entirely?
Citrix has purchased Cloud.com and this poses some interesting changes to the overall virtualization and cloud markets. One also has to wonder about the timing of the announcement to coincide with the same day as the big announcements coming out of VMware. I see this purchase as a mixed blessing to the market place, but also a renewal for Citrix.
Join my Circle on Google+
Plugin by Social Author Bio