The Virtualization Practice

Author Archive for Edward Haletky

Edward Haletky

I was reading through a recent article about the new Java 7 release, which contradicts Oracle’s current support statement with respect to licensing. The License from Oracle exclusively states Java 7 is only supported on those hypervisors Oracle currently supports: Oracle VM, VirtualBox, Solaris Containers, and Solaris LDOMs except where noted. That last phrase is rather tricky, so where do we find such notes. Is the noted the support document stating that they support Oracle products within a VMware VM? Or is it somewhere else in the license? This leaves out all major hypervisors: Citrix, VMware, and Microsoft. If you cannot find a note saying things are supported, somewhere.

This implies quite a bit for the future of Java support within most PaaS environments being built today. In essence, they cannot upgrade to Java 7. Which means they may fall behind. This would impact OpenShift, Amazon, Google, CloudFoundry, SalesForce, and others.

The 7/7 Virtualization Security Podcast with Steve Kaplan, Vice President of INX’s Data Center Virtualization Practice and well known ROI/TCO expert within the virtualization and cloud space, joined us to talk about the ROI and TCO of virtualization and cloud security. We discussed someways to view virtualization and cloud security, but mostly the fact that many people may not think ROI or TCO even applies until a problem occurs and you need to rush in and find and fix the leak that lead to a break-in. In essence, the ROI of proper security tools is your entire business.

Licensing:  Pools and Architecture Changes?

In the past, virtualization architects and administrators were told the best way forward is to buy as much fast memory as they could afford as well as standardize on one set of boxes with as many CPUs as they dare use. With vRAM Pool licensing this type of open-ended RAM architecture will change as now I have to consider vRAM pools when I architect new cloud and virtual environments. So let’s look at this from existing virtual environments and then onto new virtual and cloud environments. How much a change will this be to how I architect things today, and how much of a change is there to my existing virtual environments? Is it a better decision to stay at vSphere 4? Or to switch hypervisors entirely?

The 6/30 Virtualization Security Podcast with Simon Crosby Founder and CEO of Bromium started with a discussion of SaaS security but soon went to a discussion of Data Security. Simon left Citrix not to long ago to form a new company, Bromium, to seriously look into how the hypervisor itself can provide better security for data manipulations than it does today. But first we started off with SaaS and how you can Identify the user within a cloud.

Security in the cloud and the virtual environment is ‘all about the data’ and not specifically about any other subsystem. It is about the data. As such the data has something it knows (the contents of the data), something it is (its signature), and something it has (its digital rights) and since it has these three elements, the data has all it has identity. However, protecting the data requires us to put things between the data and the real world such as firewalls, and complex role based access controls, as well as methods to replicate the data to other locations in a non-intrusive mechanism. The goal to such replication could be to ensure multiple sites have the same data (such as a hot-site) or to have the data available in another locations in case of disaster.

Virtualized Replication: vSphere APIs Expand

As a delegate for Tech Field Day 6 in Boston, I was introduced to SRM Replication as well as ZeRTO a third party replication tool. They seem to be as different as night and day but are they? Both work within the vSphere environment to replicate virtual disks regardless of storage type, and apparently hook into the same location within VMware’s API stack. This shows a maturity of VMware’s API stack that until now has been unknown and secret. In this one area, Microsoft Hyper-V is beating VMware vSphere: The availability of well known APIs that are easy for Third Parties to use. I now see a change in VMware’s behavior, can they continue this growth?

As a delegate for Tech Field Day 6 in Boston, I was introduced to many third party management tools. In the past I have been given briefings as well on various VMware, Hyper-V, and Citrix Xen Management Tools as well. Many of these tools are marketed directly for use by the administrator, but they have the tools can be used by more than the administrator. These tools should be marketed to management, administrators, as well as the network operations center (NOC). We need tools that perform continual monitoring and auditing so that we can know as soon as possible when a problem occurs.

The 6/16 Virtualization Security Podcast started as a twitter conversation with a comment about PaaS Security where James Urquhart, Krishnan Subramanian, Rich Miller, and myself went back and forth about PaaS security and the role of the developer. It was not quite a DevOps conversation but pretty close. Rich could not join us on this Podcast but hopefully will make a future one. PaaS security appears to be dependent on two things, the provider’s security, and how it is used.

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio