The Virtualization Practice

Author Archive for Edward Haletky

Edward Haletky
Centralized RBAC Missing from Virtualization Management Tools

As a delegate for Tech Field Day 6 in Boston, I was introduced to several virtualization and performance management tools from vKernel, NetApp, Solarwinds, Embotics, and a company still in stealth mode. With all these tools and products I noticed that each were not integrated into the roles and permissions of the underlying hypervisor management servers such as VMware vCenter, Citrix XenConsole, or Microsoft System Center. This lack of integration implies that a user with one set of authorizations just needs to switch tools to gain a greater or even lesser set of authorizations. This is not a good security posture and in fact could devolve any security to non-existent.

Since Juniper bought Altor Networks, there has been steady progress to use Altor VF3 (now Juniper vGW, pronounced vee-Gee-W) as a way to extend the functionality of the Juniper SRX Series of Service Gateways into the virtual and cloud environments. Juniper is focusing on the entire security stack from the endpoint to the hypervisor, vGW offers one component of that entire picture. Another component is the Junos Pulse Mobile Security Suite which provides Security as a Service for mobile devices. These two components alone are a very powerful set of tools for any Enterprise. When you add in the other components it is a compelling story from network security perspective.

On the 6/2 Virtualization Security Podcast, Rich Mogull, an analyst for Securosis, joined us to discuss his work with the Cloud Security Alliance (CSA) to develop the two day course called the Certificate of Cloud Security Knowledge (CCSK). While this course is not about learning all the intricacies of cloud security it is about providing a level set of knowledge required to even begin to talk about cloud security.

EMC & VMware provide 1st Financial Cloud: NYSE Technologies

NYSE Technologies is providing the very first special purpose financial cloud based on VMware and EMC technology to provide new business models where NYSE Technologies provides the plumbing for global capital markets and business agility at lower costs; encouraging brokers, and other financial institutions to build applications and test algorithms within the Capital Markets Community Platform.

VirtualizationSecurity

There are several new products in the virtualization and cloud security spaces from PacketMotion, MicroSolved, and LynuxWorks. Each of these companies approach virtualization security from uniquely different ways. Unlike the current set we know and use, these tools could be considered adjuncts for general use, or perhaps specific use cases. All provide additions to the End-to-End virtualization security.

VMware Buys Shavlik

VMware has acquired one more company: Shavlik. This acquisition did not come as much of a surprise to me but is an interesting purchase for VMware. There are quite a few Security as a Service vendors that would make sense for VMware to purchase and Shavlik is one of them. The difference between the other vendors and Shavlik is that VMware has a existing track record with Shavlik as Shavlik is integral in two of VMware’s existing products: VMware Go and VMware Update Manager. Shavlik provides a very important patch management system for these existing products and is one line of defense in the security space. Are there other plans for Shavlik? Or this is a way to lock in one set of tools?

Security of Performance and Management tools within the Virtual Environment

The problem is that not everything is as black and white as security folks desire. If we implement performance and other management tools, we often need to expose part of our all important virtualization management network to others. But how do we do this safely, securely, with minimal impact to usability? Why do we need to this is also another question. You just have to take one look at the Virtualization ASsessment TOolkit (Vasto) to realize the importance of this security requirement. But the question still exists, how do you implement other necessary tools within your virtual environment without impacting usability?

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio

WebsiteFacebookTwitterGoogle_PlusLinkedinSkypeeMail