The Virtualization Practice

Author Archive for Edward Haletky

Edward Haletky
Edward HaletkyEdward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]

Does Public or Private make a difference to Cloud Security?

When we talk about Cloud Security, the main concept is to separate, as an example, Coke from Pepsi. This implies that Tenant’s cannot impact the availability of each others data, the integrity of that data, and the confidentiality of that data. But what does this actually mean? Does this apply to all types of clouds in the same way?

There are three types of cloud families: Private, Hybrid, Public. There are at least 3 types of clouds: SaaS, PaaS, and IaaS. Do the same rules for one cloud family work for all cloud families? as well as for the types of clouds?

I believe the answer is yes.

Christofer Hoff (@Beaker) and I had a short discussion on twitter the other day about the VMware Cloud Director (vCD) security guidance. We both felt it was a bit lite and missed the point of Secure Multi Tenancy. However, I feel even more strongly that people will implement what is in the vCD Guidance, vBlock Security Guidance, and the vSphere Hardening Guidance, and in effect have a completely insecure cloud. These three guides look at the problem as if they were singular entities and not as a whole.

The Virtualization Security Podcast on 9/16 was the first in a series of Virtual Desktop Security discussions we will be having. The special guest panelist was Bill McGee from Trend Micro who helped us to understand their implementation of Deep Security 7.5’s Anti-Virus and Anti-Malware (AV collectively) within the virtual desktop.

Trend Micro’s product makes use of enabling technology within vShield Endpoint to provide offloaded AV and Anti-Malware scanning of virtual machines using only one set of rules and one VM to do the actual scanning. Removing the per VM rule set and processing that currently takes place within the VM.

IO Virtualization Approaches: VMworld 2010 Review

There seem to be three styles of IO Virtualization (IOV) taking place within the virtual environment. At VMworld, the IO Virtualization companies were out and talking to people about their wares, products, and approaches to IO Virtualization. These three methods are:

* Converged Network Adapters used within Cisco UCS, HP Matrix, etc.
* Attached IOV top of rack devices such as the Xsigo Device
* PCIe Extenders

Each of these provide unique benefits to your virtual environment but which to use? First, we need to know what each of these approaches brings to the table.

Virtualization Security was one of the BIG Deals at VMworld with several announcements:

* VMware vShield Edge, App, and End Point
* Trend Micro will have the first product making use of vShield End Point
* Cisco Virtual Security Gateway (VSG)
* HyTrust and their growing list of technology partners

But the biggest news is that Virtualization Security is finally on the radar of most if not all C-level as it is now seen as the gate to entering the cloud. But before we can solve the cloud security issue we have to solve the virtualization security issues. VMware’s announcement has the most impact on the virtualization security ecosystem. At once they are competing head-to-head with some vendors while providing a platform to use for other vendors.

Nearly everyone I talked to at VMworld was buzzing in some form about Virtualization Security. Everyone has picked up on the pre-show buzz from VMware, Trend Micro, HyTrust, and every other security vendor. This week will tell. There are announcements about security, keynote sessions that include security, and more than a few sessions about security.

This is also arguably the first VMworld where there are a large number of Virtualization Security sessions and panels at VMworld that are not entirely from VMware. I find involving the industry as they have at this specific conference moves forward the entire virtualization security ecosystem.

With VMworld around the corner, it is interesting to note the new an old players within the Virtualization Backup space. The virtualization backup space often includes:

* VM Backup
* VM Replication
* Continuous Data Protection (CDP)
* Storage Hardware Replication

Pretty much anything that will maintain your VMs while allowing your data to be placed elsewhere for later retrieval; such a place could be the cloud. In this article we will avoid Storage Hardware Replication and discuss only backup software.

The Consolidated server stack has been the big items over the last year using converged network adapters, blades, and integrated storage that is designed around providing an order-able element that is a single SKU that provides enough resources for a set number of VMs. Currently the VCE colition has the VBlock which combines VMware, Cisco, and EMC products into a single stack. HP has its Matrix stack. But where is IBM’s and Dell’s stacks. Could the acquisition of 3Par be the beginning of a integrated stack play from Dell?

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio