The Virtualization Practice

Author Archive for Edward Haletky

Edward Haletky
Edward Haletky

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.[All Papers/Publications...]
WebsiteFacebookTwitterGoogle_PlusLinkedinSkypeeMail

Chad Sakac mentions on his blog that VNXe “uses a completely homegrown EMC innovation (C4LX and CSX) to virtualize, encapsulate whole kernels and other multiple high performance storage services into a tight, integrated package.” Well this has gotten me to thinking about other uses of VNXe. If EMC could manage to “refactor” or encapsulate a few more technologies, I think we have the makings of a killer virtualization security appliance. Why would a storage appliance spur on thinking about virtualization security?

In the first Virtualization Security Podcast of 2011, we had Brad Hedlund with us once again. Not to talk about the Cisco Virtualization Security Gateway (VSG), but about the security of what I call physical-virtual devices that provide network virtualization within the hardware. Or what Brad Called Network ID Virtualization (NIV). Cisco has taken its VN-Link technology to extend the networking of a VM directly into the core switch when using vSphere.

Digging out after a Snowstorm: Similar to our virtual environments?

Sooner or later that perfect landscape of white is marred by new mounds of snow and clear-cut paths through it to the various locations on the property. When you look at these paths and the snow is high enough, they look like tunnels. The large tunnels (driveway) meet smaller and smaller ones. The perfect landscape of snow is now marred. This is just how a firewall looks when you put holes in it to let through various services. The more services, the more tunnels and paths will be cut. When speaking about the cloud or virtual environments, the increase in paths and entry points becomes a serious issue.

Threat Analysis: Layers upon layers

When we think of the threat to a virtual environment or the cloud, what do we think about? First it is important to understand how the cloud is layered ontop of the virtual environment. Given a cloud stack, where are the entry points for SaaS, PaaS, IaaS, and Cloud management? At the recent Minneapolis VMUG I attempted to relay that information to the attendees. Once we understood the layers we could then concentrate on the threat vectors to the cloud and virtual environment.

The Virtualization Disaster Avoidance & Backup space has change fairly significantly within the last year. These changes are cumulative but have a great impact on the virtualization ecosystem. I include Disaster Avoidance in this review as there have been some great strides made in this arena that could impact the entire environment. Disaster Avoidance technologies were demonstrated at EMC World 2010 as well as at other conferences throughout the year. The impact was quite huge, but there are technological hurdles involved with its deployment within any organization.

Virtualization Backup vendors have pushed the envelope once more targeting fast backup and fast recovery of data as well as ensuring that the backups actually work. Here is a list of this years improvements in this space.

In the last Virtualization Security Podcast on 12/16 we had with us James Urquhart who manages cloud computing infrastructure strategy for the Server Provider Systems Unit of Cisco Systems. Author of the popular C|NET Network blog, The Wisdom of Clouds. James shared with us some of his Wisdom over the hour. The discussion covered what is preventing people from Entry into the Cloud and why private and hybrid clouds are going to stick around for quite a while and are not a passing fad. We answered the question of why people are reluctant to enter the cloud.

Blade Physical-Virtual Networking and Virtualization Security

I have been thinking about blades and virtualization security for some time spurred on by a conversation with Brad Hedlund six months ago. Nearly all my customers use Blades and virtualization security is a big concern to them. In my Rethinking vNetwork Security article, I touched on some of the issues in response to Brad’s comments a while back. I would like to now expand that discussion to blades.

There are three sets of blade enclosures I would like to discuss, those that use pass thru networking, those that use standard switching fabric within the enclosures, and those that use flexible interconnects such as HP Flex-10 and Cisco Palo adapters. The last is the so called physical-virtual network device.

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio

WebsiteFacebookTwitterGoogle_PlusLinkedinSkypeeMail