We all know that ESXi is the future for VMware are regards their Hypervisor strategy, however most of you are more that aware of my dislike of the current interation. Now that I have got that off my chest, what has prompted this latest outburst?
• • 0 Comments
I recently spoke at the InfoSec World 2010 Summit on Virtualization and Cloud Security and also attended the main conference sitting in on many Virtualization discussions. Perhaps it was the crowd, which was roughly 30-40% auditors. Perhaps it was the timing as SourceBoston was also going on, as well as CloudExpo in NY. But I was surprised to find that people are still ‘just starting’ to think about Virtualization Security. Since I think about this subject nearly every day, this was disappointing to me at best. I found ideas around virtualization security ranging from:
* Virtualization Security is not part of an architecture/design, what do I bolt on?
* My Physical Security will work
* Virtual Environments NEED More security than physical environments
* There are no new threats, so why have something more
* Security is a hindrance
During the last Virtualization Security Podcast, our guest had to postpone so we discussed to several interesting topics all related to Digital Forensics and how encryption would best work within the virtual environment. Our very own Michael Berman, in a previous life was a forensic investigator and had some great insights into the problem of digital forensic within the virtual environment.
I participated in GestaltIT’s TechFieldDay which is a sort of inverse conference, where the bloggers and independent analysts go to the vendors and then discuss the information they have received. We visited the following virtualization vendors:
* vKernel where we were introduced to their Predictive Capacity Planning tools
* EMC where we discussed integration of storage into the virtualization management tools as well as other hypervisor integrations
* Cisco where CVN and CVE were discussed in detail.
I participated in GestaltIT’s TechFieldDay which is a sort of inverse conference, where the bloggers and independent analysts go to the vendors and then discuss the information they have received. We visited the following storage vendors:
* Data Robotics where we were introduced to the new Drobo FS
* EMC where we discussed stretched storage and other interesting futures
* HP where we were introduced to the IBRIX products
Since coming out with VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment, I have continued to consider aspects of Digital Forensics and how current methodologies would be impacted by the cloud. My use case for this is 40,000 VMs with 512 Servers and roughly 1000 tenants. What I would consider a medium size fully functioning cloud built upon virtualization technology where the environment is agile. The cloud would furthermore contain roughly 64TBs of disk across multiple storage technologies and 48TBs of memory. Now if you do not think this exists today, you were not at VMworld 2009, where such a monster was the datacenter for the entire show and existed just as you came down the escalators to the keynote session.
Data Robotics just announced the Drobo FS. Drobo FS via Drobo Apps (which are free) will have a link to the Oxygen Cloud. This could lead to several interesting options for the small business to large enterprise with respect to data storage and accessibility. Not to mention protection.
• • 3 Comments
Virtualization Security vendors are starting to seriously investigate the possibilities of the various introspection APIs available to the hypervisors. Introspection APIs allow security groups to now investigate the security of a virtual network, virtual machine, and other components from without. In other words, why rely on an agent within the VM to protect your network, virtual machine, or components. Instead, we can use these APIs to peer into these components from without the system to be tested.
On the most recent Virtualization Security Podcast, the panel was joined by VMware’s Charu Chaubal to discuss the latest draft of the VMware vSphere hardening guide.
Join my Circle on Google+
Plugin by Social Author Bio