As of the end of last year, there are a new breed of virtualization backup tools (Veeam, vRangerPro, esXpress) now available, end-to-end backup tools (Acronis, Symantec). These tools will backup a virtual machine to tape using built in mechanisms instead of requiring scripting, or multiple backup tools. The question is: is this necessary? Should virtual machine backups be dropped to tape at all? Something to watch through out the year.
I have been doing some support work for an SMB that uses VMware Server where their VMs initially started as XenServer VMs, but due to networking and some other issues where converted to VMware VMs using V2V technology. However, these suddenly stopped working properly after an upgrade to VMware Server 2.
Business Agility ...
• • 1 Comment
Small Businesses live by there online presence these days specifically during the holiday shopping season. Many small business also do not have the IT staff to maintain such a presence with the agility required when problems occur. In addition, they may also lack the basic management, networking, security, and storage knowledge to properly maintain this online presence internally, so they move their systems into hosting environments as virtual or physical machines or into the cloud. This begs the question of what service level such SMBs require?
• • 2 Comments
I recently participated in the InformationWeek Dark Security Virtual Event as a panel member with Hoff, Craig Balding, Chris Wolf, Glenn Brunette, and Jon Oberheide. A very far ranging group of individuals from research, security organizations, analysts, and authors. What is interesting is that most of these same people have joined me on the Virtualization Security Podcast, and the others I hope to have as guests next year. There was one question that set me to thinking even more, do we need a new way of thinking about virtualization security?
The last Virtualization Security Podcast covered PCI, Kurt Roemer and Jeff Elliot who were guests represented PCI. PCI as you hopefully know is working on compliance guidance for payment systems running within virtual machines and the cloud. This early discussion is a plea for people to get involved in reviewing the currently developing white-paper. While…
There has been quite a bit of discussion between myself, Tim Pierson, and other with respect to SSL man-in-the-middle attack possibilities within the virtual environment. But what are the chances that such an attack will happen, or that someone would know how to perform the attack? What does the attack depend upon?
• • 1 Comment
With the announcement of V-Block and Cisco UCS as a major component, is more hypervisor functionality going to end up in hardware? UCS adds some interesting features into the hardware that were traditionally within the purview of the hypervisor. Now it looks like V-Block is the assembly of myriad components that taken as a whole look remarkably like the beginnings of a hardware based hypervisor.
Over the past year or so I have been thinking pretty heavily about the direction networking is taking within virtualization. In some ways, it appears security has been forgotten or relegated to ‘encrypt’ and forget. However, it takes quite a bit of knowledge and time to properly set up the backbone of an ‘encrypt’ and forget approach to network security, so it does not happen. Instead, we have a proliferation of technologies being used to cut down on cable clutter and thereby consolidate the network. These are all very important concepts. Security practitioners like myself realize that this type of consolidation WILL happen. So what tools are required to either ‘encrypt and forget’ or to protect these consolidated networks?
There has been great debate of what comprises the cloud, how to bound the cloud so that its easier to understand, and how to secure the cloud. Christofer Hoff of the Rational Survivabilty blog has been spear-heading quite a bit of discussion on cloud taxonomy in his attempts to wrap some thoughts around how to properly secure the cloud and everything within it. The start of this journey is the act of defining exactly what the cloud is, and is not. NIST’s document adds some more to an existing definition by defining public and private clouds.
Join my Circle on Google+
Plugin by Social Author Bio