The Virtualization Practice

Author Archive for Edward Haletky

Edward Haletky
Edward HaletkyEdward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]

VirtualizationSecurity

I came away from HP Protect 2013 wondering if current security sold by the traditional security players will actually scale to the hybrid cloud? Are these security tools still system-centric or are they moving to data-, user-, and app-centric? I feel that this move has started but has far to go. I do not think many of the current batch of traditional security services implemented in data centers today can scale properly.

VirtualizationSecurity

While at VMworld 2013, I started to ask 5 security questions that have been bothering me for some time now. Some of these questions apparently have no answers currently and others only have operational answers, no technology. Security of a secure hybrid cloud is a mix of procedures, policies, operations, and technology. These questions are about various aspects of virtual and cloud environments that have been nagging at me for some time now as well as problems I have faced managing our own cloud instances. Perhaps you have questions you would like to add to the list, if so please share.

VirtualizationSecurity

On the 9/5 Virtualization Security Podcast we discussed Hyper-V Security and were joined by Alex Kibkalo, a former senior architect at Microsoft who works as a Director of Product Management in 5nine Software. 5nine Software has developed the first introspective virtualization security device for Hyper-V and is a very large step forward. Introspective security has been missing from Hyper-V for a number of years, while it was possible to implement, the market has been so small that is was not feasible until now. Which implies Hyper-V is gaining adherents so has a need for better security measures.

VMworld2013.150px

At VMworld 2013 and on the Virtualization Security Podcast there were many conversations about VMware NSX. These conversations ranged from how will we implement this new technology to security, scale, and other technical questions. In addition, NSX and what was needed to make it a reality may be the answer to a nagging security question. Brad Hedlund, from the VMware NSX team, joined the Virtualization Security Podcast to share with us some of the details around VMware NSX prior to the podcast.

When we look at the secure hybrid cloud, there seems to be a missing piece, a piece that is used to validate identity via the role based access control assigned to applications, data, and systems allowed to access that is dynamic instead of normal static firewall rules that are either port or vm-centric. The software defined data center needs security to move with it and not remain static. Yes we could manipulate the rules on the fly, but those manipulations require that we know who is using a particular VM at a given time and in the case of a server, the VM could be used by more than one user at a time, so we need something more dynamic. Privileged access to data needs to be enforced throughout the stack and not just within an application or by encrypting data. This is a key component of the software defined data center.

Hotlink100x30

The next generation of data protection is not just about backup or replication into and out of the cloud, but about inexpensive recovery directly into a cloud in a hypervisor agnostic manner. Recovery is the key to backup and while we spend many hours ensuring that our backups happen in a timely manner, we spend very little time testing those backups and ensuring that recovery can happen at any time for any workload, not just those that are mission critical. Next generation data protection must also be extremely simple to use, setup, and configure. Is your data protection tool a next generation tool or lost in the past somewhere?

CloudComputing

What is the total cost of ownership, TCO, of the cloud? When we think of the cloud, we think of using applications in the cloud such as Salesforce, Box.net, and others. We may even consider using security as a service tool such as Zscaler and others. In some cases we also think of placing our own workloads in the cloud using Amazon and other tools. The real question that comes to mind is the TCO of the cloud? Not now, but long term.

When we think of logging within the secure hybrid cloud, we tend to think of analytics, but there is more to logging than just reviewing the data there are also discussions on what to collect and from where as well as why collect the data? For security purposes we may start with collecting access data and work out from there, but most logs from complex systems such as a secure hybrid cloud include many different forms of log data and in some cases, not enough. Perhaps what log data you can retrieve may be a deciding point for hybrid cloud services as logs are used not only for audit purposes, but also for trouble shooting and forensics. What log data do you collect within your secure hybrid cloud?

SMBVirtualization

As a small business we run a 100% virtualized environment and looking to migrate to a cloud, but the investment in IT to do this has been pretty substantial and for a cash strapped small business can be a many year process due to budget constraints and immediacy of other business needs. That is the key to a small business, the immediacy of business needs, but if you can step back and do a little planning, any small business can proceed along the journey from a physical environment to a software defined environment. There are many choices available to a small business depending on when they started this journey, existing investment, and where they wish to go. What choices are available now for a small business and where should we go as small business owners?

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio