The Virtualization Practice

Author Archive for Edward Haletky

Edward Haletky
Edward HaletkyEdward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization. [All Papers/Publications...]

When we look at the secure hybrid cloud, the entry point to the hybrid cloud is the end user computing device, whether that device is a tablet, smart phone, desktop, laptop, google glass, watch, etc. We enter our hybrid cloud from this device. From there we spread out to other clouds within our control, clouds outside our control, or to data centers. How these devices authenticate and access the data within these various places within the hybrid cloud becomes a matter of great importance and has been a concentration for many companies. How we protect the data that ends up on the end user computing device is also of great importance.

Data Protection for the Hybrid Cloud

In many cases, when we mention Data Protection for the Hybrid Cloud, we are usually talking about backing up to the cloud. The cloud becomes a repository of our backup images and in some cases those backup images can be launched within clouds that use the same technology. Being able to send data to the cloud is becoming table stakes for infrastructure as a service (IaaS) data protection. However, once we move outside the realm of IaaS to Platform or Software as a Service (PaaS or SaaS), data protection is hit or miss.

Securing the Hybrid Cloud

The secure hybrid cloud encompasses a complex environment with a complex set of security requirements spanning the data center (or data closet), end user computing devices, and various cloud services. The entry point to the entire hybrid cloud is some form of End User Computing device whether that is a smart phone, tablet, laptop, or even a desktop computer. Once you enter the hybrid cloud, you may be taken to a cloud service or to your data center. The goal is to understand how the data flows through out this environment in order to properly secure it and therefore secure the hybrid cloud, but since it is a complex environment, we need a simpler way to view this environment.


As we look at privacy of big data within any cloud, on premise, or mixed, we need to realize that the amount of data could be so large that retroactively redacting data may be itself a big data problem and that redacting well defined PII is a possibility on ingest as well as using tools like DataGuise to redact, encrypt, tokenize, etc. such data retroactively can be accomplished as another big data task, but that only handles well known PII. How do we handle derived PII?

Agile Cloud Development

There is a new set of tools available for Caching up and down the stack which we covered within Caching through out the Stack, however in reality where is the best place to cache data for your application and what are the ramifications of using such a cache. Recently, we had a caching problem, actually two of them. Both caused by the same thing, a lack of full understanding about what was being cached. For any application, the best way to cache is to cache in memory as close to the application stack as possible, which in our stack could be within the application, the OS, or even a hypervisor based disk cache. However, which does your application actually use?


On the May 30th Virtualization Security Podcast, Michael Webster (@vcdxnz001) joined us Live from HP Discover to discuss what we found at the show and other similar tools around the industry. The big data security news was a loosely coupled product named HAVEn which is derived from several products: Hadoop, Autonomy, Vertica, Enterprise Security, and any number of Apps. HAVEn’s main goal is to provide a platform on top of which HP and others can produce big data applications using Autonomy for unstructured data, Vertica for structured data, Enterprise Security for data governance and hadoop. HP has already built several security tools upon HAVEn, and I expect more. Even so, HAVEn is not the only tools to provide this functionality, but it may be the only one to include data governance in from the beginning.


Recently when I was in Las Vegas for HP Discover I realized that the Venetian/Palazo complex is really a cloud: Vegas as a Service. IT could learn alot from Las Vegas actually and I think that each hotel complex is a private cloud and that taken together the strip is one big cloud. Granted it is a cloud that has a single purpose, but has all the earmarks of a good cloud.


I recently read the book Project Phoenix by Gene Kim, Kevin Behr, and George Spafford. If you are in development, IT, and Security it should be #1 on your reading list. In this book the authors discuss all the horrors we hear about in IT with a clear direction on how to fix them. There is politics, shadow IT, over zealous security professionals, over worked critical employees, lots of finger pointing. But there is a clear solution, at least as far as the story goes. We also know that DevOps works, most of the time.


On the 5/30 Virtualization Security Podcast, Shaun Donaldson, Director of Alliances at Bitdefender Enterprise, joined us to discuss end user computing (EUC) security and how their new Gravity Zone product ties their enterprise products together under one scalable management umbrella. This was a very interesting conversation on the subject of EUC security, Bring Your Own Device (BYOD) security, and the all aspects of the the EUC stack. There are quite a few moving pieces in the EUC stack that is greater than your mobile device and the system it is accessing. There is a complete networking and political stack between the two and perhaps many systems you have to jump through to access your data.

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio