In the first Virtualization Security Podcast of 2011, we had Brad Hedlund with us once again. Not to talk about the Cisco Virtualization Security Gateway (VSG), but about the security of what I call physical-virtual devices that provide network virtualization within the hardware. Or what Brad Called Network ID Virtualization (NIV). Cisco has taken its VN-Link technology to extend the networking of a VM directly into the core switch when using vSphere.
There is nothing like fully understanding the protections inherent within your vNetwork and the Roles and Permissions you can set within the virtualization management tool suites to ensure your vNetwork is secured, audited, and monitored for issues. Just like you do now within the pNetwork. Unlike the pNetwork, the vNetwork provides a certain amount of introspection and capability that is missing from a pNetwork, and this will also help with security.
Brad Hedlund of Cisco asked the question, should the physical network security policy be different than the virtual network security policy? The answer is obviously no, but why are they treated separately? I and other have pushed the concept that to gain performance, redundancy, and security that you should use multiple network links to your virtualization host to separate traffic. However, does this really give you security?
At VMworld 2013 and on the Virtualization Security Podcast there were many conversations about VMware NSX. These conversations ranged from how will we implement this new technology to security, scale, and other technical questions. In addition, NSX and what was needed to make it a reality may be the answer to a nagging security question. Brad Hedlund, from the VMware NSX team, joined the Virtualization Security Podcast to share with us some of the details around VMware NSX prior to the podcast.
On the 7/29 Virtualization Security podcast we continued our discussions on defense in depth. We discussed authentication and authorization with IdentityLogix. IdentityLogix provides a unique solution that correlates users and groups against VMware vSphere’s own role based access control stores. In other words, IdentityLogix can identify if a user or group within active directory has more access to VMware vSphere’s management tools than they were intended to be allowed based not only on the user’s username but on the groups in which the user belongs. Why is this important to know?
There are several improvements in virtual networking and security within the latest vSphere and vCloud products. vCloud Networking and Security lowers of the overall cost to implement endpoint security within a vSphere environment. VMware has accomplished this by including vShield Endpoint into vSphere. There by lowering the cost to offloaded antivirus and malware to just the product chosen to implement antivirus and antimalware.
The Virtualization Practice was recently offline for two days, we thank you for coming back to us after this failure. The reason, a simple fibre cut that would have taken the proper people no more than 15 minutes to fix, but we were way down on the list due to the nature of the storm that hit New England and took 3M people off the grid. Even our backup mechanisms were out of power. While our datacenter had power, the rest of the area in our immediate vicinity did not. So not only were we isolated from reaching any clouds, but we were isolated from being reached from outside our own datacenter. The solution to such isolation is usually remote sites and location of services in other regions of a county, this gets relatively expensive for small and medium business, can the Hybrid Cloud help here?
Since the introduction of virtualization there has been sheer joy and excitement when having to work with application owners on the amount of resources they will need and not what they really think they want. I have seen all kinds of minimum, maximum, and special recommendation for all kinds of application over the years. In most cases, applications have evolved to be able to thrive in a virtual environment without too many limitations. Now it seems we have to verify which VMware features are fully supported with certain virtualized application also.