The Virtualization Practice

XenApp 6.5 is Citrix’s latest offering of their renowned Presentation Virtualisation (PV) service. Citrix are not alone in updating their feature set. Earlier in 2011 Microsoft introduced SP1 for 2008 enhancing the OS for the core Remote Desktop Services’ (RDS) session virtualization service, Ericom released PowerTerm WebConnect 5.7.1, ProPalms updated TSE to 6.5 and Quest announced vWorkspace 7.2 MR1.

“The latest challenge on the security front isn’t necessarily an exotic new threat vector: it’s the attackers themselves. They’re organized, well-resourced and patient. And there’s no silver technology bullet to effectively combat them.”

This is a very important point, and one that I have seen at other security conferences for the last 5 years or so. However, attacks are possible because there is a lack of confidentiality and integrity of the data held within the systems under attack. So the system becomes the week point.

There are many enhancements and new features that are part of VMware vSphere V5.0 from a storage and I/O perspective (See VMware vSphere v5 and Storage DRS posts). One of those enhancements is a new Application Programming Interface (API) called VASA (vSphere Aware Storage API) which joins other VMware vSphere APIs some of which are shown in table 1. Note that there is a three letter acronym (TLA) shown in table 1 that is part of the VMware vSphere 5.0 release that can be confused with VASA called VSA (VMware Storage Appliance) however for now, let’s leave VSA for a future discussion.

One of the cool things about attending VMworld every year is seeing what is new on the horizon and this year, ironically, there is something called Project Horizon and the first milestone of that project called VMware Horizon Application Manager. Horizon is a hosted service that will centrally manage the provisioning, access and usage of software-as-a-server (SaaS) applications while at the same time applying the companies standardized security and access controls. This will give the end users of the application the ability to use the applications via VMware ThinApp or View products to stream the application across multiple devices all with a single login. The end users will also have self-service access to a corporate store for their SaaS and Web-based applications. Managing these applications will be completely user based with no need to worry about the underlying device the software or application is running on.

Is it Time to Reorganize Data Center Operations?

If automated IT Operations is going to succeed and deliver its promised benefits then IT Operations is going to have to get reorganized – with supporting hardware teams part of the virtualization team. Furthermore Application Operations will have to be instantiated as a function that is responsible for the actual service level delivered by the applications to their constituents.

There is now a huge amount of movement in the area of what we have called “Diverse” Platform as a Service i.e. PaaS that delivers a number of different application infrastructure technologies on a mix-and-match basis and where there is no proprietary technology layer at any point in the platform stack. Amongst these we would include OpenShift, Cumulogic and CloudFoundry from our recent set of posts. AppFog sits in this category, and the fact that it has been recently renamed from PHPFog highlights a major trend in the space, the vendors typically start by developing a single technology, build an initial business plan and gain some market traction within that niche, and then move on to supporting a broader range of platforms.

Agent and Agent-less Backup in the Virtual Environment

There is some debate amongst backup vendors on what defines an agent, some consider any amount of scripting to be an agent, while others imply it is what does the data transfer plus any amount of scripting necessary. Is there a need for both Agent and Agent-less within a virtual environment? This also begs the question, who is responsible for properly handling the application whose data you are backing up?

The week before VMworld on 8/25 was the Virtualization Security Podcast featuring Greg Ferro (@etherealmind), CCIE to discuss Cisco VM-FEX and its impact on virtualization and cloud security. VM-FEX is a method by which the fabric of a UCS top of rack switch is extended to the VM, but only if the VM is using VMDirectPath. So does this impact Virtualization and Cloud Security in any way?