The Virtualization Practice

Centralized RBAC Missing from Virtualization Management Tools

As a delegate for Tech Field Day 6 in Boston, I was introduced to several virtualization and performance management tools from vKernel, NetApp, Solarwinds, Embotics, and a company still in stealth mode. With all these tools and products I noticed that each were not integrated into the roles and permissions of the underlying hypervisor management servers such as VMware vCenter, Citrix XenConsole, or Microsoft System Center. This lack of integration implies that a user with one set of authorizations just needs to switch tools to gain a greater or even lesser set of authorizations. This is not a good security posture and in fact could devolve any security to non-existent.

As mentioned in my previous piece I’ve been doing some prototyping using SpringSource’s Grails. Grails can be thought of as the top of the stack. If you pick up Grails you would naturally pull in the other pieces of SpringSource, including vFabric and ultimately vFoundry. In a future post I will deal with what happens when you stick Grails onto vFoundry, but at this stage I’ve been assessing the health of the SpringSource Ecosystem.

Since Juniper bought Altor Networks, there has been steady progress to use Altor VF3 (now Juniper vGW, pronounced vee-Gee-W) as a way to extend the functionality of the Juniper SRX Series of Service Gateways into the virtual and cloud environments. Juniper is focusing on the entire security stack from the endpoint to the hypervisor, vGW offers one component of that entire picture. Another component is the Junos Pulse Mobile Security Suite which provides Security as a Service for mobile devices. These two components alone are a very powerful set of tools for any Enterprise. When you add in the other components it is a compelling story from network security perspective.

VirtuAll User Environment Manager Released

About 18 months ago fellow Citrix Technology Professional Pierre Marmignon realized that there was a gap in the market for a simple robust user environment management solution that could remove the continual nightmare of managing complex Windows logon scripts and user environment settings in virtual desktop environments. Skip forward to today and Pierre has just announced the release of VirtuAll User Environment Manager (VUEM), and it is excellent.

On the 6/2 Virtualization Security Podcast, Rich Mogull, an analyst for Securosis, joined us to discuss his work with the Cloud Security Alliance (CSA) to develop the two day course called the Certificate of Cloud Security Knowledge (CCSK). While this course is not about learning all the intricacies of cloud security it is about providing a level set of knowledge required to even begin to talk about cloud security.

VMware’s “Squeeze the OS” Strategy – Open War with Microsoft and Red Hat

The announcement of CloudFoundry means the public declaration of full on war between VMware, and the two traditional OS vendors, Microsoft and Red Hat. Both traditional (not quite legacy yet) OS vendors are going to have to rapidly bolster their own PaaS cloud offerings. This will be a particular challenge for Microsoft as Microsoft has always gravitated strongly towards having a tightly integrated stack of software, and not being very open to open source frameworks like Spring, Ruby, and PHP.