I just finished writing all the content for my next book entitled VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers (2nd Edition) which continues the discussion on Dynamic Resource Load Balancing (DRLB). DRLB is the balancing of virtualized workloads across all hosts within a cluster of virtualization hosts without human intervention. This is the ultimate goal of automation with respect to virtualization and therefore the cloud. In effect, with DRLB the virtualization administrators job has been simplified to configuration and trouble shooting leaving the virtual environment to load balance work loads on its own.
• • 0 Comments
Microsoft is bringing its strongest assets – the installed base of its key products in the enterprise, and its library of commercial and custom built applications (and their associated developer communities) along with compelling new technologies like Server App-V to the virtualization and cloud fight. Leveraging Azure and App-V along with these existing enterprise assets makes Microsoft into a much more potentially formidable competitor to VMware than Microsoft is today based solely upon Hyper-V.
So what has this got to do with virtualization I hear you say, simple, Companies change their name all the time. they rebrand their products to make it “shiney and new” or to reflect a change in corporate direction.
This day seem to start like any other but it seems like as soon as I was logged in to start my day issues arose. It seems like I lost one of my VMware 3.5 ESX servers and all the virtual machines on the host were knocked offline. This should not have been a big deal since HA was enabled but, Murphy has a way of making life really interesting. So as I logged into the vCenter client I noticed that the host in question was in a disconnected state and all the virtual machines showed up as disconnect. In past experiences I have seen HA, during a host failure, recover the virtual machines in under five minutes. So I waited and waited thinking HA should have kicked in by now. Time for a little further investigation!!
• • 0 Comments
During the Virtual Thoughts podcast on 6/29/2010, the analysts discussed various hardware aspects of virtualization trying to determine if the hypervisor was to move into the hardware? and if so how much of it? as well as whose hypervisor? and lastly such a move part of any business model?
Virtual Thoughts is a monthly podcast that looks at the entire scope of virtualization to discuss new trends and thoughts within the virtualization and cloud communities.
This weeks podcast started with a discussion of TPM/TXT and the boost it gives to virtualization security. Since TPM/TXT is based in the hardware and provides a measured launch of an operating system, the next logical discussion was on whether or not the hypervisor would be placed into the hardware?
During the Virtualization Security Podcast on 6/22, Steve Orrin of Intel and Dennis Morreau of RSA joined us to discuss the impact of Intel Westmere chips built-in Trusted Platform Module (TPM) and Trusted Execution Technology (TXT) on Cloud and Virtualization Security. TPM is not all that new, but TXT’s usage in virtualization security is new. Both together can form a hardware root of trust for the virtual environment.
At the moment however, these technologies are limited to just providing a secure launch of a well known hypervisor within the hardware. As such they have not been extended to the virtual machine. TXT however solves a very important issue that at the time the book VMware vSphere and Virtual Infrastructure Security was written had theoretical solutions, I speak of Blue Pill style attacks. There were rumors of Hyperguard or Guard Hype tools becoming available, but they are only research projects. TXT on the other hand, offers protection from Blue Pill style attacks.
• • 0 Comments
Supporting Tier 1 applications on VMware vSphere requires real time and granular response time and latency instrumentation of the virtual and physical infrastructure. Virtual Instruments Virtual Wisdom complements the instrumentation provided by VMware by providing individual transaction level visibility into the SAN layer of the virtual infrastructure.
In a recent document written by virtualization.info and Secure Network of Italy entitled Securing the Private Cloud several issues come to mind. While this is a good document on the availability front of virtualization security, I did not read anything that affected integrity or confidentiality. You cannot be secure if you ignore 2 of the 3 tenants of security.
There is nothing like fully understanding the protections inherent within your vNetwork and the Roles and Permissions you can set within the virtualization management tool suites to ensure your vNetwork is secured, audited, and monitored for issues. Just like you do now within the pNetwork. Unlike the pNetwork, the vNetwork provides a certain amount of introspection and capability that is missing from a pNetwork, and this will also help with security.