Appsense’s development of User Rights Management and User Installed Applications offer products that you can deploy to give additional rights to users so that they can work effectively without being a drain on IT, or IT being a millstone to them. How will such functions impact your business?
• • 1 Comment
Virtualizing tier 1 business critical and performance critical applications will require that the virtualization team be able to provide assurances about infrastructure performance and applications performance to the applications teams and their constituents. This is a dauntingly complex requirement to meet due to the fact that meeting it requires the integration of tools that are not integrated today, and that virtualization adds risk to the equation due to the dynamic behavior of virtualized systems.
The security companies are looking into all aspects of virtual environment introspection to label, tag, or mark all objects for compliance reasons, inspect the contents of virtual machines for asset management (CMDB), and an early form of Root Kit detection.
Virtualization Security is not just about the firewall, it is about the entire ecosystem, auditing, compliance, and object management.
While doing a quick Google search to find what a Cloud is, I have found several different definitions which depend on which vendor site you pull up. One thing is for sure despite the frequent use of the term, it still means different things to different people and or companies. For my reference point I am going to use the National Institute of Standards and Technology definition referenced by Texiwill’s NIST Cloud Computing Definitions Final article.
As of Service Pack 1, SUSE Linux Enterprise Server 11 (SLES) supports KVM for SUSE guests. This post follows on from our previous post regarding the demise of Xen in Red Hat Enterprise Linux, and perhaps suggests the beginning of the end for Xen-based virtualization in Linux, but the story is far from clear. A complex set of agreements with Microsoft mean that Novell is bound to preferentially support Windows guests, and it may be a while before KVM support is adequate, although Novell has a project called Alacrity to help get it there. In the meanwhile Novell may get split up into pieces by a private equity house and SLES find itself a new owner.
• • 0 Comments
During the Virtualization Security Podcast on 5/13, IBM’s David Abercrombie joined us to discuss IBM’s Virtualization Security Protection for VMware (VSP) which contains several exciting uses of the VMsafe API for VMware vSphere. These being:
* Network: Network Monitoring, Firewall, Access Control, and a Protocol Analysis Module
* Memory: Rootkit Detection
Welcome to our list of of top virtualization and cloud security links, references, conversations, etc. This is an aggregation of links that a beginner and experienced administrator will find helpful for both virtualization and cloud security. Books Refer to the Security tab of the Virtualization Bookshelf. Articles – Whitepapers/Presentations Secure Hybrid Cloud Reference Architecture produced…
• • 10 Comments
The CMDB’s that were designed and architected for static physical systems appear to be unwieldy, too difficult to keep up to date, and not real-time enough to make the transition into the virtualized and cloud based world. Virtualized environment change too fast for existing CMDB’s to keep up, and the notion of keeping a CMDB up to date as assets are moved into and out of public clouds seems hopelessly beyond the intended original use case of a CMDB. A new category of datastore is needed that will address the needs of virtualized and cloud based environments, while incorporating performance information with configuration information.
The panel of the Virtualization Security Podcast on 5/27/2010 was joined by an attorney specializing in the Internet space. David Snead spoke at InfoSec and made it clear that there was more to secure multi-tenancy than one would imagine. The first question was “how would you define tenant?” which I believe is core to the discussion of SMT as without definitions we have no method of communicating. Before we get to David’s response, we should realize that nearly every one has their own definition of Tenant for a multi-tenant solution.