The Virtualization Practice

The acquisition of Cloudlick by Rackspace points out the need for IaaS cloud vendors to get serious about offering an Infrastructure Performance Management solution to their customers – but fails to deliver such a solution to the customers of Rackspace. Cloud customers should focus upon finding true cloud ready Infrastructure Performance Management and Applications Performance Management solutions as a part of putting performance critical applications in public clouds.

Blade Physical-Virtual Networking and Virtualization Security

I have been thinking about blades and virtualization security for some time spurred on by a conversation with Brad Hedlund six months ago. Nearly all my customers use Blades and virtualization security is a big concern to them. In my Rethinking vNetwork Security article, I touched on some of the issues in response to Brad’s comments a while back. I would like to now expand that discussion to blades.

There are three sets of blade enclosures I would like to discuss, those that use pass thru networking, those that use standard switching fabric within the enclosures, and those that use flexible interconnects such as HP Flex-10 and Cisco Palo adapters. The last is the so called physical-virtual network device.

MokeFive Suite is an enterprise desktop management platform that is used to create and administer layered virtual desktop images called ‘LivePCs’ which execute as guests on a type II hypervisor. LivePC images are authored using the MokaFive Creator which also serves as a test platform to simulate and end-users experience. LivePC images can be stored on centralized or distributed file stores. MokaFive also provides support for Amazon S3 storage, which can be of significant value in managing highly distributed environments, or run directly off USB flash drives. MokaFive LivePCs are effectively hypervisor agnostic; support is currently available for VMware’s free Player and the open source Virtual Box. Beta support for Parallels Workstation is new in MokaFive Suite 3.0, and MokaFive’s own bare metal platform will be shipping in Q1 2011.

The question of whether and how to replace DRS is really a part of the question of what is in the virtualization platform and what is not. Clearly the virtualization platform consists of much more than the hypervisor. VMware would like to define the virtualization platform as all of vSphere Enterprise Plus, and then suggest that vCloud Director and its own performance management solutions are logical extensions of that platform. Enterprises need to be careful about where they draw their own lines in this regard. As VMware is a clear market leader both in terms of product functionality and enterprise installations, VMware needs to be given full credit for the quality of vSphere and its success. However full credit does not need to imply that one is 100% locked in to VMware solution as there is room to pursue third party IT as a Service, Performance Management, and Service Assurance strategies as well as replace/augment components in vSphere.

In the last Virtualization Security podcast on 12/2 we had with us members of the PCI DSS Virtualization Special Interest Group (SIG). Kurt Roemer of Citrix and Hemma Prafullchandra of HyTrust joined us to discuss the differences to the PCI DSS 2.0 with respect to virtualization. In essence, PCI DSS explicitly calls out the need to bring virtualization, people, and processes in scope.

As we discussed in a previous article, the PCI DSS 2.0 does not state exactly what needs to be assessed within the virtual environment, or even what part of the virtual environment is a concern of each aspect of the PCI DSS. What the PCI DSS 2.0 does do is change the language, however subtle, that technologies employing shared resources are now acceptable.

Since its inception, virtualization has changed the information technology landscape in many ways. With all the good virtualization brings to the table, in some ways, virtualization has made things to easy. One example is the ease and speed that we are able to deploy new servers has virtual machines. No longer are we waiting on physical hardware to arrive for a new deployment. We can “clone” are golden image in a matter of minutes and be on our way.