The 6/16 Virtualization Security Podcast started as a twitter conversation with a comment about PaaS Security where James Urquhart, Krishnan Subramanian, Rich Miller, and myself went back and forth about PaaS security and the role of the developer. It was not quite a DevOps conversation but pretty close. Rich could not join us on this Podcast but hopefully will make a future one. PaaS security appears to be dependent on two things, the provider’s security, and how it is used.
At Citrix Synergy 2011 in San Francisco last month Simon Crosby made the case that the biggest barrier to the adoption of service-provider offered cloud services is the understandable lack of trust on the part of enterprise customers. Well it looks as if he and fellow Xen luminary Ian Pratt have decided to do something about that lack of trust and are moving on from Citrix to address the problem at its source. Ian and Simon announced today that they are both leaving Citrix and taking key roles along with with Gaurav Banga (the creator of Phoenix Hyperspace) as co-founders of cloud security start-up Bromium.
• • 1 Comment
As a delegate for Tech Field Day 6 in Boston, I was introduced to VMware’s Mobile Virtual Platform (MVP) which allows you to have a single hardened VM running within, currently, very few Android-based devices as such requires a version of Android from VMware for the virtual machine aspect of MVP. The first version of MVP has several interesting security features as well s security issues as you move forward. Given the current spat of Android based malware, it is important to consider the security features of any new product whether it is a version 1.0 or not. Even with these issues, MVP has some very interesting uses outside the realm of a mobile phone platform. I can see this being used on tablets as a way to get a corporate VM.
The Dell VIS stack (Advanced Infrastructure Manager, Self-Service Creator and Director) now represents the most functionally rich virtualization management offering on the market, as it is sourced from best of breed IT as a Service vendor DynamicOPS and best of breed self learning analytics vendor Netuitive. This stack backed up by Dell’s ability to sell into its customer base with whom Dell is already heavily interacting on the subject of virtualization puts Dell and it partners in a compelling position.
Everywhere you look you hear more and more about cloud computing as well as hearing one of my favorite lines from a Microsoft commercial “Let’s take it to the Cloud…”. Companies are jumping on the cloud bandwagon in quite a big way. I wanted to point out and mention some stories and services that I am using personally and having good success with.
Apple has done quite well serving up the AppStore and iTunes for the mobile devices and Apple has recently announced that it was discontinuing MobileMe and replacing the service with iCloud. It can go without saying that this has been an invaluable tool for use with my iPhone and iPad.
Cloud Computing ...
• • 2 Comments
Microsoft is making changes to its licensing policies to provide enterprise customers with a fast track to the cloud. The changes dubbed “License Mobility” announced at the Microsoft Hosting Summit in March this year,will move will allow customers with Software Assurance to move their applications to a cloud services provider without paying a premium for the added flexibility this will bring.
RUM (also called End User Experience Management) is becoming a critical feature of modern APM solutions. This is being driven by the emergence of rich client platforms like Ajax, Adobe Flash, Adobe Flex, and Microsoft Silverlight as well as the emergence of the iPad and Android based tablets as platforms for client side business applications. These applications development trends when combined with virtualization, IT as a Service and Cloud Computing will make RUM into a critical capability for being able to assess how the end user is doing irrespective of what is happening to the deployment model of the back end application.
• • 6 Comments
As a delegate for Tech Field Day 6 in Boston, I was introduced to several virtualization and performance management tools from vKernel, NetApp, Solarwinds, Embotics, and a company still in stealth mode. With all these tools and products I noticed that each were not integrated into the roles and permissions of the underlying hypervisor management servers such as VMware vCenter, Citrix XenConsole, or Microsoft System Center. This lack of integration implies that a user with one set of authorizations just needs to switch tools to gain a greater or even lesser set of authorizations. This is not a good security posture and in fact could devolve any security to non-existent.
• • 2 Comments
Virsto announces a $12 million in Series B venture capital funding and acquisition of EvoStor, a company specializing in storage virtualization technology for VMware environments. Virsto hope these factors will combine to help them transform virtual machine storage and move their Virsto Virtual Storage Engine beyond Hyper-V.