More and more is coming out about the attack from a MacDonald’s that left an organization crippled for a bit of time. The final tally was that the recently fired employee was able to delete 15 VMs before either being caught or he gave up. On twitter, it was commented that the administrator must not have been a powershell programmer because in the time it takes to delete 15 VMs by hand, a powershell script could have removed 100s. Or perhaps the ‘Bad Actor’ was trying to not be discovered. In either case, this has prompted discussions across the twitter-sphere, blog-sphere, and within organizations about how to secure from such attacks.
Last week there was a bit of a surprise when someone announced Catbird Security made an agreement to purchase vShield App and only App from VMware. This left quite a few of us scratching our heads wondering why VMware would let this particular security software go. This announcement was incorrectly relayed and quite far from the truth. Catbird Security has written an agreement with VMware to OEM vShield App. This OEM agreement provides Catbird with a missing piece to the security puzzle as well as proving out VMware’s concept of virtualization security, that they should be the low level bits providing an API for higher level tools to use.
VMworld 2011 is fast approaching and now is the still to start making final preparations for the pilgrimage to Las Vegas. The question that I see a lot, before these types of events, is what can I do to get the most out of the conference? I have been lucky enough to have been to all the VMworld Conferences since 2005 as well as one lucky trip to VMworld Europe in 2009. I am going to chime in on the some of the things that I do to get the most out of VMworld.
• • 6 Comments
Enterprises considering virtualization performance and capacity management solutions at VMworld 2011 should take a look at VMware vC OPS Enterprise, Netuitive, Quest vFloglight, NetApp Insight Balance, Reflex Systems, Veeam nworks, vKernel, Virtual Instruments, VMTurbo, Xangati, and Zenoss. Read the full post for the evaluation criteria.
• • 0 Comments
While looking on twitter this morning I discovered a tweet that pointed to the following article, which is relatively devoid of details but none-the-less extreme interesting to those who follow virtualization security: Fired techie created virtual chaos at pharma company. This article points out an external attack that lead to management access of a virtual environment. Now we do not know if the attack was using antiquated credentials or some other means. But what we do know is that VMs were deleted by an external source that used to be a former employee. Hoax or not, this is a very serious issue brought to light.
• • 0 Comments
Like a new college student, fresh from the flush of new found freedom to expand their horizons, Citrix appear to have had a case of the munchies. First Citrix’s portfolio was extended with the acquitisition of Kaviza. More recently, the purchase of RingCube. The desktop virtualisation techhnologies acquired will help strengthen Citrix’s virtualised desktop offering. VDI-in-a-box offering simplicity of deployment, providing options for the SMB and MSP spaces; and vDesk providing a layering functionality giving greater VDI scalability with an improved personalisation offering.
On the 7/28 Virtualization Security Podcast, we were joined by Robert Martin of Mitre to discuss Mitre’s new CWE, CWSS, and CWRAF tools to aid in software and system security evaluation. We put a decidedly cloud based discussion around these tools to determine how they would be used by those that program within a PaaS environment, make use of SaaS, or other cloud services.
Business Agility ...
• • 0 Comments
So you are a loyal VMware customer. You have licenses for vSphere 4 and you are about 40% virtualized. Based upon the revised vRAM entitlements in the revised vSphere 5 licensing, you think you are going to be OK as you progress through the more demanding business critical purchased and custom developed applications that lie in front of you. But you would like a hedge and a simple way to manage the second hypervisor that is a part of that hedge. Help has arrived.
Citrix announced the acquisition of RingCube, adding a new wrench to their virtual desktop delivery toolkit. The RingCube vDisk solution uniquely delivers a complete desktop environment without having to virtualize the underlining operating system.