In the last Virtualization Security Podcast on 12/16 we had with us James Urquhart who manages cloud computing infrastructure strategy for the Server Provider Systems Unit of Cisco Systems. Author of the popular C|NET Network blog, The Wisdom of Clouds. James shared with us some of his Wisdom over the hour. The discussion covered what is preventing people from Entry into the Cloud and why private and hybrid clouds are going to stick around for quite a while and are not a passing fad. We answered the question of why people are reluctant to enter the cloud.
Cloud Computing ...
• • 1 Comment
The acquisition of Cloudlick by Rackspace points out the need for IaaS cloud vendors to get serious about offering an Infrastructure Performance Management solution to their customers – but fails to deliver such a solution to the customers of Rackspace. Cloud customers should focus upon finding true cloud ready Infrastructure Performance Management and Applications Performance Management solutions as a part of putting performance critical applications in public clouds.
WikiLeaks is the most serious social and political event of the emerging Cloud. It has remained alive through a “do-it-yourself” approach as the commercial Cloud was denied to it. When the dust settles, the Cloud may well emerge different, with the rights/obligations of Cloud Services providers clarified.
Reviewing this year’s activity in the virtual desktop space has been very exciting. We have seen releases from almost all of the major vendors, and companies are beginning to truly adopt virtual desktops as a part of their overall desktop initiatives.
• • 0 Comments
Taking a look at solutions from Citrix, Endeavours Technologies, InstallFree, Microsoft, Spoon, Symantec, UniDesk and VMWare. “Is it a choice between Application Delivery vs Application Virtualization?”
• • 3 Comments
I have been thinking about blades and virtualization security for some time spurred on by a conversation with Brad Hedlund six months ago. Nearly all my customers use Blades and virtualization security is a big concern to them. In my Rethinking vNetwork Security article, I touched on some of the issues in response to Brad’s comments a while back. I would like to now expand that discussion to blades.
There are three sets of blade enclosures I would like to discuss, those that use pass thru networking, those that use standard switching fabric within the enclosures, and those that use flexible interconnects such as HP Flex-10 and Cisco Palo adapters. The last is the so called physical-virtual network device.
MokeFive Suite is an enterprise desktop management platform that is used to create and administer layered virtual desktop images called ‘LivePCs’ which execute as guests on a type II hypervisor. LivePC images are authored using the MokaFive Creator which also serves as a test platform to simulate and end-users experience. LivePC images can be stored on centralized or distributed file stores. MokaFive also provides support for Amazon S3 storage, which can be of significant value in managing highly distributed environments, or run directly off USB flash drives. MokaFive LivePCs are effectively hypervisor agnostic; support is currently available for VMware’s free Player and the open source Virtual Box. Beta support for Parallels Workstation is new in MokaFive Suite 3.0, and MokaFive’s own bare metal platform will be shipping in Q1 2011.
The question of whether and how to replace DRS is really a part of the question of what is in the virtualization platform and what is not. Clearly the virtualization platform consists of much more than the hypervisor. VMware would like to define the virtualization platform as all of vSphere Enterprise Plus, and then suggest that vCloud Director and its own performance management solutions are logical extensions of that platform. Enterprises need to be careful about where they draw their own lines in this regard. As VMware is a clear market leader both in terms of product functionality and enterprise installations, VMware needs to be given full credit for the quality of vSphere and its success. However full credit does not need to imply that one is 100% locked in to VMware solution as there is room to pursue third party IT as a Service, Performance Management, and Service Assurance strategies as well as replace/augment components in vSphere.
• • 2 Comments
In the last Virtualization Security podcast on 12/2 we had with us members of the PCI DSS Virtualization Special Interest Group (SIG). Kurt Roemer of Citrix and Hemma Prafullchandra of HyTrust joined us to discuss the differences to the PCI DSS 2.0 with respect to virtualization. In essence, PCI DSS explicitly calls out the need to bring virtualization, people, and processes in scope.
As we discussed in a previous article, the PCI DSS 2.0 does not state exactly what needs to be assessed within the virtual environment, or even what part of the virtual environment is a concern of each aspect of the PCI DSS. What the PCI DSS 2.0 does do is change the language, however subtle, that technologies employing shared resources are now acceptable.