On the third Virtualization Security Podcast of 2011 we were joined by Charlton Barreto of Intel to further discuss the possibility of using TPM/TXT to enhance security within the virtual and cloud environments. We are not there yet, but we discussed in depth the issues with bringing hardware based integrity and confidentiality up further into the virtualized layers of the cloud. TPM and TXT currently provide the following per host security:
• • 0 Comments
In “A Perfect Storm in Availability and Performance Monitoring“, we proposed that legacy products from the physical environment should not be brought over into your new virtualized environment and that you should in fact start over with a horizontally layered approach, choosing a scaled out, and highly flexible product that can integrate with products at…
Given all the past ingenuity and accomplishment why is it, in 2011, the mere task of assigning valid licenses to desktop virtualisation should appear an arcane process?
How do different virtualization models impact how you license your desktop services? What are the current licensing models and do they apply in all instances of desktop virtualisation? Do the models impact on provisioning of services be they laptops, thin clients, Bring Your Own Computer (BYOC), or mobile devices?
Is desktop virtualization licensing an intentionally complex process and what other options could there be?
It is often very hard to plan which virtualization and cloud conferences to attend and why. You may need to start your planning now as justification from work could be hard to come by. It may mean you make the decision to go on your own dime. If you do the later, there are some alternative mechanisms that could work for the bigger conferences. The conferences and events I attend every year depend on my status with the organization hosting those events, and whether or not I can get a ‘deal’ as a speaker, analyst, or blogger. So what conferences do I find worth attending? That will also depend on your job role. There is one I would attend regardless of role, and a few I would attend as a Virtualization and Cloud Security person. All are good conferences.
When VMware first announced that it was going to license Teradici’s PCoIP protocol for inclusion in View 4.0, its most visible shortcoming was that VMware did not plan to update the View Security Server at the same time. Setting aside any debate as to the performance characteristics of PCoIP on the WAN, the lack of support for the View Security Server was a significant obstacle to widespread adoption of View in enterprise environments. So the inclusion of direct support for PCoIP tunneling through the View 4.6 Security Server comes as a most welcome update. Also included with View 4.6 are new USB enhancements, as well as support for Windows 7 SP1.
• • 3 Comments
The right approach to monitoring a virtual or cloud based environment is to start with a clean sheet of paper, determine your requirements, and assemble a horizontally layered solution out of best of class vendor solutions that address each layer. Vendors should be evaluated on their mastery of one or more layers, their ability to keep up with the change in that layer, and their ability to integrate with adjacent layers.
Serial Attached SCSI (SAS) is better known as an interface for connecting hard disk drives (HDD) to servers and storage systems; however it is also widely used for attaching storage systems to physical as well as virtual servers. An important storage requirement for virtual machine (VM) environments with more than one physical machine (PM) server is shared storage. SAS has become a viable interconnect along with other Storage Area Network (SAN) interfaces including Fibre Channel (FC), Fibre Channel over Ethernet (FCoE) and iSCSI for block access.
In my last post I was Exploring a Limitation of VMware DRS and I have encountered another situation that had similar symptoms but the resolution was quite different. This problem was occurring on a VMware ESX 3.5 cluster that was specifically affecting Windows 2008 R2 64bit virtual machines that were configured with four processors and eight gigabits of RAM. These virtual machines were taking an extreme amount of time to perform a reboot. During the reboot ESXTOP was showing insane %RDY with spikes climbing over 200. When the reboot would finally finish several services would have failed to start.
• • 3 Comments
This years Innovation Sandbox at RSA Conference was won by a little know company to virtualization and cloud security vendors, its name is Invincea. However, it makes use of virtualization to aid in security. This years finalists once more included HyTrust for the inclusion of what appears to be complete UCS support within the HyTrust Appliance, Symplified which provides a unified identity within a cloud, CipherCloud which encrypts bits of your data before uploading, but not enough encryption to mess with sort and other algorithms. Plus other non-cloud like products: Entersect (non-repudiation in the form of PKI), Gazzang (MySQL Encryption), Incapsula (collaborative security to browsers), Pawaa (embed security metadata with files), Quaresso (secure browsing without browser/OS mods), and Silver Tail (mitigation).