The Virtualization Practice

Tag Archive for Veeam

Security of Performance and Management tools within the Virtual Environment

The problem is that not everything is as black and white as security folks desire. If we implement performance and other management tools, we often need to expose part of our all important virtualization management network to others. But how do we do this safely, securely, with minimal impact to usability? Why do we need to this is also another question. You just have to take one look at the Virtualization ASsessment TOolkit (Vasto) to realize the importance of this security requirement. But the question still exists, how do you implement other necessary tools within your virtual environment without impacting usability?

The right approach to monitoring a virtual or cloud based environment is to start with a clean sheet of paper, determine your requirements, and assemble a horizontally layered solution out of best of class vendor solutions that address each layer. Vendors should be evaluated on their mastery of one or more layers, their ability to keep up with the change in that layer, and their ability to integrate with adjacent layers.

Given the VNXe’s expandability to include fibre channel cards in the future. This storage looks very attractive to those SMBs who have made the investment previously to move towards fibre. Making use of your existing infrastructure whether fabric or Ethernet would lower the cost of adoption for the low-end EMC product. The VNXe’s expandability is one of those items that makes it an attractive tool for other uses. What are those other uses with respect to security, DR, BC, and disaster avoidance?

The Virtualization Disaster Avoidance & Backup space has change fairly significantly within the last year. These changes are cumulative but have a great impact on the virtualization ecosystem. I include Disaster Avoidance in this review as there have been some great strides made in this arena that could impact the entire environment. Disaster Avoidance technologies were demonstrated at EMC World 2010 as well as at other conferences throughout the year. The impact was quite huge, but there are technological hurdles involved with its deployment within any organization.

Virtualization Backup vendors have pushed the envelope once more targeting fast backup and fast recovery of data as well as ensuring that the backups actually work. Here is a list of this years improvements in this space.

It is the last few days of the year and time for a review of virtualization 2010. Although VMware was founded in 1998 it was not until 2001 that I first heard of VMware and played with the workstation product to be able to run different flavors of Linux. So for me, 2010 closes out a great year in virtualization as a whole as well as a decade of virtualization and what a ride it has been.

Many times we virtualization experts push for backups without the agents as these backups tend to be in our opinion, cleaner and faster. But what if you could get the benefits of your existing backup tools (such as Tivoli) but gain the power and advantages of using all the possibilities within the virtual environment. For VMware vSphere this is possible using the Pancetera backup tools.

With VMworld around the corner, it is interesting to note the new an old players within the Virtualization Backup space. The virtualization backup space often includes:

* VM Backup
* VM Replication
* Continuous Data Protection (CDP)
* Storage Hardware Replication

Pretty much anything that will maintain your VMs while allowing your data to be placed elsewhere for later retrieval; such a place could be the cloud. In this article we will avoid Storage Hardware Replication and discuss only backup software.

During the Virtualization Security Podcast on 7/8, Vizioncore’s Thomas Bryant joined us to discuss the state of virtualization backup security and forensic use of such backups. In the world of virtualization, backups are performed mostly by 4 distinct vendors: VMware Data Recovery (VDR) and VMware Consolidated Backup (VCB), Vizioncore vRanger, Veeam, and PHD Virtual Backup for vSphere. Each of these provide the most basic of security capabilities:

* Encrypted tunnels for data movement (SSL)
* Encryption of the backup

But in the increasing global nature of businesses and the difference in privacy laws between townships, states, and the need for Secure Multi-Tenancy, backup companies fall short with their products while making it increasing harder to use backups as a source of forensically sound data.