The Virtualization Practice

Tag Archive for VMware

VMworld is clearly the largest dedicated virtualization conference, and yet from an Open Source perspective it is slightly disappointing because the VMware ecosystem naturally attracts proprietary software vendors, and also some of the more interesting activities in Open Source are through multi-vendor foundations which do not have the same marketing budgets as vendors themselves.

Nevertheless, there are a number of key Open Source players, and some interesting smaller players, represented at VMworld.

In the End-to-End Virtualization Security Whitepaper we review various aspects of server security with an eye to determining how the products would work together to create a secure virtual environment. While some of these tools are cross-platform, the vast majority of them are geared specifically to VMware vSphere.

In this post we will look at Server Security, and we will follow-up with another post about Desktop Security? Are these very different? I believe so, desktops have daily, second by second user interactions. For desktops, one of the most important aspects is look and feel such as response time for actions. So things need to be as fast as possible. With Servers however, user interactions are limited and therefore have slightly different performance and security requirements. What may be acceptable for a server may not be acceptable for a desktop. So what do the tools provide for servers?

Unless you have been on vacation or hiding under a rock then you have heard the latest buzz in the industry that vSphere 4.1 has been released. There have been a lot of blog posts on the topic already. You can find one example here, here and what we at posted here. The thing I want to hit on for this post is the fact that this release will be the last release for full version of ESX. Moving forward on any new releases of ESX will be strictly ESXi. Anyone that knows me over the years knows that I have not really been a big fan of getting rid of the full version ESX Server. Call me old school and the fact that I have spent a great deal of time developing the automation used in the environments that I have supported over the years and have been really happy with what I was able to accomplish via kickstart and bash.

vSphere 4.1 Released – More Dynamic Resource Load Balancing

With the release of vSphere 4.1, VMware has added to their Dynamic Resource Load Balancing (DRLB) suite of tools that I hinted at in my post on Dynamic Resource Load Balancing that I wrote last week as well as providing new memory over commit and other functionality. In essence, vSphere 4.1 is more than a point release, this update includes many features that aid in security, reliability, and is a direct response to customer requests.

During the Virtualization Security Podcast on 7/8, Vizioncore’s Thomas Bryant joined us to discuss the state of virtualization backup security and forensic use of such backups. In the world of virtualization, backups are performed mostly by 4 distinct vendors: VMware Data Recovery (VDR) and VMware Consolidated Backup (VCB), Vizioncore vRanger, Veeam, and PHD Virtual Backup for vSphere. Each of these provide the most basic of security capabilities:

* Encrypted tunnels for data movement (SSL)
* Encryption of the backup

But in the increasing global nature of businesses and the difference in privacy laws between townships, states, and the need for Secure Multi-Tenancy, backup companies fall short with their products while making it increasing harder to use backups as a source of forensically sound data.

During the Virtual Thoughts podcast on 6/29/2010, the analysts discussed various hardware aspects of virtualization trying to determine if the hypervisor was to move into the hardware? and if so how much of it? as well as whose hypervisor? and lastly such a move part of any business model?

Virtual Thoughts is a monthly podcast that looks at the entire scope of virtualization to discuss new trends and thoughts within the virtualization and cloud communities.

This weeks podcast started with a discussion of TPM/TXT and the boost it gives to virtualization security. Since TPM/TXT is based in the hardware and provides a measured launch of an operating system, the next logical discussion was on whether or not the hypervisor would be placed into the hardware?

There is a cardinal rule that we should all know about, especially for those of us who have spent a lot of time developing kickstart scripts for automated builds of the VMware hosts in your environment, that you do not use windows word editors like Notepad or WordPad when working with Linux files. If you use notepad to edit Linux files it will add unwanted line feeds (LF) to the file which may cause the file to be misinterpreted. If you must use Microsoft Windows as your client OS use Microsoft WordPad which does not modify the file in this way.