The Virtualization Practice

Tag Archive for vShield

VirtualizationSecurity

While not particularly new news, the next version of the Cisco Nexus 1000v will be free, unless you want the security features. This is an interesting shift from Cisco with respect to VMware vCloud Director, the Nicira purchase, furthering UCS, and Cisco within non-UCS data centers. However, given other announcements, with respect to OpenStack, perhaps this is more a play to level the playing field between cloud architectures? But what I find most interesting, is that the changes to the Nexus 1000v also align with the changes we see in the vCloud Suites from VMware.

VMworld2012150x27

There are several improvements in virtual networking and security within the latest vSphere and vCloud products. vCloud Networking and Security lowers of the overall cost to implement endpoint security within a vSphere environment. VMware has accomplished this by including vShield Endpoint into vSphere. There by lowering the cost to offloaded antivirus and malware to just the product chosen to implement antivirus and antimalware.

VirtualizationManagementIcon

Acquiring DynamicOps has kick-started VMware into a heterogeneous virtualization management strategy. This will be demonstrated in detail at VMworld this Fall. We now face a dramatically different virtualization landscape. The focus has now shifted to management – of business critical applications running on multiple virtualization platforms and potentially distributed across internal data centers and public clouds.

Application Security within the Virtual and Cloud Environments

Virtualization and Cloud Security architects, pundits, and writers like myself often talk about protecting the data within the virtual and cloud environments. However, in order to protect that data we need to be able to determine how the data will be used, accessed, modified, and eventually removed. So, how can we understand data security without understanding the application around it. But there is an even more fundamental problem, how do we define the application and the security measures we should take?

The 2/9 Virtualization Security Podcast was a discussion on when would one use a virtual firewall. This was in response to being told that there are some people that would never use a virtual firewall for anything, and that got me thinking. Outside of the politics involved with using virtual vs physical firewalls, when would you use one? What are the cut offs, and best practices around using virtual firewalls. We were joined by Rob Randell of VMware to discuss this point.

On 10/6 was held the Virtualization Security Podcast featuring Davi Ottenheimer in his role as a QSA. Davi holds down many roles working with companies such as VMware, yet he maintains his QSA credentials and applies his knowledge of PCI Compliance. In this podcast we ask the question, is a virtual environment always mixed-mode and what to do if your QSA does not have the knowledge required to do the job?

On 9/8 was held the Virtualization Security Podcast featuring Phil Cox, Director of Security and Compliance at RightScale, to discuss the impact of and need for automation of cloud security. Given that we create clouds by automating deployment of workloads we also need to automate the security of those workloads during the same deployment. This podcast delves into that need, and touches on where over automation is also a problem.

VMware announced a loosely coupled group of vCloud providers that will use vCloud Connector to loosely couple their clouds, so that VMs can move from vCloud to vCloud without requiring you to renegotiate pricing, capability, and functionality with multiple cloud vendors, just your local one. This announcement is intriguing in that it is a move to push the cloud into the global space, but also fraught with peril if not done correctly.