On 9/22 was held the Virtualization Security Podcast featuring Anil Karmel, Solutions Architect at Los Alamos National Library (LANL), to discuss their implementation of secure multi-tenant Cloud. LANL makes extensive use of the entire VMware product suite from vCloud Director down to the vShield components to implement their SMT cloud. They have also added into their cloud their own intellectual property to improve overall cloud security. It was a very interesting conversation about the state of SMT today.
Since the introduction of virtualization there has been sheer joy and excitement when having to work with application owners on the amount of resources they will need and not what they really think they want. I have seen all kinds of minimum, maximum, and special recommendation for all kinds of application over the years. In most cases, applications have evolved to be able to thrive in a virtual environment without too many limitations. Now it seems we have to verify which VMware features are fully supported with certain virtualized application also.
“The latest challenge on the security front isn’t necessarily an exotic new threat vector: it’s the attackers themselves. They’re organized, well-resourced and patient. And there’s no silver technology bullet to effectively combat them.”
This is a very important point, and one that I have seen at other security conferences for the last 5 years or so. However, attacks are possible because there is a lack of confidentiality and integrity of the data held within the systems under attack. So the system becomes the week point.
One of the cool things about attending VMworld every year is seeing what is new on the horizon and this year, ironically, there is something called Project Horizon and the first milestone of that project called VMware Horizon Application Manager. Horizon is a hosted service that will centrally manage the provisioning, access and usage of software-as-a-server (SaaS) applications while at the same time applying the companies standardized security and access controls. This will give the end users of the application the ability to use the applications via VMware ThinApp or View products to stream the application across multiple devices all with a single login. The end users will also have self-service access to a corporate store for their SaaS and Web-based applications. Managing these applications will be completely user based with no need to worry about the underlying device the software or application is running on.
If automated IT Operations is going to succeed and deliver its promised benefits then IT Operations is going to have to get reorganized – with supporting hardware teams part of the virtualization team. Furthermore Application Operations will have to be instantiated as a function that is responsible for the actual service level delivered by the applications to their constituents.
There is now a huge amount of movement in the area of what we have called “Diverse” Platform as a Service i.e. PaaS that delivers a number of different application infrastructure technologies on a mix-and-match basis and where there is no proprietary technology layer at any point in the platform stack. Amongst these we would include OpenShift, Cumulogic and CloudFoundry from our recent set of posts. AppFog sits in this category, and the fact that it has been recently renamed from PHPFog highlights a major trend in the space, the vendors typically start by developing a single technology, build an initial business plan and gain some market traction within that niche, and then move on to supporting a broader range of platforms.
To recap the story so far, I’m prototyping an application and deploying it to various PAAS environments. I am not getting any special help from any of the vendors in this exercise – you can think of me as a “secret shopper” for PaaS, although I don’t hide my identity. I am approaching each platform on its own merits, and in these posts I am recounting and contrasting my experiences and reaching some general conclusions about the PaaS market.
Business Agility ...
• • 0 Comments
VMware deserves an enormous amount of credit for promising to reinvent IT Operations around automation and the guaranteed performance of applications. VMware either has or is working on all of the building blocks required to execute upon this vision for the vSphere platform. The combination of innovation by VMware, and by the third party ecosystem on this front will create a new compelling benefit to virtualization, that will allow virtualization to comfortably address business critical and performance critical applications.
If there was one thing I saw and heard about at VMworld, was the number of third party collaborations that were taking place. While not explicitly stated by VMware at VMworld, the show floor had many different collaborations that were taking place. This level of collaboration shows a level of maturity within the virtualization and cloud vendor ecosystems. A maturity, that shows that the vendors understand the benefits of leveraging other companies to lower their overall costs while producing better and more attractive products. Some of the collaborations I saw where purely the resale of products, while others were integrations between products.