The Virtualization Practice

Cloud Computing

Cloud Computing focuses upon how to construct, secure, manage, monitor and use public IaaS, PaaS, and SaaS clouds. Major areas of focus include barriers to cloud adoption, progress on the part of cloud vendors in removing those barriers, where the line of responsibility is drawn between the cloud vendor and the customer for each of IaaS, PaaS and SaaS clouds, ...
as well as the management tools that are essential to deploy in the cloud, ensure security in the cloud and ensure the performance of applications running in the cloud. Covered vendors include Amazon, VMware, AFORE, CloudSidekick, CloudPhysics, ElasticBox, Hotlink, New Relic, Prelert, Puppet Labs and Virtustream.

You heard the buzzwords and drunk the kool-aid and now you want to move to the cloud, how do you do this? This has been the a fairly interesting question on the VMware Communities Podcast yesterday, when the vCloud team showed up to talk about the current reference architecture. Yet almost all the questions were about going to the cloud and not about the architecture. Does this mean people do not understand what is required to go to the cloud? I think so. So to take a few elements from the podcast and put them in writing is the goal of this article. The Simple Steps to move to the cloud.

Chad Sakac mentions on his blog that VNXe “uses a completely homegrown EMC innovation (C4LX and CSX) to virtualize, encapsulate whole kernels and other multiple high performance storage services into a tight, integrated package.” Well this has gotten me to thinking about other uses of VNXe. If EMC could manage to “refactor” or encapsulate a few more technologies, I think we have the makings of a killer virtualization security appliance. Why would a storage appliance spur on thinking about virtualization security?

Monitoring the performance of the infrastructure, applications and services in IT as a Service environments will require that monitoring solutions become multi-tenant, can be instantiated by ITaaS management tools without any further configuration, and that they automatically “find” their back end management systems through whatever firewalls may be in place. These requirements will probably be the straw that breaks the camel’s back for the heavyweight complex legacy tools that were in place prior to to the onset of virtualization, the public cloud and now IT as a Service. ITaaS is the tipping point that should cause most enterprises ignore every monitoring tool that they have bought in the past and to start over with a clean sheet of paper.

In the first Virtualization Security Podcast of 2011, we had Brad Hedlund with us once again. Not to talk about the Cisco Virtualization Security Gateway (VSG), but about the security of what I call physical-virtual devices that provide network virtualization within the hardware. Or what Brad Called Network ID Virtualization (NIV). Cisco has taken its VN-Link technology to extend the networking of a VM directly into the core switch when using vSphere.

Digging out after a Snowstorm: Similar to our virtual environments?

Sooner or later that perfect landscape of white is marred by new mounds of snow and clear-cut paths through it to the various locations on the property. When you look at these paths and the snow is high enough, they look like tunnels. The large tunnels (driveway) meet smaller and smaller ones. The perfect landscape of snow is now marred. This is just how a firewall looks when you put holes in it to let through various services. The more services, the more tunnels and paths will be cut. When speaking about the cloud or virtual environments, the increase in paths and entry points becomes a serious issue.

The acquisition of Akorri by NetApp demonstrates the importance of Infrastructure Performance Management solutions as virtualization progresses into the realm of business critical applications, and as public clouds hope to do the same. However rather than signaling a “game over” this acquisition really raises both the visibility and the importance of both the problems that Akorri solved, and the true end-to-end problems that remain.

Given that vSphere provides significant benefits in terms of cost savings and business agility, those benefits are tied to and constrained by the ability of vSphere to provide backward compatibility with existing legacy enterprise systems. This backward compatibility makes it impossible for vSphere to provide infinite horizontal scalability. Moving to the same architecture as the most highly scaled out public cloud vendors provides for a more radical set of benefits, but at the cost of breaking backward compatibility for many applications.

It is the start of 2011 and I hope everyone has not broken their New Year’s Resolutions already. To start the year off, I would like to encourage and or challenge you to become a part of your local VMware User Group or VMUG as we like to call it. Last year I did a post on My Experience with VMUGs and I am a full supporter of this program and the good it can bring. Although I have a bias for the VMUGS over other types of user groups, the concept of people helping people rates high in my book and I would like to challenge you all to get involved.

Threat Analysis: Layers upon layers

When we think of the threat to a virtual environment or the cloud, what do we think about? First it is important to understand how the cloud is layered ontop of the virtual environment. Given a cloud stack, where are the entry points for SaaS, PaaS, IaaS, and Cloud management? At the recent Minneapolis VMUG I attempted to relay that information to the attendees. Once we understood the layers we could then concentrate on the threat vectors to the cloud and virtual environment.