The Virtualization Practice

Cloud Computing

Cloud Computing focuses upon how to construct, secure, manage, monitor and use public IaaS, PaaS, and SaaS clouds. Major areas of focus include barriers to cloud adoption, progress on the part of cloud vendors in removing those barriers, where the line of responsibility is drawn between the cloud vendor and the customer for each of IaaS, PaaS and SaaS clouds, ...
as well as the management tools that are essential to deploy in the cloud, ensure security in the cloud and ensure the performance of applications running in the cloud. Covered vendors include Amazon, VMware, AFORE, CloudSidekick, CloudPhysics, ElasticBox, Hotlink, New Relic, Prelert, Puppet Labs and Virtustream.

Rackspace has got the OpenStack governance model spectacularly wrong, and as a result the whole initiative is in peril. Not only are the Chair and the Chief Architect appointed directly by Rackspace, but 3 additional members are appointed directly by Rackspace, meaning that the 4 independently-elected Community members (even if they could agree) could never form a majority. There is actually no need to gain control explicitly. You control by contribution. Since Rackspace contributes most it will gain most control. Rackspace doesn’t actually need control to satisfy its business objectives. ll it needs is to make sure the project is successful and retain enough control over the project to ensure its own needs are met. So our suggestion to OpenStack is to take their Governance model, rip it up and start again.

Does Public or Private make a difference to Cloud Security?

When we talk about Cloud Security, the main concept is to separate, as an example, Coke from Pepsi. This implies that Tenant’s cannot impact the availability of each others data, the integrity of that data, and the confidentiality of that data. But what does this actually mean? Does this apply to all types of clouds in the same way?

There are three types of cloud families: Private, Hybrid, Public. There are at least 3 types of clouds: SaaS, PaaS, and IaaS. Do the same rules for one cloud family work for all cloud families? as well as for the types of clouds?

I believe the answer is yes.

Christofer Hoff (@Beaker) and I had a short discussion on twitter the other day about the VMware Cloud Director (vCD) security guidance. We both felt it was a bit lite and missed the point of Secure Multi Tenancy. However, I feel even more strongly that people will implement what is in the vCD Guidance, vBlock Security Guidance, and the vSphere Hardening Guidance, and in effect have a completely insecure cloud. These three guides look at the problem as if they were singular entities and not as a whole.

I can remember, in what seems like a really long time ago, about the creation of a new company, Acadia, that will support the coalition of VMware, Cisco and EMC’s vBlock product. I had really long forgotten about the new company that was going to be formed when EMC really started their hiring blitz and campaign to get all the well known talent that EMC could get their hand on. That had been the news and buzz in the industry, as well as a nonstop twitter topic speculation about who was going to be the next person to enroll in Chad’s Army as a vSpecialist. It really appeared that the EMC crew was going to be in the best position to support and sell vBlock technology.

VMware’s 5 Businesses and the “New Stack”

VMware dominates the enterprise virtualization platform business with vSphere, and is poised to create a vSphere compatible public cloud ecosystem around vCloud. Layering Management software on top of these platforms is a logical progression up the value stack, as is layering an applications platform (vFabric) on top of vSphere and vCloud. VMware’s end user computing strategy seems to be too tied to VDI to be able to break out of the fundamental limitations associated with this approach, and will likely leave the larger question of how to manage the next generation desktop to the previously mentioned startups and perhaps Symantec.

IO Virtualization Approaches: VMworld 2010 Review

There seem to be three styles of IO Virtualization (IOV) taking place within the virtual environment. At VMworld, the IO Virtualization companies were out and talking to people about their wares, products, and approaches to IO Virtualization. These three methods are:

* Converged Network Adapters used within Cisco UCS, HP Matrix, etc.
* Attached IOV top of rack devices such as the Xsigo Device
* PCIe Extenders

Each of these provide unique benefits to your virtual environment but which to use? First, we need to know what each of these approaches brings to the table.

VMware has said that is it committed to its Desktop Virtualization Strategy but VMWare’s commitment to VDI as the only solution is going to mean that unless you are only going to deploy VDI you’ll likely consider another vendor to help you achieve your goal.
There are two desires which are fundamentally in conflict, and addressing this conflict is the biggest opportunity in desktop computing. Can you manage the demand for users to have effective IT at their fingertips while controlling access and costs from the centre?