Managing licensing and utilization costs is a mess today in the physical world. Introducing elastic scaling of workloads into a hybrid private/public cloud introduces new uncertainties and new software licensing metering and compliance issues. This is particularly true in the case of enterprise applications which are licensed by the enterprise from the software vendor and then deployed on an as needed basis on Iaas or PaaS clouds.
Cloud Computing ...
• • 0 Comments
A change to the Microsoft Client Access License (CAL) bundle is a rare event – the last time it happened was about 10 years ago; so any change to the CAL bundle has to be seen as a significant indicator of Microsoft’s core values. Or so you would think. Assuming that is right, last week’s announcement at the Microsoft Management Summit of changes to the Core and Enterprise CAL bundles need careful analysis. Changes to the CAL are a strategic driver towards new product adoption and represents a clear indication of Microsoft’s long-term goals and aspirations. With that in mind we can infer from this latest change how Microsoft views desktop virtualization.
With the diversity of cloud’s available today, data being sent from one to another could appear to be a hodge-podge of security. As one colleague put it recently when I asked what he was expecting to maintain integrity of data in motion between clouds:
“… what kind of kludge can things end up being when you have multiple connections to multiple hybrid clouds all doing different things” — Steve Beaver
So how does data transfer between the clouds? Is it a kludge? or can it be done using a uniform security policy, procedures, and protocols while maintaining Integrity and Confidentiality and auditability?
The VMware Community Roundtable, which is recorded every Wednesday, has been available for download from iTunes for the last couple of years or about as long has the podcast has been presented on TalkShoe.com. Other than the community podcast and The Virtualization Security Podcast there have not really been too many other things available on iTunes for VMware technologies or products. You could find a VCP study guide, VCP Exam Cram from Pearson Education and some other third party tools to control VMware vCenter from your iPhone and/or iPad. Within the last couple of years there have been hundreds if not thousands of iPads that have been given away at the different technology conferences and the sneak peak from VMware at these conferences, on the iPad application that they are working on, it was just a matter of time and that time has come with VMware releasing the VMware View for iPad and the VMware vSphere Client for the iPad.
Last week I spoke with two different Security as a Service vendors, each with their own approaches to security as a service. The first company I spoke to was CloudPassage who just exited stealth mode in time for RSA Conference, and Zscaler who is a well known company. Both provide Security as a Service with a similar approach by a different design. Both make use of large grids or computers to do all the heavy lifting of security, but from there they differ completely. While there is some overlap in the products, the different designs show us multiple ways to implement Security as a Service.
I just finished reading, yet another Multi-Tenancy Design/Overview that claims to be secure or trusted. While I will agree that this particular design does cover Availability and some GRC (Governance, Regulatory, and Compliance) it is severely lacking in Integrity and Confidentiality. The design even went as far as saying the cloud/virtual administrator requires “COMPLETE VISIBILITY.” I was really taken aback by those words. Why does an administrator need ‘COMPLETE VISIBILITY?’ Which leads me to the question is Integrity and Confidentiality possible within any cloud or virtual environment? Or is it purely based on TRUST?
If so this is an appalling state of virtual and cloud environment security.
In July 2009 I wrote an article entitled Cloud Computing Providers — are they content providers or carriers? and in January of 2011 Chuck Hollis wrote an article Verizon To Acquire Terremark — You Shouldn’t Be Surprised. Now with the Terremark acquisition almost complete and RSA Conference 2011 also over, at which I talked to Terremark about the benefits of belonging to Verizon, a picture is starting to emerge. Yes, my predictions in 2009 make sense and still hold forth today, but is there more of an impact than we realize?
On the 2/24 Virtualization Security Podcast we were joined by Davi Ottenheimer and Michael Haines of VMware to discuss vCloud security. This is of quite a bit of interest to many people these days. As VMware adds more and more Cloud functionality, how to secure the environment is becoming more and more important. The podcast started with the question what aspects of the cloud do customers want secured. The answer was intriguing to say the least.
On the third Virtualization Security Podcast of 2011 we were joined by Charlton Barreto of Intel to further discuss the possibility of using TPM/TXT to enhance security within the virtual and cloud environments. We are not there yet, but we discussed in depth the issues with bringing hardware based integrity and confidentiality up further into the virtualized layers of the cloud. TPM and TXT currently provide the following per host security: