The Virtualization Practice

Cloud Computing

Cloud Computing focuses upon how to construct, secure, manage, monitor and use public IaaS, PaaS, and SaaS clouds. Major areas of focus include barriers to cloud adoption, progress on the part of cloud vendors in removing those barriers, where the line of responsibility is drawn between the cloud vendor and the customer for each of IaaS, PaaS and SaaS clouds, ...
as well as the management tools that are essential to deploy in the cloud, ensure security in the cloud and ensure the performance of applications running in the cloud. Covered vendors include Amazon, VMware, AFORE, CloudSidekick, CloudPhysics, ElasticBox, Hotlink, New Relic, Prelert, Puppet Labs and Virtustream.

Whilst I have been away on vacation, something fairly interesting has happened in the area of Open Source initiatives for Infrastructure as a Service in the form of a new initiative from NASA and Rackspace called OpenStack. You may remember in our last post in this area, we noted that there was a proliferation of offerings in the IaaS space, and it was in the customer’s best interest for there to be effective migrateability (or even mix and match) amongst public and/or private clouds. However, the API standards to support interoperability are proving elusive.

Cloud and hosting providers are aggressively investing in new Intel Xeon servers that can have as many as 32 cores per server (4 processors with 8 cores per server). Some of this investment is in response to current demand for actual capacity from customers. Some of it is investing ahead of the curve so that the cloud vendor is properly positioned when the demand arrives. The growth and the hype in the cloud is such that there is highly likely to be an overbuild of capacity at some point and then a crash and a period of consolidation – just as there was with ASP’s and the .com companies.

When you read books on virtualization, cloud computing, security, or software product sheets a common word that shows up is Policy. Tools often claim to implement Policy, while books urge you to read or write your Policy. But what does Policy imply?

Webster ( defines policy as:

1 a : prudence or wisdom in the management of affairs b : management or procedure based primarily on material interest
2 a : a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions b : a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body

When you read policy in product literature and books we are looking at definition number 2 and often a over b. But what does this mean to those who administer and run virtual environments or make use of cloud services?

Microsoft to Bring the Cloud to the Datacenter with Server App-V

Microsoft is bringing its strongest assets – the installed base of its key products in the enterprise, and its library of commercial and custom built applications (and their associated developer communities) along with compelling new technologies like Server App-V to the virtualization and cloud fight. Leveraging Azure and App-V along with these existing enterprise assets makes Microsoft into a much more potentially formidable competitor to VMware than Microsoft is today based solely upon Hyper-V.

During the Virtualization Security Podcast on 6/22, Steve Orrin of Intel and Dennis Morreau of RSA joined us to discuss the impact of Intel Westmere chips built-in Trusted Platform Module (TPM) and Trusted Execution Technology (TXT) on Cloud and Virtualization Security. TPM is not all that new, but TXT’s usage in virtualization security is new. Both together can form a hardware root of trust for the virtual environment.

At the moment however, these technologies are limited to just providing a secure launch of a well known hypervisor within the hardware. As such they have not been extended to the virtual machine. TXT however solves a very important issue that at the time the book VMware vSphere and Virtual Infrastructure Security was written had theoretical solutions, I speak of Blue Pill style attacks. There were rumors of Hyperguard or Guard Hype tools becoming available, but they are only research projects. TXT on the other hand, offers protection from Blue Pill style attacks.

VMware has already demonstrated a penchant for using open source technologies to fundamentally disrupt the value propositions for the products from competing vendors in the systems software and applications platform businesses. This has put the operating systems businesses at Microsoft and Red Hat, and the applications platform businesses at Microsoft, Red Hat, IBM and Oracle under pressure, by providing a cost effective and fully functional alternative to the traditional licensed software models of these companies. It is entirely possible that VMware will pursue the same approach in the management software industry thereby disrupting the business models and product positions of CA, IBM/Tivoli, HP, BMC as well as many of the vendors currently in the VMware ecosystem.

We’ve been following Eucalyptus over a series of posts, and recently seen the company strengthen its management team with the appointment of new CEO Marten Mickos the (only) ex-CEO of MySQL. This week they have released a new version of the Eucalyptus product, Version 2.0. which carries some of his strategy, particularly in putting clear water between the Open Source and the Enterprise version of the product.