The Virtualization Practice

Cloud Computing

Cloud Computing focuses upon how to construct, secure, manage, monitor and use public IaaS, PaaS, and SaaS clouds. Major areas of focus include barriers to cloud adoption, progress on the part of cloud vendors in removing those barriers, where the line of responsibility is drawn between the cloud vendor and the customer for each of IaaS, PaaS and SaaS clouds, ...
as well as the management tools that are essential to deploy in the cloud, ensure security in the cloud and ensure the performance of applications running in the cloud. Covered vendors include Amazon, VMware, AFORE, CloudSidekick, CloudPhysics, ElasticBox, Hotlink, New Relic, Prelert, Puppet Labs and Virtustream.

VMware has already demonstrated a penchant for using open source technologies to fundamentally disrupt the value propositions for the products from competing vendors in the systems software and applications platform businesses. This has put the operating systems businesses at Microsoft and Red Hat, and the applications platform businesses at Microsoft, Red Hat, IBM and Oracle under pressure, by providing a cost effective and fully functional alternative to the traditional licensed software models of these companies. It is entirely possible that VMware will pursue the same approach in the management software industry thereby disrupting the business models and product positions of CA, IBM/Tivoli, HP, BMC as well as many of the vendors currently in the VMware ecosystem.

We’ve been following Eucalyptus over a series of posts, and recently seen the company strengthen its management team with the appointment of new CEO Marten Mickos the (only) ex-CEO of MySQL. This week they have released a new version of the Eucalyptus product, Version 2.0. which carries some of his strategy, particularly in putting clear water between the Open Source and the Enterprise version of the product.

Can we use some of this Risky Social Behaviors post to aid us in finding an adequate definition for secure multi-tenancy? Perhaps more to the point it can define how we look at multi-tenancy today. On a recent VMware Communities podcast we were told two things that seem contradictory to current security thinking. The first is that going to the cloud reduces your risk, and the second was that the definition of the cloud must include multi-tenancy.

I you buy vSphere 4 (or 4.1) after June 9th, you get a free copy of SLES to run on any CPU on which you have a valid license for vSphere. This lines up SLES on vSphere alongside Windows on Hyper-v, in both cases the O/S and the hypervisor are supplied under the same license. This obviously lines up SLES on vSphere alongside Windows on Hyper-v, in both cases the O/S and the hypervisor are supplied under the same license. In the long term, Licensing SLES leaves out a tantalizing prospect that VMware can build its own semi-official version of Azure, using vSphere, SLES and Mono, without a Windows server operating system in the mix.

The security companies are looking into all aspects of virtual environment introspection to label, tag, or mark all objects for compliance reasons, inspect the contents of virtual machines for asset management (CMDB), and an early form of Root Kit detection.

Virtualization Security is not just about the firewall, it is about the entire ecosystem, auditing, compliance, and object management.

While doing a quick Google search to find what a Cloud is, I have found several different definitions which depend on which vendor site you pull up. One thing is for sure despite the frequent use of the term, it still means different things to different people and or companies. For my reference point I am going to use the National Institute of Standards and Technology definition referenced by Texiwill’s NIST Cloud Computing Definitions Final article.

The panel of the Virtualization Security Podcast on 5/27/2010 was joined by an attorney specializing in the Internet space. David Snead spoke at InfoSec and made it clear that there was more to secure multi-tenancy than one would imagine. The first question was “how would you define tenant?” which I believe is core to the discussion of SMT as without definitions we have no method of communicating. Before we get to David’s response, we should realize that nearly every one has their own definition of Tenant for a multi-tenant solution.