The Virtualization Practice

Cloud Computing

Cloud Computing focuses upon how to construct, secure, manage, monitor and use public IaaS, PaaS, and SaaS clouds. Major areas of focus include barriers to cloud adoption, progress on the part of cloud vendors in removing those barriers, where the line of responsibility is drawn between the cloud vendor and the customer for each of IaaS, PaaS and SaaS clouds, ...
as well as the management tools that are essential to deploy in the cloud, ensure security in the cloud and ensure the performance of applications running in the cloud. Covered vendors include Amazon, VMware, AFORE, CloudSidekick, CloudPhysics, ElasticBox, Hotlink, New Relic, Prelert, Puppet Labs and Virtustream.

It’s a different way of thinking about the Cloud, where the starting point is not the DataCenter, or the IT service, or the “user”, but the direct delivery of consumer services. Into this vision plays Chromium OS (released to Open Source on November 19th). Google devices delivering Google services (and other services intermediated by Google) from the Cloud to consumers.

The last Virtualization Security Podcast covered PCI, Kurt Roemer and Jeff Elliot who were guests represented PCI.  PCI as you hopefully know is working on compliance guidance for payment systems running within virtual machines and the cloud. This early discussion is a plea for people to get involved in reviewing the currently developing white-paper. While…

There has been great debate of what comprises the cloud, how to bound the cloud so that its easier to understand, and how to secure the cloud. Christofer Hoff of the Rational Survivabilty blog has been spear-heading quite a bit of discussion on cloud taxonomy in his attempts to wrap some thoughts around how to properly secure the cloud and everything within it. The start of this journey is the act of defining exactly what the cloud is, and is not. NIST’s document adds some more to an existing definition by defining public and private clouds.

Intrusion Protection Systems (IPS) differ quite a bit from Intrusion Detection Systems (IDS). An IPS is designed to modify some form of security setting when an intrusion is detected, thereby preventing the intrusion from being successful. An IDS on the other hand is just the detection component used by an IPS. Like all security tools used within a virtual environment there are four major ways to implement such devices. We will discuss later some best practices for managing a security tool. We will look at what is currently shipping over products hinted at for the future such as the OpenVSwitch, Xen Instropection API.

I was recently on an island and it got me thinking about whether a set of close islands can support a highly mobile cloud? If not what would be needed to make the Islands Cloud safer from the vagaries of Mother Nature, such as hurricanes, volcanoes, and earthquakes. Can a cloud provider be based on an island? or would it need to be on every island? Only the mainland?

I was recently on an island and it got me thinking of how would I move my company to the island. The company services people around the world, but would also service local to the island. Does virtualization really help me here? Why do I ask this, because an island is often prone to the vagaries of mother nature: Lava, Flooding, Typhoon, Hurricane, Earthquakes, humidity, desert, power fluctuations, etc. The list is pretty endless. So how would you move a business to or from an Island? Is this where the Cloud becomes a mature component? If so how much cloud do you need?