The problem is that not everything is as black and white as security folks desire. If we implement performance and other management tools, we often need to expose part of our all important virtualization management network to others. But how do we do this safely, securely, with minimal impact to usability? Why do we need to this is also another question. You just have to take one look at the Virtualization ASsessment TOolkit (Vasto) to realize the importance of this security requirement. But the question still exists, how do you implement other necessary tools within your virtual environment without impacting usability?
At the InfoSec World 2011 conference, in the sessions I attended, there was quite a bit of discussion about moving to the cloud as well as cloud outages.
I was reading the post Small Business Virtualization and that really got me thinking about Small to Medium Businesses and what part Cloud Computing will play in that market. There are plenty of small businesses in and around my area and I have a couple of friends that are the owners of a couple of these small businesses. A majority of these small businesses have a single or a couple of point of sale machines that feed to the accounting program. It is these businesses that I think of when I think of what a small business is. Would virtualization help these companies? Sure, I think so but would it really be worth the cost to setup and maintain?
There were two announcements over the last few days that struck me as quite important to the virtualization community. While some may question this statement, the long reaching effects of these purchases will impact virtualization and cloud computing in not so distant future. In fact, these purchases could add a whole new layer to vSphere as we know it today. Which for VMware is a good thing. They need to continue to innovate to stay ahead of the pack. The purchases I talk about are:
VMware purchasing/taking over control of EMC Mozy
RSA purchasing NetWitness
While we may well be on the road towards VMware becoming the layer of software that talks to the hardware in the data center – removing Microsoft from that role, this is not the end of Windows. If Windows were just an OS, it would be severely threatened VMware insertion into the data center stack. But Windows is not just an OS. Windows is also a market leading applications platform with .NET have a far greater market share and base of developers than vFabric. Windows is also in the process of becoming a PaaS cloud – one that will be living at Microsoft, at thousands of hosting providers, and at probably every enterprise that is a significant Microsoft customer. This incarnation of Windows is at the beginning of its life, not the end.
On the second Virtualization Security Podcast of 2011, we had Doug Hazelman of Veeam as our guest panelist to discuss backup security. Since most of backup security relies on the underlying storage security, we did not discuss this aspect very much other than to state that the state of the art is still to encrypt data at rest and in motion. What we did discuss is how to determine where your data has been within the virtual or cloud environment. This all important fact is important if you need to know what disks or devices touched your data. An auditing requirement for high security locations. So we can take from this podcast several GRC and Confidentiality, Integrity, and Availability elements
Given the VNXe’s expandability to include fibre channel cards in the future. This storage looks very attractive to those SMBs who have made the investment previously to move towards fibre. Making use of your existing infrastructure whether fabric or Ethernet would lower the cost of adoption for the low-end EMC product. The VNXe’s expandability is one of those items that makes it an attractive tool for other uses. What are those other uses with respect to security, DR, BC, and disaster avoidance?
Chad Sakac mentions on his blog that VNXe “uses a completely homegrown EMC innovation (C4LX and CSX) to virtualize, encapsulate whole kernels and other multiple high performance storage services into a tight, integrated package.” Well this has gotten me to thinking about other uses of VNXe. If EMC could manage to “refactor” or encapsulate a few more technologies, I think we have the makings of a killer virtualization security appliance. Why would a storage appliance spur on thinking about virtualization security?