The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

VirtualizationSecurity

The 3/22 Virtualization Security Podcast brought to light the capabilities of Symantec Critical System Protection (CSP) software. This software successfully implements a manageable version of mandatory access control policies based on role-based and multi-level security functionality within the virtual environment. More specifically on those systems that are critical to the well being and health of your virtual and cloud environments such as all your management and control-plane tools (VMware vCenter, Microsoft SCVVM, XenConsole, etc.). In addition, Symantec CSP will monitor your virtualization hosts for common security issues. This in itself is great news but why are we just hearing about this now? Is this a replacement for other security tools?

Speaking-at-RSAC-2012-small

The 3/8 Virtualization Security Podcast held a discussion on the happenings as the 2012 RSA Conference in San Francisco as well as a discussion of the features of Bitdefender’s entry into the virtualization and cloud space with their SVE product. RSA Conference high lights not just those security tools for the virtualization and cloud spaces but the entire industry and each year there is always a common theme. Was there one this year? Was there any surprises at the conference?

VirtualizationSecurity

The Virtualization Field Day delegates joined the Virtualization Security Podcast as guest panelists on 2/23 and the topic of the day was cloud security. There were questions about compliance, security of the tenant, and security of the administrators, and legal issues. There were answers from Rodney Haywood (Rodos), another Virtualization Field Day Delegate and cloud architect as well as the podcast standard panelists. So what did the questions boil down to?

DesktopVirtualization

OnLive Desktop is on the verge of making a game-changing move in the VDI space delivering the hope of a service that a CFO would bite your hand off for. OnLive’s delivery capability is a wakeup call to the ISVs and SPs who are trying to penetrate this market. With the license battle is about to ensue, Microsoft has the heads up display and is the one holding the shotgun, perhaps OnLive can finally convince Redmond that its always more fun in multiplayer mode.

VirtualizationBackup

During a briefing of Quest’s new data protection announcements I started to think about the future of data protection. Quest recently announced that NetVault will now work with Exagrid devices and that there is now a Capacity Edition targeting SMBs and SMEs. These changes add some more capabilities to an existing product suite. While, these announcements do not necessarily merge with virtualization backup, the combination of Quest’s tools and partnerships do form an impressive view of the future with respect to Data Protection.

VMware100x30

VMware prices and licenses its products today along a set of models that are not optimized for either pure market penetration (like Microsoft) or pure extraction of the maximum cash from each customer (like Oracle). These policies will likely ensure that VMware continues to dominate the high end of the market – especially in enterprise accounts, but that VMware will leave itself open to being eaten from below by Microsoft Hyper-V (especially in Windows only SMB/SME accounts). The long term answer to how VMware positions itself with respect to price and value in the marketplace will likely come from vFabric and Cloud Foundry, as both of these products are crucial to the long term strategic position of VMware in the market – and also will rely upon aggressive third party support to succeed.

Application Security within the Virtual and Cloud Environments

Virtualization and Cloud Security architects, pundits, and writers like myself often talk about protecting the data within the virtual and cloud environments. However, in order to protect that data we need to be able to determine how the data will be used, accessed, modified, and eventually removed. So, how can we understand data security without understanding the application around it. But there is an even more fundamental problem, how do we define the application and the security measures we should take?

HP Delivers High Performance and Security to Thin Client Line

As Virtual Desktops become standard components of the entire desktop environment there are increasing demands on the end point devices to provide the performance of legacy desktop computers they are replacing. Devices with more memory, faster processors and expandable peripheral device support are quickly replacing the utility devices most associated with thin clients. On Monday February 13, 2012 HP announced the release a new class of thin client devices that are designed to address the end user performance needs and adds security architecture to combat increasing security threats.

The 2/9 Virtualization Security Podcast was a discussion on when would one use a virtual firewall. This was in response to being told that there are some people that would never use a virtual firewall for anything, and that got me thinking. Outside of the politics involved with using virtual vs physical firewalls, when would you use one? What are the cut offs, and best practices around using virtual firewalls. We were joined by Rob Randell of VMware to discuss this point.