The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

vSphere 5 Licensing – The Role of Cross Platform Management Tools and the Hotlink SuperVISOR

So you are a loyal VMware customer. You have licenses for vSphere 4 and you are about 40% virtualized. Based upon the revised vRAM entitlements in the revised vSphere 5 licensing, you think you are going to be OK as you progress through the more demanding business critical purchased and custom developed applications that lie in front of you. But you would like a hedge and a simple way to manage the second hypervisor that is a part of that hedge. Help has arrived.

Trend Micro: Info Graphic on Journey to the Cloud

Trend Micro provided us a very interesting info graphic on a Journey to the Public Cloud with a list of which of their tools secure that Journey. What is interesting about this info graphic is the steps outlined in this journey to the Cloud and the threats and issues as you step along this path. These steps are well thought out and are useful to everyone as they look at their virtualization and cloud security options moving forward.

At the NE VMUG, while walking the floor I saw a new virtualization backup player, perhaps the first generic Replication Receiver Cloud: TwinStrata. And information gained while not at the NE VMUG. There is also a new virtualization backup player just for Hyper-V: Altaro. As well as a new release of Quest vRangerPro. The Virtualization Backup market is a very dynamic market with new ideas, technologies, and concepts being put into the market at every turn. In many ways, the market leaders are not the bigger companies but the smaller and fast growing companies. In the past, it was about features associated with pure backup, but now it is about features and fast disaster recovery and recovery testing.

The 7/7 Virtualization Security Podcast with Steve Kaplan, Vice President of INX’s Data Center Virtualization Practice and well known ROI/TCO expert within the virtualization and cloud space, joined us to talk about the ROI and TCO of virtualization and cloud security. We discussed someways to view virtualization and cloud security, but mostly the fact that many people may not think ROI or TCO even applies until a problem occurs and you need to rush in and find and fix the leak that lead to a break-in. In essence, the ROI of proper security tools is your entire business.

vSphere 5 – Virtualize Business Critical Applications with Confidence

Just in time for the adoption of vSphere 5 by enterprises seeking to virtualize business critical and performance critical applications, AppFirst, BlueStripe, and ExtraHop have pioneered a new category of APM solutions. This new category is focused upon allowing IT to take responsibility for applications response time for every application running in production. This is an essential step on the road toward virtualizing the 60% of the applications that remain on physical hardware.

The 6/30 Virtualization Security Podcast with Simon Crosby Founder and CEO of Bromium started with a discussion of SaaS security but soon went to a discussion of Data Security. Simon left Citrix not to long ago to form a new company, Bromium, to seriously look into how the hypervisor itself can provide better security for data manipulations than it does today. But first we started off with SaaS and how you can Identify the user within a cloud.

As a delegate for Tech Field Day 6 in Boston, I was introduced to many third party management tools. In the past I have been given briefings as well on various VMware, Hyper-V, and Citrix Xen Management Tools as well. Many of these tools are marketed directly for use by the administrator, but they have the tools can be used by more than the administrator. These tools should be marketed to management, administrators, as well as the network operations center (NOC). We need tools that perform continual monitoring and auditing so that we can know as soon as possible when a problem occurs.

The 6/16 Virtualization Security Podcast started as a twitter conversation with a comment about PaaS Security where James Urquhart, Krishnan Subramanian, Rich Miller, and myself went back and forth about PaaS security and the role of the developer. It was not quite a DevOps conversation but pretty close. Rich could not join us on this Podcast but hopefully will make a future one. PaaS security appears to be dependent on two things, the provider’s security, and how it is used.

Get Your OS from VMware: Mobile Virtualization Platform

As a delegate for Tech Field Day 6 in Boston, I was introduced to VMware’s Mobile Virtual Platform (MVP) which allows you to have a single hardened VM running within, currently, very few Android-based devices as such requires a version of Android from VMware for the virtual machine aspect of MVP. The first version of MVP has several interesting security features as well s security issues as you move forward. Given the current spat of Android based malware, it is important to consider the security features of any new product whether it is a version 1.0 or not. Even with these issues, MVP has some very interesting uses outside the realm of a mobile phone platform. I can see this being used on tablets as a way to get a corporate VM.