In around 2008 Tripwire started making itself known in the virtualization space with the release of two free tools, Tripwire’s ConfigCheck and OpsCheck. By the time 2009 came around, Tripwire was getting itself fully established in the virtual space for the release of its new product, Tripwire’s vWire. vWire was release in the summer of 2009 and then killed by the end of that year as Tripwire shifted its focus to an acquisition it made for log management to expand the capabilities of its flagship product , Tripwire Enterprise.
VMware has acquired one more company: Shavlik. This acquisition did not come as much of a surprise to me but is an interesting purchase for VMware. There are quite a few Security as a Service vendors that would make sense for VMware to purchase and Shavlik is one of them. The difference between the other vendors and Shavlik is that VMware has a existing track record with Shavlik as Shavlik is integral in two of VMware’s existing products: VMware Go and VMware Update Manager. Shavlik provides a very important patch management system for these existing products and is one line of defense in the security space. Are there other plans for Shavlik? Or this is a way to lock in one set of tools?
Business Agility ...
• • 0 Comments
These announcements and ideas paint a better direction for cloud development and creation than there existed even one week ago. These announcements also concentrate on the data, not the computer engine(s) within the cloud. It has alwys been about the data.
IT as a Service ...
• • 1 Comment
The problem is that not everything is as black and white as security folks desire. If we implement performance and other management tools, we often need to expose part of our all important virtualization management network to others. But how do we do this safely, securely, with minimal impact to usability? Why do we need to this is also another question. You just have to take one look at the Virtualization ASsessment TOolkit (Vasto) to realize the importance of this security requirement. But the question still exists, how do you implement other necessary tools within your virtual environment without impacting usability?
Mike DiPetrillo’s post entitled VMware is Building Clouds sparked some interesting thoughts and discussion about what it means to have federated clouds and how do you define such federation? Is federated required to make ‘cloud’ ubiquitous or are we already there? But is the discussion really about federated clouds or simplistic data object movement between the VMs or about cloud management?
At the InfoSec World 2011 conference, in the sessions I attended, there was quite a bit of discussion about moving to the cloud as well as cloud outages.
When CloudFoundry was announced, my first thought was this is a nightmare waiting to happen. Why do I think this, because I was not thinking about Open Source developers but enterprise developers and the biggest issue with enterprise development is that the data used by developers is either made up data, but more often than not is actual production data. So the question becomes how can such data be protected when using PaaS public clouds?
On the 4/7/2011 Virtualization Security Podcast, we were joined by Wyatt Starnes of Harris Corporation. Wyatt is the Vice President of Advanced Concepts of Cyber Integrated Solutions at Harris. What this means, is that Wyatt is one of the key folks of the Harris Trusted Cloud initiative. Trust is a funny word, and we have written about that in the past. Harris’ approach is unique in that they are attempting to ensure integrity of all components of the cloud down to the code level, not just the network with their target being the hosted private cloud and NOT the secure multi-tenant public cloud.
There were two announcements over the last few days that struck me as quite important to the virtualization community. While some may question this statement, the long reaching effects of these purchases will impact virtualization and cloud computing in not so distant future. In fact, these purchases could add a whole new layer to vSphere as we know it today. Which for VMware is a good thing. They need to continue to innovate to stay ahead of the pack. The purchases I talk about are:
VMware purchasing/taking over control of EMC Mozy
RSA purchasing NetWitness