The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Christofer Hoff (@Beaker) and I had a short discussion on twitter the other day about the VMware Cloud Director (vCD) security guidance. We both felt it was a bit lite and missed the point of Secure Multi Tenancy. However, I feel even more strongly that people will implement what is in the vCD Guidance, vBlock Security Guidance, and the vSphere Hardening Guidance, and in effect have a completely insecure cloud. These three guides look at the problem as if they were singular entities and not as a whole.

The Virtualization Security Podcast on 9/16 was the first in a series of Virtual Desktop Security discussions we will be having. The special guest panelist was Bill McGee from Trend Micro who helped us to understand their implementation of Deep Security 7.5’s Anti-Virus and Anti-Malware (AV collectively) within the virtual desktop.

Trend Micro’s product makes use of enabling technology within vShield Endpoint to provide offloaded AV and Anti-Malware scanning of virtual machines using only one set of rules and one VM to do the actual scanning. Removing the per VM rule set and processing that currently takes place within the VM.

VMware’s 5 Businesses and the “New Stack”

VMware dominates the enterprise virtualization platform business with vSphere, and is poised to create a vSphere compatible public cloud ecosystem around vCloud. Layering Management software on top of these platforms is a logical progression up the value stack, as is layering an applications platform (vFabric) on top of vSphere and vCloud. VMware’s end user computing strategy seems to be too tied to VDI to be able to break out of the fundamental limitations associated with this approach, and will likely leave the larger question of how to manage the next generation desktop to the previously mentioned startups and perhaps Symantec.

Virtualization Security was one of the BIG Deals at VMworld with several announcements:

* VMware vShield Edge, App, and End Point
* Trend Micro will have the first product making use of vShield End Point
* Cisco Virtual Security Gateway (VSG)
* HyTrust and their growing list of technology partners

But the biggest news is that Virtualization Security is finally on the radar of most if not all C-level as it is now seen as the gate to entering the cloud. But before we can solve the cloud security issue we have to solve the virtualization security issues. VMware’s announcement has the most impact on the virtualization security ecosystem. At once they are competing head-to-head with some vendors while providing a platform to use for other vendors.

VMware vShield 4.1, not for the SMB

I wonder how many of us remember when VMware bought BlueLane and their technology, good things were promised, we saw the first part with the release of vSphere when they introduced vShield Zones. This was a “Free” product for those of you that had any version above Advanced vSphere and to be fair for a 1.0 release was a nice weapon to have in your armoury when dealing with the Security during a design and implementation phase.

At VMworld 2010 San Francisco VMware announced and released the expanded and improved vShield family of products. it however now a costed product, now the good news is that vShield Zones been not been removed from the vSphere suite, and are still “Free” the the correctly licensed level of vSphere.

Nearly everyone I talked to at VMworld was buzzing in some form about Virtualization Security. Everyone has picked up on the pre-show buzz from VMware, Trend Micro, HyTrust, and every other security vendor. This week will tell. There are announcements about security, keynote sessions that include security, and more than a few sessions about security.

This is also arguably the first VMworld where there are a large number of Virtualization Security sessions and panels at VMworld that are not entirely from VMware. I find involving the industry as they have at this specific conference moves forward the entire virtualization security ecosystem.

In case you missed it, Intel has bought McAfee, a security company best known for virus scanning and other malware detection software, for $7.68Bn (on revenues of about $2Bn). This is a tidy multiple in any marketplace, particularly as McAfee is not the dominant player. It is the largest deal Intel has ever done, and the largest pure-play security deal ever. Plus the deal was in cash.

Add to this the Intel plan to purchase the Wireless Solution unit of Infineon (for $1.4Bn) and you now have the direction in which Intel plans to go. More Security in the hardware.

The Virtualization Security Podcast on 8/5 was all about VMware vShield Zones and how the currently beta version will provide defense in depth, be a lever to achieve Secure Multi-Tenancy, and its impact on the virtualization security echo system. Dean Coza, Director of Product Management for Security Products at VMware joined us to discuss the vShield Zones Beta which consists of 3 parts given names and a nameless third part that was hinted at and we shall see more about at VMworld.