The Virtualization Practice

Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. ...
We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Virtualization Security was one of the BIG Deals at VMworld with several announcements:

* VMware vShield Edge, App, and End Point
* Trend Micro will have the first product making use of vShield End Point
* Cisco Virtual Security Gateway (VSG)
* HyTrust and their growing list of technology partners

But the biggest news is that Virtualization Security is finally on the radar of most if not all C-level as it is now seen as the gate to entering the cloud. But before we can solve the cloud security issue we have to solve the virtualization security issues. VMware’s announcement has the most impact on the virtualization security ecosystem. At once they are competing head-to-head with some vendors while providing a platform to use for other vendors.

VMware vShield 4.1, not for the SMB

I wonder how many of us remember when VMware bought BlueLane and their technology, good things were promised, we saw the first part with the release of vSphere when they introduced vShield Zones. This was a “Free” product for those of you that had any version above Advanced vSphere and to be fair for a 1.0 release was a nice weapon to have in your armoury when dealing with the Security during a design and implementation phase.

At VMworld 2010 San Francisco VMware announced and released the expanded and improved vShield family of products. it however now a costed product, now the good news is that vShield Zones been not been removed from the vSphere suite, and are still “Free” the the correctly licensed level of vSphere.

Nearly everyone I talked to at VMworld was buzzing in some form about Virtualization Security. Everyone has picked up on the pre-show buzz from VMware, Trend Micro, HyTrust, and every other security vendor. This week will tell. There are announcements about security, keynote sessions that include security, and more than a few sessions about security.

This is also arguably the first VMworld where there are a large number of Virtualization Security sessions and panels at VMworld that are not entirely from VMware. I find involving the industry as they have at this specific conference moves forward the entire virtualization security ecosystem.

In case you missed it, Intel has bought McAfee, a security company best known for virus scanning and other malware detection software, for $7.68Bn (on revenues of about $2Bn). This is a tidy multiple in any marketplace, particularly as McAfee is not the dominant player. It is the largest deal Intel has ever done, and the largest pure-play security deal ever. Plus the deal was in cash.

Add to this the Intel plan to purchase the Wireless Solution unit of Infineon (for $1.4Bn) and you now have the direction in which Intel plans to go. More Security in the hardware.

The Virtualization Security Podcast on 8/5 was all about VMware vShield Zones and how the currently beta version will provide defense in depth, be a lever to achieve Secure Multi-Tenancy, and its impact on the virtualization security echo system. Dean Coza, Director of Product Management for Security Products at VMware joined us to discuss the vShield Zones Beta which consists of 3 parts given names and a nameless third part that was hinted at and we shall see more about at VMworld.

In the End-to-End Virtualization Security Whitepaper we review various aspects of server security with an eye to determining how the products would work together to create a secure virtual environment. While some of these tools are cross-platform, the vast majority of them are geared specifically to VMware vSphere.

In this post we will look at Server Security, and we will follow-up with another post about Desktop Security? Are these very different? I believe so, desktops have daily, second by second user interactions. For desktops, one of the most important aspects is look and feel such as response time for actions. So things need to be as fast as possible. With Servers however, user interactions are limited and therefore have slightly different performance and security requirements. What may be acceptable for a server may not be acceptable for a desktop. So what do the tools provide for servers?

Who’s Who in Virtualization Management

Virtualizing business critical systems requires that a layer of virtualization management solutions be added to the virtualization platform. Virtualization management solutions in the areas of virtualization security, virtualization configuration management, virtualization service and capacity management, virtualization service and capacity management, virtualization provisioning and lifecycle management and backup and recovery should be added to the platform.

The Wall Street Journal had an interesting article on the United States General Services Administration has approved the acquisition of some cloud services for use by the Federal Government including many of the Google Apps such as Gmail, Google Docs, etc. Since these services are for sale as well as freely available this sounds more like an admission that they can be used. Will other governments follow suit? But should they be used? That is really the question.

There are two sides to any government, the classified and the unclassified. These are general terms that quantify how the government can use services. While all services require quite a bit of security, classified utilization requires even more, in many cases what most would consider to be “uber-security” requirements. The types of requirements that impact usability in some way. Can these tools provide adequate security?