It is that time of year again, when we see all the new toys, tools, ideas, and processes that make up the show called VMworld. This year, quite a few changes in virtualization security will be discussed by VMware and other organizations that work with virtual and cloud environments. One of the key messages will be that everyone needs to stop treating virtualization security as something unique and different. Instead of this type of treatment, we have been seeing the extension of existing tools and techniques into virtual and cloud environments. Virtualization and cloud security is a natural progression of all organizational security.

Some folks who look at things through a security lens still see hypervisors as different, and some put security only within the physical layer, but these views and practices are continuing to erode. Security is security, regardless of location, type of system, or service in use. Security is about your data. To that end, VMworld has quite a few things to offer:

There is so much to do at VMworld: a conversation will be just around the corner, literally. If you wish to talk virtualization and cloud security, there will be plenty of people there willing to discuss it on the show floor, in the hang space (where the vBrownBags are), and throughout the sessions.

Our advice for you at VMworld is to ask questions, start a conversation, or join one in progress (as long as it doesn’t appear to be private, that is). Also, remember that many of the sessions and Hands-on Labs will be available post-VMworld. If you cannot attend, then follow #VMworld on Twitter and concentrate on the live streaming going on. Security is always mentioned, and this year the conversation will expand past normal pure virtualization security to focus on the concepts around hybrid cloud and multi-hypervisor security—the security that you need when you design or use a software-defined data center.

Share this Article:

Share Button
Edward Haletky (381 Posts)

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.

[All Papers/Publications...]

Connect with Edward Haletky:


Related Posts:

4 comments for “Virtualization Security at VMworld

  1. Steve Smith
    August 19, 2014 at 9:21 AM

    Is anyone else running Juniper vGW and having to deal with VMSafe becoming deprecated in short order?

  2. August 19, 2014 at 9:29 AM

    Hello Steve,

    VMsafe has yet to be deprecated, however, there have been no new vendors making use of VMsafe, instead they have been directed to either use VCNS App APIs or NSX APIs. For compatibility reasons VMsafe will still be around for a bit (even VMware’s tools make use of parts of it). Could this change, perhaps. I am also trying to find out more. Yet, you are correct there are no new VMsafe vendors.

    Yes, there are quite a few people using vGW, it extends a Juniper SRX into the virtual environment quite like VCNS App does for VCNS Edge.

    Best regards,
    Edward L. Haletky

  3. Steve Smith
    August 19, 2014 at 9:53 AM

    My understanding is that VMware EOL’d it shortly after the release of 5.5.
    (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2058911)

    The way I read that, it means if you want to run 5.5, you must check your vGW at the door.

    Do you have any other info?

  4. August 19, 2014 at 10:02 AM

    Hello,

    Given the wording of ‘it may work’ or ‘may not’ I believe they just said it is EOL. However, given that VMware’s own VCNS App is built upon the same technology and that has not been EOL’d I doubt any code changes have been made to remove the functionality. However, if you have NSX, that is a different story entirely. EOL in this case means out side of support and your vendor has to do the heavy lifting or migrate to controlling VCNS App through its API.

    VMware for years has not allowed any new players into the VMsafe program. They rather have the vendors either use service insertion within NSX (new) or use the VCNS App API (older) over VMsafe. So if they EOL VCNS App, then they may remove that functionality otherwise it still has to be there.

    But I would agree, if you use vGW or one of the other 7 or so VMsafe tools, it is time to look at alternatives and several exist within each vendor’s portfolios.

    Best regards,
    Edward L. Haletky

Leave a Reply

Your email address will not be published. Required fields are marked *


4 × three =