All posts by Edward Haletky

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.[All Papers/Publications...]

Virtualizing Business Critical Applications: Data Protection

VirtualizationBackupA major aspect of virtualizing any business critical application is data protection which encompasses not only backup, but disaster recovery, and business continuity. It is imperative that our data be protected. While this is true of all workloads, it becomes a bigger concern when virtualizing business critical applications. Not only do we need backups, but we need to protect the business, which is where business continuity comes into play. Continue reading Virtualizing Business Critical Applications: Data Protection

Security Automation = Good Security Practice

VirtualizationSecurityAs I shoveled even more snow, I was starting to think about automation, as in how could I get something to shovel the snow for me, which lead to thinking about automation within the cloud. I see lots of discussion about automation in the cloud. Many of my friends and colleagues are developing code using Puppet, Chef, vCenter Orchestrator, etc. This development is about producing the software defined datacenter (SDDC). However, I see very little in the way of security automation associated with SDDC. Continue reading Security Automation = Good Security Practice

Evaluating Clouds

CloudComputingWhen evaluating clouds there are three major criteria that are used first before we get into the nitty gritty of how the system works. The criteria is not always in writing but it is in the back of everyone’s mind and in many cases are nebulous to define. Herein, I will try to look at those criteria in order to aid others in making the same decisions I have had to make lately while evaluating clouds. Continue reading Evaluating Clouds

Virtualizing Business Critical Applications – Integrity & Confidentiality

VirtualizationSecurityRecently I discussed Virtualizing Business Critical Applications and security, which includes availability, confidentiality, and integrity. However, that discussion was more about visibility into the environment for security operations. I purposely left off the discussion of gaining integrity and confidentiality of the data housed within those business critical applications.   Security encompasses a great number of technologies, and those that provide integrity and confidentiality often differ from those that provide visibility into an environment which differ from those that provide availability. Continue reading Virtualizing Business Critical Applications – Integrity & Confidentiality

SaaS Auditing: Knowing who did what

CloudComputingWe opened this years virtualization security podcast with Phil Cox, the “Security Guy” at Rightscale, who is working through a tangled problem to meet compliance and auditing goals within the cloud. Rightscale is a 100% cloud based company delivering a solution that is also SaaS based. As such they often run directly into SaaS related issues. Rightscale has been running into a problem with the simplest of auditing requirements: how to know when someone has logged in. This problem spans nearly all their 100s of SaaS providers used to run their business. Continue reading SaaS Auditing: Knowing who did what

Virtualizing Business Critical Applications – Security and Compliance

VirtualizationSecurityVirtualizing Business Critical Applications is often stopped either by the sudden involvement of security and compliance, a need to better understand, or a need to gain visibility into the underlying security of the virtual environment in order to build new security and compliance models. As we have commented on the Virtualization Security podcast many times, security and compliance teams need to be involved from the beginning. However, this is not a discussion about involvement but about the tools that will help security and compliance to gain the necessary visibility into the security of their virtual environments and therefore allow for the virtualizing of business critical applications. Continue reading Virtualizing Business Critical Applications – Security and Compliance

Google Circle
Join my Circle on Google+

Plugin by Social Author Bio