Since I last blogged ThinApp I have been thinking about the security aspects of ThinApp and came up with a set of questions to which I searched for some answers. In essence could ThinApp be used to subvert existing system security? What about other similar technologies like Microsoft App-V.
Last month Verizon expanded its Computing as a Service (CaaS) cloud computing offering. The expansion itself is not surprising. The interesting tidbit is that Verizon has Carrier Status and therefore different laws apply to them than any other cloud provider that does not have this status, such as Amazon EC2, Terramark, etc. Will cloud computing providers be the next internet service provider? If so will they have to battle to not be responsible for the content within their clouds, as did internet service providers with the battle that ensued over the Communications Decency Act?
The use of VMware VMsafe enabled third party products introduces third party fastpath drivers into your hypervisor. What these drivers ultimately do is interact with the VMsafe fastpath API, but is that ALL they do? That is why we need some level of certification for VMsafe fast path drivers. We need to KNOW that they do not do anything wrong, bad, or unfortunate.
In many cases when you start to discuss security of virtualization, you soon drop into a discussion of virtual networking, and management network security. In other words you are laying out the traditional security zones that exist within the networking world. Network security, virtual and physical, is extremely important however there is more to virtualization security than just your network. Here are some new ways to consider virtualization security.
The recent VMware Communities Podcast had ThinApp engineers on the call. Their mantra when presented with questions on licensing was “Ethics do not ship with the code.” In other words, applications that could end up as ThinApps could violate your End User License Agreements (EULA).
Veeam has posted a blog of their own trying to explain why they are no longer selling Veeam Backup 3.x for the Free version of VMware ESXi. It is perfectly understandable that Veeam would comply with VMware’s requests in this matter as Veeam as a company depends upon their relationship with VMware to further their own business aims. In other words, Veeam has done nothing that could be considered wrong. However, VMware making the request in the first place should be a major concern to current and future vendors of VMware products.