It has been stated by some that SMBs should adopt cloud computing as the next best method to gain the best return on investment. However, is this really the case? Is cloud sufficiently advanced to provide compliance, security, and ROI? Do the SMBs know enough about the Cloud to properly utilize this powerful tool?
With the advent of VMware Go, vCloud Express, and the vCloud API, VMware’s marketing message is that all SMBs should use the cloud to either deploy their free hypervisor (VMware Go), or use the Cloud to run their servers (vCloud Express). VMware claimed at VMworld that we are no longer looking for ROI with Virtualization from a pure power and equipment costs, no we are now looking at virtualizing to save funds within the operational space of your company. Where best to do this than for SMBs to instead of owning their own equipment move their servers into the waiting vCloud Express providers such as Savvis, Terremark, Hosting.com, etc.
So what does this really mean to a SMB?
VMware Go is an interesting option from VMware and while related to the cloud, it is not really cloud computing, it is a remote installation technology that makes installing VMware vSphere ESXi 4 much easier. It provides VMware, however, with some much needed information if they are going to push ESXi as the only version of ESX. That is upon what hardware it is being installed! VMware ESX and ESXi suffers from one major issue that confuses and confounds most people. It can not install everywhere and be ubiquitous, it has hardware and other limitations. VMware Go is a way for VMware to verify if ESXi can be properly installed on the target system by comparing hardware to the available HCLs. The only limitation is that it requires Windows preloaded on the target system to get this information. So if you are a Linux shop, VMware Go is of limited use.
This will hopefully decrease the number of support and communities cases that deal just with ‘Got X Motherboard or system and ESXi will not work or install’.
However, use of VMware Go needs to be monitored so that VMware can only see the one host as you are running their tool within your environment. So some segmentation may be required. The other is that in order to perform the remote install the VMware ESXi management appliance needs to accessible by the VMware Go servers, which generally means they will need to be internet facing in some way. This is a very unsafe way to leave VMware ESXi, so once ESXi is installed please properly secure the ESXi environment by moving the management appliance ports to a proper virtualization management network set behind a firewall that the internet cannot access!
VMware vCloud Express
vCloud Express on the other hand, truly is the cloud providing Virtualization as a Service. It is designed for use by development, testing, and other low hanging fruit according to the VMworld keynotes. Those systems you feel do not need a higher level of service level (SLA) or security. Let someone else manage the hardware, virtualization hosts, network, etc. In essence, the operational areas of your current IT administration. However, not once in the talk did VMware mention actually placing production machines within VMware vCloud Express, just those systems that needed a lower SLA and security stance.
However, how will these virtual machines you have moved to the cloud be managed, how will you access said management interface? Is there any look into the vCloud Express for auditing and other security features? How will forensics be handled? There are many questions to ask your VMware vCloud Express vendor.
However, I must caution anyone wanting to use vCloud Express as a way of offsetting your operational costs. The main concern I have is that most people who have development machines test using real customer and critical data, not something that is made up. So by placing a testing box within the cloud, you may also be placing your critical data within the cloud. Data that actually requires a higher security stance than possibly offered by the cloud provider. Given this, the security of such data will fall upon the developers unless the cloud provider has the ability to provide auditable security such that company A can never access or impact company B’s virtual machines.
Recently, Catbird, Reflex Systems, and Altor Networks have announced or have worked with cloud providers to provide such security, compliance, and audit-ability. Hopefully, these trends will continue and that the cloud providers will ensure that users of the cloud can audit their own systems. Even so, companies making use of the cloud should look into disk and data at rest and in motion encryption techniques to protect from inadvertent issues that could happen within the cloud.
In addition, New Relic RPM is an application performance management solution for Ruby-On-Rails and Java applications that is delivered on a subscription SaaS basis – making it just as easy to buy and deploy within VMware vCloud Express.
The vCloud is here, however if you are an SMB and you want to use it, you need to pay close attention to Service Level Agreements and the ability to audit your workloads for performance and security issues. If your cloud provider has this functionality and makes it available to users then you are golden, else you may just want to rely on solid encryption mechanisms.
Share this Article:
Latest posts by Edward Haletky (see all)
- Common Product Security Questions - November 23, 2016
- Sorry Support: Not Getting My Data - November 18, 2016
- Moving to the Future: Strategies for Handling Data Scale - November 14, 2016