The problem is that not everything is as black and white as security folks desire. If we implement performance and other management tools, we often need to expose part of our all important virtualization management network to others. But how do we do this safely, securely, with minimal impact to usability? Why do we need to this is also another question. You just have to take one look at the Virtualization ASsessment TOolkit (Vasto) to realize the importance of this security requirement. But the question still exists, how do you implement other necessary tools within your virtual environment without impacting usability?
VMware released 3 versions of vCenter Operations, standard, advanced, Enterprise. We have already discussed the abilities of vCenter Operations vCenter Operations – vSphere Performance, Capacity and Configuration Management with Self Learning Analytics but is this an integrated and secure implementation of monitoring or do we need more security than what is provided?
At the time the first article was written there was a bit of vital information we did not have available to us. That is how to access vCenter Operations Standard or Advanced in a multi-tenant manner, that has now been provided. vCenter Operations Alive functionality can be accessed directly from a web browser using your VMware vCenter Credentials, which allows you to see the Alive status of any VM you have the permissions to view. This capability is a huge capability, as it now allows me to provide a non-vSphere Client mechanism to view the status of the virtual environment.
This years Innovation Sandbox at RSA Conference was won by a little know company to virtualization and cloud security vendors, its name is Invincea. However, it makes use of virtualization to aid in security. This years finalists once more included HyTrust for the inclusion of what appears to be complete UCS support within the HyTrust Appliance, Symplified which provides a unified identity within a cloud, CipherCloud which encrypts bits of your data before uploading, but not enough encryption to mess with sort and other algorithms. Plus other non-cloud like products: Entersect (non-repudiation in the form of PKI), Gazzang (MySQL Encryption), Incapsula (collaborative security to browsers), Pawaa (embed security metadata with files), Quaresso (secure browsing without browser/OS mods), and Silver Tail (mitigation).
Sooner or later that perfect landscape of white is marred by new mounds of snow and clear-cut paths through it to the various locations on the property. When you look at these paths and the snow is high enough, they look like tunnels. The large tunnels (driveway) meet smaller and smaller ones. The perfect landscape of snow is now marred. This is just how a firewall looks when you put holes in it to let through various services. The more services, the more tunnels and paths will be cut. When speaking about the cloud or virtual environments, the increase in paths and entry points becomes a serious issue.
It is the last few days of the year and time for a review of virtualization 2010. Although VMware was founded in 1998 it was not until 2001 that I first heard of VMware and played with the workstation product to be able to run different flavors of Linux. So for me, 2010 closes out a great year in virtualization as a whole as well as a decade of virtualization and what a ride it has been.
My conference schedule kept pace with the changes in the virtualization security ecosystem through out the year. What are those changes? This is the end of year review of the virtualization security ecosystem.