As a delegate for Tech Field Day 6 in Boston, I was introduced to many third party management tools. In the past I have been given briefings as well on various VMware, Hyper-V, and Citrix Xen Management Tools as well. Many of these tools are marketed directly for use by the administrator, but they have the tools can be used by more than the administrator. These tools should be marketed to management, administrators, as well as the network operations center (NOC). The NOC you say, why should they see the details of my environment? The NOC should not, but they should be able to tell when systems are in failure states outside of the hardware. Only a few tools can be used this way today. The sooner administrators get the word of a problem the sooner it can be fixed. The NOC is the one place that centralizes all monitoring whether it is for security or health of your virtual and cloud environments.
Articles Tagged with Reflex Systems
My conference schedule kept pace with the changes in the virtualization security ecosystem throughout the year. What are those changes?
- Auditors were educated at an ISACA event in Florida about the intrinsic security of most modern Type-1 hypervisors. Through out the year we saw auditors educated and becoming more involved in virtualization and cloud security. The advent of CloudAudit and the ISACA and other educational events surrounding virtualization have increased through out the year.
For an IT department these are perilous times indeed. All around you public cloud vendors are offering IT services on an easy to procure, elastic and often inexpensive basis. Many of the developers in your organization may have already concluded that getting resources provisioned for development and test projects is easier at Amazon.com than it is through your internally offered processes. If you are aware that this is happening you can console yourself by saying, “it is only development – not production”, but you should wonder what should you do to make sure that those workloads come back when they do go into production.
Christofer Hoff (@Beaker) and I had a short discussion on twitter the other day about the VMware Cloud Director (vCD) security guidance. We both felt it was a bit lite and missed the point of Secure Multi Tenancy. However, I feel even more strongly that people will implement what is in the vCD Guidance, vBlock Security Guidance, and the vSphere Hardening Guidance, and in effect have a completely insecure cloud. These three guides look at the problem as if they were singular entities and not as a whole.
This realization tied to Chad Sakac’s recent discussion on the 9/22 VMware Communities podcast leads me to believe that ‘good enough’ is no longer ‘good enough’ from a security perspective. Chad discussed that there need only be the vCloud Director administrator and the vSphere administrator to do the daily heavy lifting. That there would no longer be the need for a security, network, storage, and system specific administrators. In other words, OPEX savings.
Virtualization Security was one of the BIG Deals at VMworld with several announcements:
- VMware vShield Edge, App, and End Point
- Trend Micro will have the first product making use of vShield End Point
- Cisco Virtual Security Gateway (VSG)
- HyTrust and their growing list of technology partners
But the biggest news is that Virtualization Security is finally on the radar of most if not all C-level as it is now seen as the gate to entering the cloud. But before we can solve the cloud security issue we have to solve the virtualization security issues. VMware’s announcement has the most impact on the virtualization security ecosystem. At once they are competing head-to-head with some vendors while providing a platform to use for other vendors.
Nearly everyone I talked to at VMworld was buzzing in some form about Virtualization Security. Everyone has picked up on the pre-show and show buzz from VMware, Trend Micro, HyTrust, and every other security vendor. There have been announcements about security, keynote sessions that include security, and more than a few sessions about security.
This is also arguably the first VMworld where there are a large number of Virtualization Security sessions and panels have not been entirely from VMware. I find involving the industry as they have at VMworld moves forward the entire virtualization security ecosystem.