My conference schedule kept pace with the changes in the virtualization security ecosystem through out the year. What are those changes? This is the end of year review of the virtualization security ecosystem.
MokeFive Suite is an enterprise desktop management platform that is used to create and administer layered virtual desktop images called ‘LivePCs’ which execute as guests on a type II hypervisor. LivePC images are authored using the MokaFive Creator which also serves as a test platform to simulate and end-users experience. LivePC images can be stored on centralized or distributed file stores. MokaFive also provides support for Amazon S3 storage, which can be of significant value in managing highly distributed environments, or run directly off USB flash drives. MokaFive LivePCs are effectively hypervisor agnostic; support is currently available for VMware’s free Player and the open source Virtual Box. Beta support for Parallels Workstation is new in MokaFive Suite 3.0, and MokaFive’s own bare metal platform will be shipping in Q1 2011.
When we talk about Cloud Security, the main concept is to separate, as an example, Coke from Pepsi. This implies that Tenant’s cannot impact the availability of each others data, the integrity of that data, and the confidentiality of that data. But what does this actually mean? Does this apply to all types of clouds in the same way?
There are three types of cloud families: Private, Hybrid, Public. There are at least 3 types of clouds: SaaS, PaaS, and IaaS. Do the same rules for one cloud family work for all cloud families? as well as for the types of clouds?
I believe the answer is yes.
Christofer Hoff (@Beaker) and I had a short discussion on twitter the other day about the VMware Cloud Director (vCD) security guidance. We both felt it was a bit lite and missed the point of Secure Multi Tenancy. However, I feel even more strongly that people will implement what is in the vCD Guidance, vBlock Security Guidance, and the vSphere Hardening Guidance, and in effect have a completely insecure cloud. These three guides look at the problem as if they were singular entities and not as a whole.
The Wall Street Journal had an interesting article on the United States General Services Administration has approved the acquisition of some cloud services for use by the Federal Government including many of the Google Apps such as Gmail, Google Docs, etc. Since these services are for sale as well as freely available this sounds more like an admission that they can be used. Will other governments follow suit? But should they be used? That is really the question.
There are two sides to any government, the classified and the unclassified. These are general terms that quantify how the government can use services. While all services require quite a bit of security, classified utilization requires even more, in many cases what most would consider to be “uber-security” requirements. The types of requirements that impact usability in some way. Can these tools provide adequate security?
The Virtualization Security Podcast on 7/22 was all about the news of the week with our panelists discussing how this news affects everyone and anyone with respect to Virtualization Security. The news discussed:
* NIST Released their Guide to Security for Full Virtualization Technologies (Draft)
* There is a Security issue with VMware vSphere 4.1
* VMware discussed the new vShield Zones Edge and vShield App products
* HyTrust and Catbird announced a cooperative effort