VMware vCenter 5.1 implemented a new security feature, Single Sign-On (SSO), that uses the Security Assertion Markup Language (SAML) to exchange security tokens. This combats an extremely well-known and prevalent attack within the virtualization management trust zones: SSL Man-in-the-Middle (MiTM) attacks. However, vCenter still supports the old SSL methods as well to maintain backwards compatibility and to allow management when SSO is not in use. Does this new feature change how we look at virtualization and cloud management security best practices? Is it a launch point for implementing other authentication techniques? Continue reading SAML to the Rescue: vCenter Single Sign On
Is it possible to use a cloud framework to better secure your datacenter? Do cloud technologies provide a secure framework for building more than just clouds? We all know that virtualization is a building block to the cloud, but there may be a way to use cloud frameworks to first secure your datacenter before you launch a private, public, or hybrid cloud. In essence, we can use tools like vCloud Director to provide a more secure environment that properly segregates trust zones from one another while allowing specific accesses.
A typo report on twitter has lead me to a set of thoughts with respect to data. Where are your Datasores? What is a datasore? Unlike a Data Store which holds data, a datasore is a place where data becomes either painful to manage or protect. Or where the data exceeds your capability to handle it. A data sore should never happen, but with the explosion of data being moved, protected, managed, and mined we have exceeded certain limits of our existing set of tools. How do we find data sores and alleviate them? Does alleviating them require us to re-architect our entire data usage and storage mechanisms? Continue reading Datasores: Where are yours?
Symantec and others are providing more products that fill the gaps in current End-to-End Hybrid Cloud and Application Security. These solutions range to improved log analysis through multi-layer security for critical systems. If these solutions are rolled out would we finally have secure environments? But first what are the products that have come to light? Should we be focusing on the App more? Continue reading Filling the Gaps: Focus on Application Security
The 3/22 Virtualization Security Podcast brought to light the capabilities of Symantec Critical System Protection (CSP) software. This software successfully implements a manageable version of mandatory access control policies based on role-based and multi-level security functionality within the virtual environment, more specifically on those systems that are critical to the well being and health of your virtual and cloud environments such as all your management and control-plane tools (VMware vCenter, Microsoft SCVVM, XenConsole, etc.). In addition, Symantec CSP will monitor your virtualization hosts for common security issues. This in itself is great news but why are we just hearing about this now? Is this a replacement for other security tools? Continue reading Improving Virtualization and Cloud Management Security with Symantec CSP
While participating in the GestaltIT Virtualization Field Day #2, I was asking Symantec about Application Aware Backups. In other words, could one backup an entire application, regardless of how the application was defined. This concept goes hand in hand with Application Aware Security measures. We can always backup VMs and their data to remote locations, but can we backup or maintain the application interactions within a multi-VM Application regardless of how it is defined. Continue reading Application Aware Virtualization Backup