This post is a little indulgent. Ever since our first ever post in May of 2009, our equivalent of a “Hello World,” we have been privileged to have many companies as sponsors. It is this sponsorship that allows us to do the work that we do. Continue reading A Little Bit of Nostalgia Never Hurt Anyone
With the news that EMC has bought Virtustream (to be completed near the end of the year), the cloud landscape does not change very much in the short term; however, in the long term, the EMC family has its work cut out for it to integrate all its cloud solutions. The EMC family currently has three, if not more, cloud options available to its customers from VMware, EMC, and now Virtustream, and the last is handled quite differently. This will cause some issues if people want to move between the various clouds. Those issues including billing, management, and technology.
Since the inception of the modern software industry in the mid-1980s, the management software industry has been led by the big four: IBM, BMC, HP, and CA. Due to the needs of the software-defined data center and the cloud, a new set of leaders and innovators has emerged. This post will cover the new leaders, and my next post will cover the new innovators.
There has been quite a bit written about Code Spaces and how unauthorized access to its ITaaS console granted enough permissions to delete everything out of Amazon, including backups. There are lessons here not only for tenants, but also for those vendors who create ITaaS consoles, such as VMware (vCHS, vCD, vCAC, vCenter, Orchestrator, etc.), Virtustream (xStream), OpenStack, and many others. These consoles need better controls and security so that such behavior is prevented, logged, and monitored, and the proper authorities are informed. Now, we may think this is a cloud-only attack, but we use these tools within our own environments day in and day out. For anyone using virtualization, private, or hybrid cloud consoles and automation tools, it is time to take a good long look at role-based access controls (RBAC). The steps we discussed at the end of my other lessons article still apply. Continue reading Protecting ITaaS Consoles
Recently I have had the pleasure of discussing security with a number of cloud providers. Specifically, we talked about what security they implement and how they inform their tenants of security-related issues. In other words, do they provide transparency? I have come to an early conclusion that there are two types of clouds out there: those that provide additional security measures and work with their tenants to improve security, and those who do not. On the Virtualization Security podcast we have discussed this many times, with the conclusion being drawn that many clouds do a better job at security than the average organization does, but that there is no way to know what is implemented, as there is no transparency. Continue reading A Tale of Two Clouds
I was going to write about how building a cloud is similar to moving, but the more I think about it, the more I think people are confusing an automated virtual environment with a cloud: IT as a Service is not just about cloud. Having automation does not imply your virtual environment is a cloud or visa versa. Granted, using IT as a Service is important for a cloud if you look at the NIST definition of a cloud, but it is not necessary for a cloud. Perhaps IT as a Service is just a stepping stone towards a cloud, perhaps it should start as a data center play? As company’s and vendors cloud wash all aspects of IT, as IT decision makers we need to step back and look at our data center and decide how we want to get to the cloud (if we want to get there at all). Continue reading IT as a Service: Not Just for a Cloud