As of this writing just a few of the regulatory compliance groups are working to encompass Virtualization. However, they are not close to anything publishable yet. What does this mean for companies that must enforce regulatory compliance? What does this mean to an auditor? The big question many are asking, is if the Compliance documents to which they must adhere do not mention virtualization, are they compliant when they virtualize? Currently whether you get down checked or not during an audit depends entirely on the auditor’s interpretation of the current non-specific guidelines. In most case its negative as there is no guidance from the compliance groups with regards to virtualization. There are also virtualization security products out there that try to enforce and report upon current compliance guides with respect to virtualization.
One such product is Catbird vCompliance, and it does a great job with the major assumption that virtualization does not matter so much as following the compliance guidelines as if the virtual machine was a physical machine. This is definitely one approach. Yet could still run afoul the auditor that interprets the guidelines differently. Continue reading Regulatory Compliance, Slowly Catching up with Virtualization
While at VMworld I was suddenly hit with a blast of heat generated by the 40,000 VMs running within the VMworld Datacenter of 150 Cisco UCS blades or so. This got me thinking about how would VMsafe fit into this environment and therefore about real virtualization security within the massive quantity of virtual machines possible within a multi-tenant cloud environment. If you use VMsafe within this environment there would be at least 40,000 VMsafe firewalls. If it was expanded to the full load of virtual NICs possible per VM there could be upwards of 400,000 virtual firewalls possible! At this point my head started to spin! I asked this same question on the Virtualization Security Podcast, which I host, and the panel was equally impressed with the numbers. So what is the solution? Continue reading 40,000 Firewalls! Help Please!?
With the advent of existing VMsafe products from Altor Networks, Reflex Systems, and ones on the horizon from Trend Micro and others in the security space, all administrators should have a clear understanding of how they work under the covers. Where does VMsafe appear within the stack? Is VMsafe on the incoming physical NICs, within the vSwitch, portgroups, or before or after the vNIC? Can we expect the other aspects of VMsafe to be the same? While I was discussing VMsafe with the vendors, VMware was also going around and talking to all the VMsafe vendors for VMware TV shots.
Continue reading VMsafe – Vendor Implementations at VMworld
Reflex Systems announced today that they have the first VMware VMsafe Certification for their Reflex VMC product. This announcement brings two things to light. The first is that VMware has made a very smart move to certify VMsafe drivers for their hypervisor, which is a much needed step I have written about previously. The second is that Reflex Systems has been working through the process with VMware and working out the bugs in the process as well. This will help other vendors and VMware. Kudos to Reflex Systems!
But what does being VMsafe Certfied imply? Continue reading Reflex VMC — The First VMsafe Certification
The biggest question I ask myself when I see VMsafe appliances is: will it replace my current virtual firewall setup? Replace my Anti-virus? or Both? I am seeing a trend that gives me pause. That is a VMsafe appliance being more than one thing. For example, Trend Micro is an Anti-Virus company that bought Third Brigade (a firewall company) and are now in the mix of merging the two technologies into one. What has happened to one tool that does one thing and does that one thing very well? Continue reading VMsafe Firewalls, Are They Real Firewalls or Something More?
There are two methods in which VMware VMsafe that can be used: those are fastpath and slowpath. Fastpath entails using just a driver to interact with the VMsafe API and hence the vmkernel. Slowpath is the use of a fastpath driver AND a virtual appliance to do the heavy lifting.
The use of VMware VMsafe enabled third party products introduces third party fastpath drivers into your hypervisor. What these drivers ultimately do is interact with the VMsafe fastpath API, but is that ALL they do? That is why we need some level of certification for VMsafe fast path drivers. We need to KNOW that they do not do anything wrong, bad, or unfortunate. Continue reading Updated: There is a Need for VMsafe Certification from VMware