Some interesting news about VMWare was made public on Sunday 26th August – the day before VMWorld – that VMware joins OpenStack. This appears to be driven largely by the acquisition of Nicira – and the role that Nicira currently plays in the implementation of virtual networking in OpenStack.
The vSphere 5.1 enhancements are more designed to better fit vSphere into the vCloud Suite as well as move the bar further on virtualizable workloads. vSphere 5.1 allows the virtualization of high performance graphics, real-time, HPC, and big data workloads.
While looking around the web for anything new with virtualization, I kept seeing more and more posts and articles about the new type of virtual hypervisor. Type 0, now this sounds interesting and I found these definitions for each type of hypervisor.
The drive to virtualize business critical workloads is going to require more vSphere licenses. Shifting low hanging fruit workloads to Hyper-V may free up licenses. But it creates a cross-hypervisor management problem that could erode all of the savings from Hyper-V licensing. This puts a premium on cross-hypervisor management solutions.
The 5/31 Virtualization Security Podcast we spoke to High Cloud Security about encryption as a defense in depth, and where to place encryption within the virtual environment. This lead to an intriguing discussion about what is actually missing from current virtual environments when it comes to encryption. We can encrypt within each VM and we can encrypt within the networking fabric, as well as within the drives themselves, but currently that leaves several vulnerabilities and unencrypted locations that can be used as attack points. While we concentrated on vSphere, what we are discussing applies equally to all hypervisors.
Many of the virtualization security people I have talked to are waiting patiently for the next drop of leaked VMware hypervisor code. But the real question in many a mind is whether or not this changes the the threat landscape and raises the risk unacceptably. So let’s look at the current hypervisor threat landscape within the virtual environment to determine if this is the case, and where such source code will impact. Are there any steps one can take now before the code drop is complete to better secure your environment?