At VMworld 2011, VMware presented a chart that showed their progress in terms of virtualizing various workloads in their own customer base. The chart (shown below) demonstrated that VMware had made some really good progress with some really hard workloads, and mostly excellent progress with easy workloads (low hanging fruit). The interesting question is what is the best way to proceed from here on out.
Articles Tagged with vSphere
The 5/31 Virtualization Security Podcast we spoke to High Cloud Security about encryption as a defense in depth, and where to place encryption within the virtual environment. This lead to an intriguing discussion about what is actually missing from current virtual environments when it comes to encryption. We can encrypt within each VM and we can encrypt within the networking fabric, as well as within the drives themselves, but currently that leaves several vulnerabilities and unencrypted locations that can be used as attack points. While we concentrated on vSphere, what we are discussing applies equally to all hypervisors.
Many of the virtualization security people I have talked to are waiting patiently for the next drop of leaked VMware hypervisor code. But the real question in many a mind is whether or not this changes the the threat landscape and raises the risk unacceptably. So let’s look at the current hypervisor threat landscape within the virtual environment to determine if this is the case, and where such source code will impact. Are there any steps one can take now before the code drop is complete to better secure your environment?
Since the start of the Windows 8 Public Beta, there has been a great deal of discussions and comparisons galore. There have been points made that Microsoft Hyper-V will be good enough to draw good consideration in companies looking to the future. For me personally, feature comparison was not my first consideration. One measurement that I consider is the eco-structure of the technology, or in other words, how large is the 3rd party partners and products supporting both the technologies?
When we look for patterns from the past, sometimes we can really get a good idea of what the future might entail. If you take a look at the way VMware has rolled out licensing changes during each of the major releases you can see a pattern and get an idea of what the future may bestow upon us. When Virtual Center was first released, vMotion and vSMP were licensed separately from Virtual Center as an add-on for Virtual Center.
The 3/22 Virtualization Security Podcast brought to light the capabilities of Symantec Critical System Protection (CSP) software. This software successfully implements a manageable version of mandatory access control policies based on role-based and multi-level security functionality within the virtual environment, more specifically on those systems that are critical to the well being and health of your virtual and cloud environments such as all your management and control-plane tools (VMware vCenter, Microsoft SCVVM, XenConsole, etc.). In addition, Symantec CSP will monitor your virtualization hosts for common security issues. This in itself is great news but why are we just hearing about this now? Is this a replacement for other security tools?