The 3/22 Virtualization Security Podcast brought to light the capabilities of Symantec Critical System Protection (CSP) software. This software successfully implements a manageable version of mandatory access control policies based on role-based and multi-level security functionality within the virtual environment. More specifically on those systems that are critical to the well being and health of your virtual and cloud environments such as all your management and control-plane tools (VMware vCenter, Microsoft SCVVM, XenConsole, etc.). In addition, Symantec CSP will monitor your virtualization hosts for common security issues. This in itself is great news but why are we just hearing about this now? Is this a replacement for other security tools?
One of the areas where VMware vSphere has had a large advantage over Microsoft Hyper-V has been in the architecture and capabilities of the VMware vSphere Virtual Switch. The most important of these capabilities has been the ability to designate one or more ports on the switch as promiscuous or mirror ports. These ports make a read only copy of all of the data flowing through the switch available to whatever virtual machine is sitting on that port. This is an essential capability for many security products and also performance management solutions like those from ExtraHop Networks that rely upon deep packet inspection to work.
Microsoft Windows Server 8 Beta has been open to the public and there is one feature that really caught my eye. With Windows Server 8 you can now have basic PowerShell console over HTTPS with Microsoft Windows PowerShell Web Access (PSWA). Think about the possibilities with that. You get an email that there is an issue and you could start PWSA on your phone, or other device, and resolve the problem or request.
Should software licensing be completely based off of the hardware MAC address of the NIC and or UUID of the mother board? This process worked very well before the introduction of virtualization but now that virtualization has become more prevalent in most environments. I think software venders really need to reconsider how they are going to license their software although it seems that some companies have not bought on to the idea of virtualization and would prefer to continue to support their product type to a specific hardware platform that the vender put together and shipped out. Can software venders hope to survive and remain current without embracing virtualization? I think the answer to that question is going to be no in the long run.
For a good portion of the time I have been working in the virtualization space, there has been plenty of hype about how it is just a matter of time before Microsoft “leapfrogs” ahead of VMware in the area of virtualization and with the massive upgraded version of Hyper-V 3.0 that will ship with Windows Server 8, there is thought that Microsoft might just pull off that upset. So in classic Microsoft style, let’s take a look and compare VMware today (ESX/vSphere5) with what Microsoft will have with Hyper-V 3.0 sometime possibly in the “Fall” of 2012.
I mentioned in my last post that I have started the process of preparing for my VCP5 exam that I need to have finished by the end of February. While I was watching the Trainsignal training video about installing and configuring vCenter, I got to thinking about how much vCenter had changed and matured over the years. Let’s start with a look at where vCenter started and where it is today.