VMware just released details about the latest version of NSX—6.2.2. What is interesting about this release is that it is the first that is split into tiers. The release pages are full featured, and although pricing doesn’t appear to be available yet on the website, hopefully this will be a fully public release that doesn’t require jumping through hoops to get. Since VMware acquired Nicira in 2012, the NSX product has been a bit of a dark horse, kept well stabled and not allowed out to run free. The product has been available only to selected customers and partners, presumably with high-volume sales that will support a large amount of VMware employee time in each deployment.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
In the industry, OpenStack is seen as very hard to implement. Considering this, I began to think that most people who deploy OpenStack try to bite off too a large chunk of OpenStack at one go, to implement it all instead of just what they need. OpenStack is a cloud management platform, not the hypervisor, so perhaps we can take some lessons from how we installed VMware products when we just started out. We still implement things using the same patterns for vSphere. We should revisit OpenStack with this history in mind.
As we move through the year, there are often monthly and quarterly upgrade cycles to our virtual and cloud environments. These are caused by security issues, natural upgrades to hardware, software, or even application updates. Application updates are now continuous, using continuous integration and deployment strategies, while hardware and other upgrades come more slowly. Cloud upgrades can be incredibly impactful, as all subsystems need to be restarted. Yet, there is a cycle to this. There is need to control what is happening, and a need to not break compliance, security, data protection, or other policies.
Every day, IT professionals live and breathe applications, yet our focus for operational tools is a single container, virtual machine, database, etc. How do these items map to the application in use? Even the monolithic-looking applications of yesterday were actually made up of services. Those services will be reborn as microservices within the applications of tomorrow. How do we make this transition? Is it possible with a container as a service model? Or should we scratch the past and start over?
This is a continuation of my Security in Our Modern Times series, which can be found here and here. The story of the San Bernardino iPhone has gotten to the point where you just cannot make this stuff up. Let me give you a Reader’s Digest–type review of the story and then offer my opinion on the latest twist.
With the myriad cases of cyber-theft and security breaches that headline the news every day, it’s no wonder that system improvements are taking a back seat to security items within most IT organizations. While many vendors highlight new products or features as being better, cheaper, and/or faster, those items are having limited success compared to those that address being secure.