VMworld US 2015 wrapped up yesterday with an abbreviated day of hands-on labs and breakout sessions, many of which were repeats of popular sessions from earlier in the week. The vendor showcase is closed on the last day of VMworld, and the mood is that of a ghost town, with many folks having flown out or using the last day to see some of San Francisco. Regardless, with many people gone, it is an ideal time to do Hands-on Labs without waiting in line.
Security focuses on end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds, the SDDC, and the secure hybrid cloud. Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)
As part of Security, we follow the user through the virtual and cloud stacks until they reach the application they wish to use for retrieving the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application, while maintaining strict control of management interfaces. As such, we explore all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.
Welcome to The Virtualization Practice’s week-long coverage of VMworld US 2015. Tune in all week for our daily recap of the major announcements and highlights from the world’s premier virtualization and cloud conference.
VMworld US 2015 continued yesterday, kicked off by the general session. End-User Computing’s Sanjay Poonen led the keynote, in which VMware fleshed out what it means by “any application and any device” within the “Ready for Any” theme of the conference. Beginning with the VMware Workspace Suite, VMware talked at length about the growth of mobile computing and how AirWatch, together with VMware App Volumes, enables IT to manage all Windows 10 devices (physical and virtual, mobile or not), as well as iOS and Android devices, from a single pane of glass. Foreshadowing the next speaker, Poonen wrapped up his portion by talking about the synergies between AirWatch, Horizon, and NSX, with policy settings in NSX affecting and being affected by AirWatch connectivity and data access.
Android devices recently suffered a spate of attacks. Similar attacks have been made against Apple devices and nearly every other brand of smart device. Does this mean that this is the end of Android or of mobile devices? Or does this mark the rise of mobile device management (MDM) and other software specifically designed to secure end user computing (EUC) devices? EUC security has two failure points: the handheld device and further in the network. But does an insecure device imply loss of data? Perhaps. Loss of credentials? Once more, perhaps. But do we really care? That is not known. So, let us look at a typical use case.
As companies embrace the DevOps movement, they rely heavily on automation to improve the time to market for new features and services. DevOps is a long, never-ending journey with a goal of continuously improving the software delivery process, resulting in better products and services and, ultimately, happier customers. At the beginning of their DevOps journies, many companies focus on continuous integration (CI), in which they automate the build process. Automated testing is implemented so that builds will fail if any changes fail the baseline tests. The idea here is to never move bugs forward, catching them early in the process.
I have spoken and written quite a bit on the delegate user problem facing cloud and virtual environments. It is a growing problem, as we delegate actions from logged-in users to service accounts to implement changes on our systems. Any system, for example, that proxies administrative requests suffers from the delegate user problem. In essence, when we go to determine who did what, when, where, and how, forensics leads us to a delegate user or service account. We do not know beyond a shadow of a doubt who the user really was. We can correlate multiple log files, and based on time we may be able to come up with a set of users who could have done the deed. However, unless only one user was involved, we just end up with a set of users. Those sets of users, themselves, can be other service accounts—other delegate users, abstracting the real user.
I recently had a number of consulting conversations about IT transformation and adding new Security as a Service products to companies’ existing clouds and tenancies. This is the beginning of IT transformation in many cases. A company has realized it needs to provide security to its tenants while using clouds more securely at the same time. This is a hybrid cloud. The company provides a cloud, yet uses tools from Box, Salesforce, Google, Microsoft, and the like. So, where do we start with IT transformation? With architecture that includes security.