The software defined data center has the potential to expand the control plane well outside of anyone’s control by the simple fact that we do not yet have a unified control mechanism for disparate hardware (networking, storage, and compute), for disparate hypervisors (vSphere, KVM, Xen, Hyper-V), new types of hypervisors (storage and networking), and new ideas at managing SDDC at scale. These all end up on the control plane of a software defined data center. In addition, we cross multiple trust zones while in that control plane such as going from user controlled portals to hypervisor management constructs. Add to this the ever increasing number of APIs and we have a very hard to secure environment. Continue reading SDDC and the Ever Expanding Control Plane
Security is not compliance and compliance will not get you security. At least that is what I hear from security teams. Conversations with security focal team members from non-security focal people can be quite interesting and has its unique challenges and hurtles to overcome. You can find yourself speaking the same language but not fully understanding each other very well at all. One topic point of discussion is that “security is not compliance and compliance will not get you security.” Or does it? Continue reading Security is not compliance and compliance will not get you security. Or does it?
End User Computing security seems to be in the hands of the users not actually the IT Security department. At least not yet. So what can we do about this? IT security can be draconian and not allow EUC devices into the office, but the users will be up in arms. They use their smart phones, tablets, laptops, and services on their desktops to get their job done. Draconian IT security measures will hamper timely completion of critical projects, deals, and workplace moral, thereby impacting the bottom line. However, the bottom line will be impacted just as heavily by the lack of security by the end user devices. So how can we alleviate this problem? Continue reading Training and More Training for EUC Security
The 3/21 Virtualization Security podcast featured @MrsYisWhy who is a recovering Unix engineer most recently assigned to the network security team of financial services provider. She also hosts a podcast called Healthy Paranoia, a security feed of Packet Pushers. I asked @MrsYisWhy to join the podcast as she is from the other side of the world from virtualization and cloud security folks and has quite a different view. The rent we saw being sewn up is now a vast divide as we jump feet first into Cloud deployments, virtualization business critical workloads, and generally using more and more virtualization and cloud in our daily lives. Continue reading The Growing Divide between Security and Virtualization (Cloud)
Just entered my mailbox, there is a new rev of the vSphere 5.1 hardening guide which was spoken about on the last Virtualization Security Podcast. This version of the hardening guide adds a much needed new feature: Profiles. Profiles define the level of security requirements based on small and medium business, enterprises, and government agencies. There is a public review for the guide over the next two weeks, so if you want to comment or read the latest draft of the vSphere hardening guide please visit http://communities.vmware.com/docs/DOC-22783. Continue reading News: Public Comment for VMware Hardening Guide
VMware has added some significant meat to the bones of its Software Defined Data Center Strategy with the announcement of the VMware NSX Network Virtualization Platform. NSX represents the combination of the previous VMware network virtualization technology (VXLAN) with the technology that came from the acquisition of Nicira. Continue reading VMware Fleshes Out SDN Strategy with NSX