Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device. (Read More)

We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

News: Splunk Releases Splunk App for VMware – More than just Logs

SplunkAppsToday, Splunk has announced the general availability of the Splunk App for VMware. Splunk and Cloudshare have also announced that they will be presenting a session at VMworld, “How a Cloud Computing Provider Reached the Holy Grail of Visibility” which will take place Wednesday, Aug. 29 from 4 – 5 p.m. (PT).  This session will highlight one of the key new features of the new Spunk App for VMware – the ability to collect cross tier and cross silo data, and demonstrates an important shift in Splunk’s strategy.

The Old Splunk – Log Analysis

Splunk made its name by popularizing and making easily accessible analysis of logs from a variety of sources. By indexing those logs on the basis of their time stamp and other identifiable information, it was possible to turn these logs into rich sources of analysis for system and application behavior. Splunk built out this log analysis strategy by building collectors for an astonishing variety of log sources (see the diagram below).

Hundreds of Splunk Apps offering solutions to easily harness machine data across your IT stack (click on image to zoom in)

The New Splunk App for VMware – Physical and Virtual Operations Management

The Spunk App for VMware is significant not only in that it collects log data from vSphere. It is significant in several other respects as well:

  • The Spunk App for VMware does not collect its data in 5 minute intervals from the vCenter API’s as do many other Operations Management products in the VMware environment. The Spunk App for VMware collects its data directly from each vSphere host on 20 second intervals. This means that the Spunk App for VMware gets the exact same raw data that vCenter gets, and the exact interval that vCenter gets it. The only other vendor that operate at this level of data granularity and frequency is Reflex Systems.
  • The Splunk App for VMware collects more than just the log data from the vSphere hosts. It collects all of the normal resource utilization data that vCenter collects (and passes along to vCenter Operations) as well.

Harnessing VMware data for troubleshooting, analytics and virtualization intelligence using Splunk App for VMware (click image to zoom)

Since the Spunk App for VMware is simply an addition to the existing set of data collectors for Splunk, it is useful to look at the picture in its totality. If we combine the data the Splunk can get from the physical infrastructure (and from non-virtualized physical systems) with the data from the virtualization layer (vSphere), and from many applications layer products as well (WebSphere), Splunk is now arguably in the position of having one of the richest depositories of operational data around.

This fact was probably not lost on VMware, who has seen this coming for a long time, and who reacted last week by acquiring the product assets and team for Log Insight from Pattern Insight. This means that we should probably expect log data from Log Insight to become a feature of a future release of vCenter Operations.

The New Bar in Operations Management

These actions by both Splunk and VMware raise the bar in operations management. The diversity of data collected is increasing rapidly. The frequency with which it is being collected in increasing rapidly. Splunk will hang its hat on being able to use its analytics to automate the interpretation of this stream of diverse data for its customers. VMware will likely rely upon the self-learning analytics in vCenter Operations to do the same. The ecosystem will be forced to partner up or acquire adjacent capabilities to compete in what is rapidly becoming an Operations Management Suite game.


The new Splunk App for VMware adds a significant new capability to the Splunk offerings, opens a new Operations Management frontier for Splunk and creates a new standard for functionality in the Operations Management space.

Defense in Depth: Intelligence Gathering

CloudComputingIntelligence gathering is an oft overlooked aspect of system and data defense in depth. On the 7/12 Virtualization Security podcast we discussed new and old sources of such intelligence. We were joined by Urvish Vashi, VP of marketing, Alert Logic. Alert Logic has updated their report on cloud based security attacks. Add to this the yearly Verizon Breach and other reports, and we start to have a good handle on intelligence of past and possibly future attacks. Continue reading Defense in Depth: Intelligence Gathering

Software Defined Security: Is it Achievable?

VirtualizationSecurityCloud based security is about securing the data, yet compliance requirements are often about securing the environment, such as PCI’s requirement for web application firewalls, which protect web servers and perhaps applications and imply protection of data.  But they do not directly protect data. How can a Software Defined Data Center implement a form of Software Defined Security automatically to meet not only compliance requirements, but security around a particular mote of data? Continue reading Software Defined Security: Is it Achievable?

VMware’s Heterogeneous Virtualization Management Strategy

VirtualizationManagementIconFor quite a number of years, VMware has made it very clear that it views virtualization not only as a technology that provides significant benefits to data centers, but also a technology that disrupts the existing virtualization management solutions, and opens an opportunity for new management solutions to be offered and adopted by enterprises. VMware has also made it clear that it intends to capitalize upon this opportunity by fielding a family of strong products in the Virtualization Management area. Continue reading VMware’s Heterogeneous Virtualization Management Strategy

Is the Software Defined Data Center the Future?

ITasaServiceVMware purchased Nicira, backed the Openflow Community, and is now touting software defined data centers (SDDC).  But what is a software defined datacenter? Is it just virtualization or cloud with a software defined network? Or is it something more than that? Given heavy automation and scripting of most clouds, do we not already have SDDC? If not where are we going with this concept? What does SDN add to the mix? Continue reading Is the Software Defined Data Center the Future?

Defense in Depth: Know Your Attack Surfaces

VirtualizationSecurityThe 6/28 Virtualization Security Podcast we spoke about attacks, defense in depth, and compliance with Davi Ottenhiemer and Matt Wallace. Davi and Matt just published a book (available on the Virtualization Bookshelf under Security) on how to defend your virtual environment against attack. Unlike other books, this approaches the problem from the point of view of well know attacks. It even gives examples of some of the more interesting attacks against any of the virtual environments, not just VMware vSphere. The discussion eventually found its way to even newer attacks and their impact on the environment. Continue reading Defense in Depth: Know Your Attack Surfaces